James Tauber

journeyman of some

blog > 2006 > 03 >

James Tauber's Blog 2006/03/20

Switched over to lighttpd

I just switched a bunch of my sites over to running on lighttpd including http://morphgnt.org/, http://leonardo.pyworks.org/ and http://www.quisition.com/.

It took me a little while to work out how to translate my ScriptAlias directives in Apache to lighttpd (hint: configure mod_alias to map the request path to the CGI script then mod_cgi to recognize files ending in certain characters as being CGI scripts)

The only problem I now have is I've killed anonymous SVN access on pyworks.org because I was previously serving it up via Apache. I'm still investigating alternatives to running Apache just for this purpose.

by James Tauber : Created on March 20, 2006 : Last modified March 20, 2006 : Categories web lighttpd : 2 comments (permalink)

Account Management Patterns

On the weekend, I drew some diagrams describing the account management sub-system I had written for Quisition, partly to see the patterns abstracted from the particular implementation.

Here's the login pattern:

Elliotte Rusty Harold recently wrote about the problems with using GETs for confirmation.

I wanted account signup to involve being sent an email to ensure the user had given a legitimate email address, but cognisant of the issues Rusty raises, I made the email received on signup link to a further form the user then has to submit to truly activate the account:

I originally had the "forget password form" directly resetting the password, but then I realised someone could maliciously enter the email address of another user to reset their password. Not a security issue so much (the new password goes to the right person) but it's a nuisance for the person if they didn't request the reset.

So I adopted an additional pattern where an email is sent which then takes the user to a reset password form:

In both cases, the URI in the email includes a hash in the parameters so the GET that leads to the form can't be faked.

by James Tauber : Created on March 20, 2006 : Last modified March 20, 2006 : 2 comments (permalink)