helion-prime
home about us blogs contacts

Blogs

This weblog by Helion-Prime Solutions about software design, experience, business, the web, simplicity and more
Blogs

Use https securely

June 7th, 2012 by vasiliy.kiryanov

preamble

Nowadays everyone understands how easy to hijack unsecured http session. So, https is the key for secure web. Sometime people don’t use https for small project due to price of certificates, http://www.startssl.com/ solves this problem, they give (Class 1) certificates for free, and verified (Class 2) have ridiculous cost. Therefore the only problem is errors of https usage.

keep cookie safe

The cookie can be stolen before redirect to https, to avoid cookie theft you need to use ‘Secure’ flag. It instructs browser to send cookie only thru https connection.

Set-Cookie: mycookie=somevalue; path=/securesite/; Expires=12/12/2345; Secure;

make correct redirect

When certificate is adjusted for usage with application server you need to redirect users from http://mysite.com to https://mysite.com. The redirect opens vulnerability as an attack can be performed before redirect.

The HTTP/1.1 specification (rfc2616) informs us that http responsе codes 301 (“moved permanently”) и 302 (“found”/”moved temporarily”) can be cashed by browser. So by using of Expires or Cache-Control max-age with big expiration dates we can avoid redirects.

Expires: Mon, 01 Jan 2099 00:00:00 GMT

Another idea is usage of Strict-Transport-Security header. It informs browser that website accessible only thru https. All http quires will be rewritten on client-side by browser.

Strict-Transport-Security: max-age=31556926;

It tells browser that support Strict-Transport-Securityto use only https for particular site during 1 year. At this time Firefox and Chrome support it, Opera waits till this standard change type to ‘agreed’ or ‘established’.

don’t mix content

You should ensure that you don’t use content from http sites. Often people forget that they use CDN to load libraries or Google analytics. So check for each http entry on your site and change it to https.

Be Sociable, Share!

Tags: ,
Posted in internet, web-development | 1 Comment »

nginx setup for t-wiki

March 17th, 2012 by vasiliy.kiryanov

preamble

I will start it fast, you know that nginx is cool due to it faster than apache, and you know that t-wiki is good due to it is open-source enterprise wiki used by number of Fortune 500 companies. But you should also know that t-wiki is perl application.

“Perl – The only language that looks the same before and after RSA encryption.”
Keith Bostic

nginx setup

T-wiki developers don’t believe in power of nginx, it’s the only idea that come to my mind when I think why they have number of apache examples and even web-based apache configuration but nothing for nginx. Quick search in google shows that common question is “t-wiki perl scripts don’t have extensions. How to execute them with nginx?”

So, the only way is to read documenation.

list of docs to look into:
http://wiki.nginx.org/Configuration
http://wiki.nginx.org/HttpCoreModule
http://wiki.nginx.org/Pitfalls (try it for sure)

nginx config file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
server {
    listen  my_ip:80;
    server_name my_servername.com www.my_servername.com;

    access_log /var/log/nginx/my_servername.com.access.log;                                                                        
                                                                                       
    location /wiki/pub {                                                                                                        
      root /var/www;                                                                                                  
    }                                                                                                                            
                                                                                                                                 
    location = /wiki/bin/configure {                                                                                            
      root /var/www;                                                                                                          
      allow my_ip;
      deny  all;
      fastcgi_pass unix:/var/run/fcgiwrap.socket;
      include /etc/nginx/fastcgi_params;
    }

   location ~ /wiki/bin/(?<action>[a-z]+)(\/(?<path>.*))?$ {
      root /var/www;

      fastcgi_pass unix:/var/run/fcgiwrap.socket;
      fastcgi_param SCRIPT_FILENAME $document_root/wiki/bin/$action;
      fastcgi_param SCRIPT_NAME $action;

      #identifies the resource to be returned by the CGI script,
      #and is derived from the portion of the URI path hierarchy following
      #the part that identifies the script itself.
      fastcgi_param PATH_INFO /$path;

      #virtual-to-physical translation appropriate to map it onto the
      #server's document repository structure
      fastcgi_param PATH_TRANSLATED $document_root/wiki/bin/$action;

      include /etc/nginx/fastcgi_params;
    }

   location ~ /wiki/(^/lib|^/data|^/locale|^/templates|^/tools|^/work) {
      deny all;
   }

   location = /favicon.ico {
      access_log off;
      log_not_found off;
   }
}
Be Sociable, Share!

Tags: ,
Posted in web-development | No Comments »

devenv – development environment

November 20th, 2011 by vasiliy.kiryanov

It’s quite common when developers share information about environment, libraries or tools that they use. And it should be work practice for every good software engineer, manager or architect to constantly evaluate new technologies, ideas, fraimworks, etc.

As software development director I always look into new things and want to share my current understanding of important things in Java and Ruby development, architecture design, and performance.

All the companies are telling us that they are developing the best products to support the development of the software but we will rely on a variety of awards, and statistics of usage whenever possible + my experience. This does not mean it will be possible to do without investing your own time but will hopefully make this job a little easier. I will be glad to get your thoughts, critics, and information about things that empower your IT development process.

So, welcome: http://devenv.in

Be Sociable, Share!

Tags: , ,
Posted in general programming, web-development | 7 Comments »

How to finish with differences in renders of HTML in browsers

August 18th, 2011 by vasiliy.kiryanov

preamble

When there is no standard there is no same approach for same things and we have chaos.
But we have standards for HTML and CSS, we can find them all on W3C pages http://www.w3.org/MarkUp/ and http://www.w3.org/Style/CSS/.
And still we hear from users “Why does my website look different on different browsers?” or “I want to kill developers of Internet explorer” from web-developers.

complexity of standards

First problem is the complexity of standards that should take into account many different things. It’s hard for developers to understand and develop products appropriately.
As W3C can’t simplify standards it should put special effort to develop and provide special set of test-cases like famous set of Acid tests but it should provides not just set of randomly picked features but complete cover of specifications – XHTML, CSS, DOM, SVG. There will be standard way to test browsers and someday we will finally have same picture on all browsers.

human nature

The problem not only in the standards but in human nature that incite some people to use evolving versions of HTML/CSS to get fantastic features. But I believe when W3C begins to provide tests it will be evident for anyone that developer is guilty for bugs or using of experimental features.

Be Sociable, Share!

Tags: ,
Posted in be smart, internet, web-development | 1 Comment »

Improvement of Google Ads

June 24th, 2011 by vasiliy.kiryanov

We all know that Google generates profit primarily from its advertising programs. So keeping them effective is very important but difficult task as users tend to ignore advertisement and use special plug-ins for browsers to block it.

The key here is to make Ads more attractive using information about users, as people say today make them more social. It’s clear that for Social networks like Facebook it is much easier to collect such data then for search engine that can only remember history of your searches and detect your current location.

the straightforward solution

Ask users to provide data and setup Ads they want to see!
google search with customization feature

After users click “Select Ads you want to see” they see simple Ads dashboard:
google dashboard
When users can select useful content there are no reasons for them to block it or ignore, Google can reduce amount places for Ads (like recent bottom place in Gmail) and decries distraction even more. Additionally Google can add Google offers here and turn Ads into some kind of fun.

Be Sociable, Share!

Tags: ,
Posted in be smart, internet | 3 Comments »

« Older Entries
©2010 Helion-Prime Solutions Ltd.
Custom Software Development Agile Company.