Aranea Blog

Todays online systems can be implemented in tons of technologies and they can be web 0.1 or web 3.0. There are some guidelines on how to do certain things.

Whenever you’ve given your username, email and a password to a site you can never know if the password was saved in plaintext or just a hash of it. If it was stored in plaintext you can think about the different security implications yourself. Whenever the password remainder sends you your password it was stored in plain text.

One more thing that systems should not do is store these passwords inside cookies in plain-text. See about Cross-site scripting from Wikipedia.

I was working on a project that was using WordPress as a CMS and there was a password protected todo list. As I was inspecting a cache issue I was checking the headers of static files with Firebug and I stumbled upon on some request/response fields. I noticed that one of the cookies had the password of the TODO item in plaintext.

I googled for it and found that it has been reported. The comment to the report is ‘Well it’s not like other sites can access the cookie or anything ’.

Whenever I use software that has been around for a while (at least a year) and it has a userspace I expect it to follow at least the most basic guidelines. I hope it gets fixed.

Introducing the new approved Aranea Development Model. Pair programming at its best, demonstrated by Jevgeni and Toomas.

TheServerSide.com has released a tech brief about Aranea Framework. It is a video interview with our lead Jevgeni Kabanov. He talks about legacy migration with Aranea and gives a sneak peak of the other upcoming projects. Check out the other tech briefs also.

Although most of the the team is still on vacation after the holidays, next week we will finally unveil the integration project to the general public. It will first be available via version control, as the first milestone release is planned for end of January. Integration will be our main priority in the near future and we are preparing some very nice surprises for you More on that next week.

Exactly seven days are left before the largest European Java conference kicks in! As it happens we have both a talk and a booth there, so anyone in the vicinity is very welcome to come by, listen and tell of your experiences with Aranea (even if they are not the best ).

As you may remember we promised to announce integration with Struts, JSF and GWT during that time. It seems we will just have to keep our word, as the work is almost complete. Struts integration is up and running, while JSF and GWT are right behind it. This means we’ll be able to demo a working app composed of legacy Struts, standard JSF and cutting-edge GWT right before your eyes during the talk (and during any other time in the booth, if you are interested). The official announcement will come right after JavaPolis, since we have to setup subprojects first.

And we’re happily celebrating the release in Webmedia’s new and fancy office!

With love from Estonia,
Aranea team and friends