Almost forgetting about LJ
I haven't posted for ages - nothing really meaningful, anyway. I don't feel too badly about this. But i feel a sudden urge to want to make a little update.
I have had a nice week at work. We have a new tester! For months i've been the only full-time tester, and it's such a relief to have someone else there to help out. Newbie seems to be settling in well, getting to know people and the products, very intelligent and picking up things very quickly. We've had a fun week struggling with virtual machines and getting our heads around the new Windows Vista methods of storing time zone information in the registry (which completely breaks our products!).
MyChores is going well, and i am writing an API so that external programmers can link in with the database. At the moment i'm using HTTP Basic Authentication, but i had a neat idea for an authentication model ...
The main problem with this method is that the server would need to know how many characters are in the password, which it does not because it stores the password using one-way encryption. Also, if anyone is sniffing the traffic, they could presumably also find the magic string of numbers that allows them to lift the password out of the random string. Uggghhh, it's really difficult.
Today is the MayFest in Winchester, which i am very excited about. I'm going to go into town in a bit and see what's going on. It's usually a lot of fun! I'm also thinking about my friends at BiFest in London today, hope they all have a very good day.
Right now i had better do a few more chores before heading out to the MayFest.
I have had a nice week at work. We have a new tester! For months i've been the only full-time tester, and it's such a relief to have someone else there to help out. Newbie seems to be settling in well, getting to know people and the products, very intelligent and picking up things very quickly. We've had a fun week struggling with virtual machines and getting our heads around the new Windows Vista methods of storing time zone information in the registry (which completely breaks our products!).
MyChores is going well, and i am writing an API so that external programmers can link in with the database. At the moment i'm using HTTP Basic Authentication, but i had a neat idea for an authentication model ...
- Client says 'I want to authenticate as this user'
- Server responds '12,93,29,14,81,74,58,32' which means 'Please send me a random string but include the first letter of the password in the 12th position, the second letter in the 93rd position, the third letter in the 29th position ... etc'
- Client does as requested. To anyone sniffing, the string looks entirely random.
- Server reconstructs the password and verifies it. If correct the server sends the client a 'voucher' which is another random string. The voucher lasts for 60 minutes.
- Client uses this voucher with every subsequent request it makes, which allows it to authenticate against the user.
- Server informs the client when the voucher has expired, and authentication begins again.
The main problem with this method is that the server would need to know how many characters are in the password, which it does not because it stores the password using one-way encryption. Also, if anyone is sniffing the traffic, they could presumably also find the magic string of numbers that allows them to lift the password out of the random string. Uggghhh, it's really difficult.
Today is the MayFest in Winchester, which i am very excited about. I'm going to go into town in a bit and see what's going on. It's usually a lot of fun! I'm also thinking about my friends at BiFest in London today, hope they all have a very good day.
Right now i had better do a few more chores before heading out to the MayFest.