Blogs

BROWSE: Most Recent | Popular Tags |

Tags > authentication

Tesla Model S REST API Authentication Flaws

By George Reese
August 27, 2013

As many of you know, APIs matter to me. I have lightbulbs that have APIs. Two months ago, I bought a car that has an API: The Tesla Model S. For the most part, people use the Tesla REST API via the iPhone and …

Phished

By Mike Loukides
September 24, 2012

Maybe I’m the last person to know this, but phishing has spread beyond email. And it’s not really pretty. Here’s the story: A few nights ago, I got a Twitter direct message (DM) from a friend saying that someone was …

Four short links: 2 September 2011

By Nat Torkington
September 2, 2011

Invisible Autoupdater: An App's Best Feature -- Gina Trapani quotes Ben Goodger on Chrome: The idea was to give people a blank window with an autoupdater. If they installed that, over time the blank window would grow into a browser. Crackpot Apocalypse -- analyzing various historical pronouncements of the value of pi, paper author concludes "When πt is 1,...

A Manhattan Project for online identity

A Manhattan Project for online identity
By Alex Howard
May 4, 2011

The U.S. government's National Strategy for Trusted Identities in Cyberspace addresses key issues around identity, privacy and security. Implementation, however, will require significant effort and innovation from the private sector.

Four short links: 16 December 2010

By Nat Torkington
December 16, 2010

On Compressing Social Networks (PDF) -- paper looking at the theory and practice of compressing social network graphs. Our main innovation here is to come up with a quick and useful method for generating an ordering on the social network nodes so that nodes with lots of common neighbors are near each other in the ordering, a property which...

Principles for Standardized REST Authentication

By George Reese
December 26, 2009

I'm tired of wasting brain cycles figuring out whether a given vendor requires you to sign your query before or after you URL encode your parameters and I am fed up with vendors who insist on using interactive user credentials to authenticate API calls. Here's a set of standards that I think should be in place for any REST authentication scheme.

The Five Laws of Implementing a Login Solution

By George Reese
May 20, 2009

Don't write your own. But whether your decide to write your own or implement a third-party solution, make sure it follows these five rules no matter what the risk profile of your application.


1 to 7 of 7
The Watering Hole