B2evo Dev Blog Personal World Issues

Developer Blog

My rambles, thoughts, and developments, for everything to do with web development

Saturday, Mar 29th, 2008

PermalinkCategories: Upcoming, Personal   English (AU)

Balupton.com | Upcoming

23 words, 53 views, 07:33:58 pm. 
 

I’ve done up the base of my new site here: http://www.balupton.com/home/

Feel free to leave any feedback you can.

Leave a commentTrackback (0)Permalink
Emailbalupton

Wednesday, Mar 05th, 2008

PermalinkCategories: Documents   English (AU)

WebCT 4.x Javscript Session Stealer Exploits

214 words, 93 views, 05:51:34 pm. 
 

WebCT 4.x Javascript Session Stealer Exploits

Software: WebCT Campus Edition 4.x (http://secunia.com/product/3280/)
Affected Version: 4.1.5.8
Discoverer: Benjamin “balupton” Lupton
Date Discovered: November 2005
Date Reported: 25/06/2007
Software Author Contacted (again) on: 20/07/2007
Date Published: 05/03/2008

Published At:
http://www.balupton.com/blogs/dev?title=webct_session_stealer_exploit
http://www.balupton.com/documents/webct_exploits.txt
http://seclists.org/fulldisclosure/2008/Mar/0051.html
http://www.securityfocus.com/bid/28107/info
http://secwatch.org/advisories/1020585/
http://secunia.com/advisories/29227/

Attack Type:
Javascript Session Stealer Exploit.

Description:
Mail & Discussion Board messages are not properly checked for javascript, allowing javascript to perform a session stealing attack (allowing the attacker to be logged in as the victim).

Tested On:
Attacks were tested fully on eCentral TAFE’s WebCT System in November 2005 (with permission of staff),
and again on Curtin University’s WebCT System in June 2006 (but this time only to see if the javascript will run).

Action Taken:
Contacted TAFE lecturers and administrators, who didn’t really care.
Contacted WestOne multiple times, but never recieved any response.
Then contacted Secunia, which would not publish as the discoverer did not own their own copy of the software in question.
Published as WebCT is being phased out, with Blackboard being the replacement.

Steps:

Read the full report here: http://www.balupton.com/documents/webct_exploits.txt

Leave a commentTrackback (0)Permalink
Emailbalupton

Saturday, Feb 16th, 2008

PermalinkCategories: Projects, Ramble, Open   English (AU)

Templating System Concepts (the evolution)

249 words, 125 views, 02:52:19 am. 
 

Templating Systems are extremely important in web development. They allow us to manage our designs to make them more usable for the user, and more efficient for developers and designers to work with.

Recent developments such as Jaxer (AJAX Server) will allow us to take this to the next evolutionary step. Refer to my previous post Jaxer, the silver bullet for more information on Jaxer and Templating.

I have published a “report” that I have been working on the past few weeks, that details and provides examples of the evolutionary steps of templating systems.

Here are the levels that are included in the report:
Level 0 - Static
Level 1 - Includes
Level 1 - Conditional
Level 2 - Shortcuts
Level 3 - Population
Level 4.0 - Separation
Level 4.1 - Separation (Defaults)
Level 4.2 - Separation (Mixture)
Level 5 - Dedicated Solutions (Templating Engine)
Level 6 - Client Side Templating (Not Fully Functional)
Level 7 - Dual Side Templating (Separate Installations) (Not Fully Functional)
Level 8 - Dual Side Templating (Single Installation) (Not Fully Functional)

Templating Engines Used:
Smarty and JSmarty.

To view and download the report visit here:
http://www.balupton.com/sandbox/templates/

Thanks.

Note (16/02/2008):
Unfortunately, JSmarty is still not in a position to be usable, hence the “Not Fully Functional” notices. Hopefully this project will gain more attention and reach that stage. But for the purpose of showing a concept, it still works well.

Update (17/02/2008):
I decided to make my own javascript smarty template engine, you can check it out it’s progress here:
Balupton’s jQuery Smarty Plugin

Leave a commentTrackback (0)Permalink
Emailbalupton

Tuesday, Feb 12th, 2008

PermalinkCategories: Ramble   English (AU)

Jaxer, the silver bullet

388 words, 232 views, 06:19:07 pm. 
 

Jaxer, the world’s first AJAX server, is what I believe is the silver bullet to the epic battle of web development technologies.

Jaxer allows you to run javascript server-side, client-side, and both. It provides database interfaces among other things. But the kicker is that because it is javascript, you can modify the DOM server side before sending it to the client.

This means that templating systems can finally move into the web 2.0 scene. A template system is a way to split design up into something more mangeable, the most basic example being html files, then moving to php includes, then a dedicated solution like Smarty.

JSmarty is a project out currently that is trying to bring Smarty client side, so there can be a universal server and client side templating system. Although it has it’s problems (still being in early development), and you still face having different implementations of the same templating system (smarty + jsmarty).

With Jaxer, you have the ability to use just one. So use JSmarty server and client side, instead of using Smarty on the server. The benefits of this are huge, as there is a single templating system, so one thing that needs to be managed, developed, and used.

