Posted by jpluimers on 2015/04/29
Front-end web development isn’t my core area of expertise, but every now and then I am slightly more than the usual spectator and do get involved.
This case it was about helping to prevent The Clickjacking attack by using the The X-Frame-Options response header from RFC 7034.
Lots of people seem to have questions about it: Highest Voted ‘x-frame-options’ Questions – Stack Overflow.
So, from The X-Frame-Options response header:
There are three possible values for X-Frame-Options:
- The page cannot be displayed in a frame, regardless of the site attempting to do so.
- The page can only be displayed in a frame on the same origin as the page itself.
- The page can only be displayed in a frame on the specified origin.
Posted in Development, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2015/04/13
As a follow up on the Cntlm configuration post last week, here is a small batch file that will find Cntlm.exe (on x86 and x64 systems) then start it in verbose mode.
Posted in Cntlm, Development, Fiddler, NTLM, Power User, Web Development, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP, Windows-Http-Proxy | Leave a Comment »
Posted by jpluimers on 2015/04/10
This is an elaboration of How to fill proxy information in cntlm config file – Stack Overflow.
When digging around how to get authentication stuff going, I want as much information, so this was the command-line I used:
cntlm.exe -v -c cntlm.ini -I -M http://www.bbc.co.uk
The -v is important: it shows you why things fail, and where: It also shows you the NTLM headers sent back/forth over the wire.
These are the switches used:
- -v verbose
- -c configuration file
- -I interactive (prompt for password)
- -M magically detect the NTLM level used by the proxy
Since it is unsafe to store plain text passwords in configuration files, cntlm allows you to store the hashes.
Storing hashes not passwords locally is safer, but not much safer. See for instance Still Passing the Hash 15 Years Later: Guest Post: Let’s talk about Pass-the-Hash by Scriptjunkie the video How to own a Windows Domain or search for Mark Russinovich video windows hash ntlm hack.
Anyway: you can generate the password hashes using either Read the rest of this entry »
Posted in Development, DVCS - Distributed Version Control, Fiddler, git, HTTP, Internet protocol suite, Mercurial/Hg, NTLM, Power User, Software Development, Source Code Management, TCP, Web Development, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Vista | Leave a Comment »
Posted by jpluimers on 2015/02/19
Smart, it works in any modern html5 capable browser:
Be sure to look at the blog post and comments at Jose Jesus Perez Aguinaga : One line browser notepad as they explain why this works, and how to extend it in a couple of really smart way.
via: Jose Jesus Perez Aguinaga : One line browser notepad.
Posted in Chrome, Development, FireFox, HTML, HTML5, Internet Explorer, Opera, Power User, Safari, Software Development, Web Browsers, Web Development | 1 Comment »
Posted by jpluimers on 2015/01/22
Wow: I feel like having lived under a stone for 8 years, as RosettaCode has been alive since it was founded in 2007 by Mike Mol.
The idea is that you solve a task and learn from that, or learn by seeing how others have solved tasks or draft tasks.
So in a sense it is similar to the Rosetta stone: it has different languages phrasing the same tasks.
There are already a whole bunch of languages on RosettaCode (of which a few are in the categories below), and you can even suggest or add your own languages.
When you want to solve tasks, be sure to look at the list unimplemented tasks by language that leads to automatic reports by language (for instance two of the languages I use most often: C# and Delphi).
I’m sure there are lots of programming chrestomathy sites, even beyond the ones, and it feels very similar to programming kata sites.