Piperka blog

CSRF protection added

I'm hoping that my next blog post will be about new and useful features and not just about fix ups of past bad design. Today, I added CSRF protection to Piperka's web interface. That is, I added some extra checks in there so that just anyone can't alter your bookmarks and subscriptions without your knowledge. At least not as easily. The most visible part about that is that setting bookmarks with the bookmarklet became a two step process.

I changed the site layout a bit. The side bar has a link to this blog now and I removed the Flattr button. It was fun to try that one out but I prefer the faster page loads, without it.

I discovered last week that the change to a session based authentication system broke logins for newly created accounts. What a way to make an impression on prospective users. I was supposed to have that test environment just so that I could test and avoid situations like this. But live and learn, and I would never dared to make necessary changes like this in the first place, without having one.

Lastly, Eleanor of gamergnome.com offered to draw me something. So I asked for a picture of my alter ego, slicing a pepper. She drew me in a dwarven soldier uniform. I must say that I'm pretty impressed. Enjoy.

submit to reddit
Mon, 27 Jun 2011 19:11:22 UTC