Now the benefit of bringing templating systems to client side is that it enables true web 2.0 solutions. So instead of AJAX returning populated HTML to be used as output, it will fetch the data in JSON and then populate the HTML template to be used as output.

Now why would we want to do this? Way less overhead. Say for a table with 100 rows per page, you can fetch a JSON object containing all the row data, and a single row template. Then populate the row template 100 times for each piece of row data.

I will be publishing a report soon enough that will detail the evolution of template systems, and show were Jaxer fits into this.

Update (16/02/2008):
Michael Mahemoff has made a post on Dual-Side Templating, so it is great that I am not the only one believing in this silver bullet.

Update (16/02/2008):
I have published a “report” that I have been working on the past few weeks, that details and provides examples of the evolutionary steps of templating systems. Read about it here:
http://www.balupton.com/blogs/dev?title=templating_system_concepts

Leave a commentTrackback (0)Permalink
Emailbalupton

Monday, Dec 03rd, 2007

PermalinkCategories: Released, Open   English (AU)

jQuery Lightbox Plugin

145 words, 496 views, 10:51:35 pm. 
 

Lightboxes are a way to display a image on the same page elegantly.

Features:

  • Lightboxes can be grouped together.
  • Titles and descriptions for images.
  • Automatic url detection and inclusion of required files, so no configuration is needed.
    * So all you need to do is include it’s single .js file and you are good to go.
  • Greedy elements (flash, object, select) are hidden away and re-shown appropriatly.
  • New / Optimized design.
  • Proper jQuery Plugin.
  • Provides many easy automatic and manual ways of creating and starting lightboxes.
  • Only 15KB in size! (Includes all js, css and image files).

Take a look at the demo site http://www.balupton.com/sandbox/jquery_lightbox/ to see it in action, as well as examples of it’s usage.

Based upon Lokesh Dhakar’s Lightbox 2: http://www.huddletogether.com/projects/lightbox2/

Grab it here.

Leave a commentTrackback (0)Permalink
Emailbalupton

:: Next Page >>

Developer Blog

Developer Blog

Here you can find information on projects that I have worked on, complexities and solutions to problems I have faced, beneficial information like tips n' tricks that I find fit, and anything else that is remotely related.

For anything b2evo related, check here.

| Next >

May 2008
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Search




Categories

Archives

Choose skin

Linkblog

General

Blogs

  • Permalink37Signals Blog

    Brilliant blog that provides professional posts about the industry and things to help you improve.

  • PermalinkAjaxian

    DHTML for the 21st century, Driving up web developer wages world-wide, The Web Renaissance is here, Because you need to have the coolest rounded corners.

  • PermalinkJohn Resig

    John Resig is a JavaScript Evangelist for the Mozilla Corporation and the author of the book ‘Pro Javascript Techniques.’ He’s also the creator and lead developer of the jQuery JavaScript library. He’s currently located in Boston, MA.

  • PermalinkNeowin (Tech Journalism)

    The main site I use to get all my tech news. It also has a great forum.

Services / Products

  • PermalinkAptana Studio

    Why? Aptana Studio offers unparalleled tooling for Ajax including HTML, CSS, DOM, and JavaScript editing and debugging, plus support via additional free plugins for PHP, Ruby on Rails, Adobe AIR, Apple iPhone development.

  • PermalinkFacebook

    The next big thing on the web. A Social Networking Revolution. It has a great dev api allowing you to build applications for it.

  • PermalinkFirefox Extension: Adblock Plus

    Blocks all adverts.

  • PermalinkFirefox Extension: Edit Cookies

    Lets you view, create, and edit cookies.

  • PermalinkFirefox Extension: Firebug

    Lets me debug my javascript work, and inspect the DOM of a website easily.

  • PermalinkFirefox Extension: Greasemonkey

    Lets you make (or install other) javascript scripts that are attached to specified pages. Mainly used to change the display of a page to your liking “permanently".

  • PermalinkFirefox Extension: Html Validator

    When viewing the html source of the page, it highlights the code, displays validation information (and suggested fixes) for lines with problems, as well as a “cleanup” button that fixes everything.

  • PermalinkFirefox Extension: Quick Java

    Provides two little buttons in the status bar which you can click to turn on or off java and javascript.

  • PermalinkFirefox Extension: Tab Mix Plus

    Allows me to make tabs behave and display exactly the way I want them to.

  • PermalinkFirefox Extension: Tamper Data

    Lets you easily modify and view data within page request headers as they are happening. You can also allow or deny requests. Great for hacking.

  • PermalinkFirefox Extension: User Agent Switcher

    Lets you easily switch your user agent to another inside firefox. You can also create your own user agent headers.

  • PermalinkFirefox Extension: Web Developer

    Provides a lot of functions and things that you can use to help with the website development process.

  • PermalinkGoogle Personalized Home

    Keeps me up to date with all I care about in my chosen theme.

  • PermalinkjQuery (Javascript Library)

    jQuery is a fast, concise, JavaScript Library that simplifies how you traverse HTML documents, handle events, perform animations, and add Ajax interactions to your web pages. jQuery is designed to change the way that you write JavaScript.

  • PermalinkMicrosoft Windows Live Messenger

    How I chat with my peers.

Misc

XML Feeds

What is RSS?