HOME   |   NEWS   |   FEATURES   |   KNOWLEDGEBASE   |   FAQ   |   EXAMPLES   |   CHANGELOG   |   DEV BLOG   |   ORDER   |   CLIENT AREA   |   CONTACT

BlogHoster Development Blog

Welcome to the BlogHoster development blog! Check this page to find regular progress reports from the BlogHoster development team regarding bug fixes, updates, and relevant product information.

Sessions, Password Resetting, and the Dev Blog Mailing List

5:25 PM, November 2, 2006

The past two days have been extremely productive. In addition to several bug fixes (BH mail being processed as junkmail, signup displaying incorrectly when all profile fields are set to "invisible", and moblog entry titles showing up with strange characters), I also made a couple of important larger changes to BlogHoster.

 

The first big difference in v2.3 (since last I posted a dev blog entry) is the switch from using login cookies to sessions. This will prevent the possibility of using javascript to display user cookies (even though they were encrypted) on a weblog. We felt it was safer if none of the user's information were stored in the form of cookies on their computer. I'm still fixing the "Remember Me?" checkbox so it works with the new system, but it shouldn't take me very long.

 

Another difference is the addition of a "Security Question and Answer" that the user must enter upon signup. When the user goes to reset their password (if they've forgotten it, for example), they will be shown their Security Question and be asked to provide their Security Answer. Only then will their password be reset and an email be sent to them. Our hope is that this will cut down on the number of false password resets that occur in BlogHoster systems.

 

Finally, I've made BlogHoster more secure from SQL injections. This is one of the most important parts of the v2.3 update since it will provide your BlogHoster installation with added security from attackers. In addition, I plan to add SafeHTML, a program designed to strip down all potentially harmful HTML, to BlogHoster. This should solve any malicious javascript that might be entered into the template or entry fields. 

 

So, apart from that, the last real thing I need to do before v2.3 can be released is paginate the browse page, since we've been told it's causing server load problems when too many users are displayed. Thanks for all your patience, guys, we really appreciate it. Also, if anyone would like to offer their BH installations, I could really use a few people to beta test (tomorrow or Saturday). Please email me if you can help out! In the next few days, I'll be adding a mailing list option to this Dev Blog, so those of you that opt in can receive an email whenever an update is posted!


{ Last Page } { Page 20 of 21 } { Next Page }


 Copyright ©2005 Webligo Developments.