Dragons in the Algorithm
Adventures in Programming
by Michael Chermside

Author: mcherm

My Security Nightmare

As Willie Sutton didn't say, "I rob banks because that's where the money is."

I work for a bank, and so I worry more about security than most programmers. After all, if a hacker were were truly motivated and competent who would they pick to go after? Probably a bank …

Read more

Posted Thu 04 December 2008 by mcherm in Programming

Election Guide, Nov 2008

Here is a description of all items that will be on my local ballot for this upcoming election, along with my own personal recommendations on how I expect to vote, and why. For quite some time now, I've done this sort of research before elections; this time I decided to …

Read more

Posted Sat 01 November 2008 by mcherm in Politics

Separation of Concerns

Once upon a time (in the dark ages of web application development) we built our applications as a single monolithic Perl CGI script, or perhaps a large JSP file containing the entire application. The code looked something like this:


<% Cost[] costs = CostHelper.calculateCosts(loanData, currentDecision); %>
Current Costs:

    Cost …

Read more

Posted Mon 27 October 2008 by mcherm in Uncategorized

Many ways to attack websites

Developers of web applications have quite a few different kinds of "attacks" to worry about. I will try to describe the major categories I know of, including one which is "new" as of the past month or so.

SQL Injection

The most venerable is the SQL-injection attack (and related attacks …

Read more

Posted Thu 09 October 2008 by mcherm in Uncategorized

Threadsafe Java Servlets - a solution

In a previous post I wrote about how nearly all web applications built on Java servlets suffer from potential threading issues. Web browsers can make multiple simultaneous requests, which will result in multiple threads concurrently modifying the (not threadsafe) HTTPSession. Most people just ignore the problems (which strike rarely), some …

Read more

Posted Tue 07 October 2008 by mcherm in Programming