etd’s Dos and Dont’s

There are more than a hundred thousand different ways of implementing authentication in ruby on rails. Authentication in the rails world is definetly not for the faint hearted. After some random reading through the rails wiki it seemed quite clear that there is one winner: acts_as_authenticated. However, after including this plugin in one of my secret projects to take over the world, it seems that is lacking some functionality, what I need out of the authentication framework is:

• A no non-sense authentication: just email and password. No bells, no wistles.
• The system should send an activation email after the user signs up.

Let’s explore the alternatives
(more…)

A new puzzle, this time from Conceptual Blockbusting: A Guide to Better Ideas by Jams L. Adams:

One morning, exactly at sunrise, a Buddhist monk began to climb a tall mountain. A narrow path, no more than a foot or two wide, spiraled around the mountain to a glittering temple at the summit. The monk ascended at varying rates of speed, stopping many times along the way to rest and eat dried fruit he carried with him. He reached the temple shortly before sunset. After several days of fasting and meditation he began his journey back along the same path, starting at sunrise and again walking at variable speeds with many pauses along the way. His average speed descending was, of course, greater than his average climbing speed. Prove that there is a spot along the path that the monk will occupy on both trips at precisely the same time of day.

hack-fu by: rux0r

This post is the first in a series on the subject of enterprise messaging and in particular on IBM’s flavour of it. The objective of these posts will be to remove some of the confusion about its purpose, the technologies and the methods of securing it. Hopefully this will help both security testers and other interested parties to feel confident about this important area of IT security.
(more…)