7Dec
When working on a new project I always try and look at some old code and see if it can be improved in some way. Today it’s the validation on a user login form; and I need some help!
To be honest I can’t wrap my head round getting the right balance of how detailed to be with user validation in a couple of instances.
In a nutshell the question is:
Should I provide an error saying both the username and password are wrong if only one of them is actually wrong?
I was thinking about being more specific with the error messages. So if the username was correct but the password wasn’t only return an error detailing the password as wrong. Also on the flip side showing only a error for the username being wrong if the password was right.
I’ve scrapped the second idea because it seems stupid to confirm a password is correct if the username is wrong, surely a password can only be right once it’s associated to a username. There has to be implications on security too by confirming a password is correct and all a hacker would need to do is figure out the right username and then they’d be in.
So that left me with showing that only the password is incorrect if the username is right, but doesn’t the same problem exist in that I’m confirming a valid username and all a hacker has to do now is figure out the right password.
Does presenting an error message that says ‘some’ information is wrong work better by not telling some hacker what is or is not correct? But that doesn’t balance well with helping out users identify where the error actually lies.
So if anyone can help me come up with what they’d maybe do and why that would be really helpful.
30Jan
Yesterday I received an email from a client whose friend was having trouble with their current web development company. Without naming the site or the people involved I can say that the friend is a person who has been in the public eye and the site is a small ecommerce website.
The email I received flows a little like this
The current web company takes months to fix any problems, such as those involved with the ability to purchase online. A small text change is being quoted at £175, and once agreeing to allow the site to be moved they quoted £10,000 to hand things over, but apparently not an exact copy of the site due to not wanting to give away ‘secret code’. Doing so will apparently open them up to hackers.
Continue reading “Web Design Con Artists”
17Jan
Anyone who happens to look at my site frequently will notice I don’t get all that many comments. That’s never really bothered me; I write on my blog as a release and to hopefully help those few people that manage to find something useful.
Yet there are many who when coming to redesign or rebuild their blogs are removing the facility to add comments to their posts. Instead they attempt to push the discussion to somewhere external of their site; like Twitter. There are two glaringly obvious problems with this:
- No matter how hard you try to convince yourself otherwise 140 characters simply isn’t enough to have a half decent conversation. Instead you end up with half meanings and no elaboration of your point of view.
- The discussion is also restricted to two people and the few that happen to follow both these people. Any others are instantly exiled from a conversation they have no idea is even occurring.
There are a few reasons I can think of for people to remove comments from their website but on the whole they all seem fairly selfish. At no point can I find a situation where removing comments helps those that would otherwise be using them. Sure it’s the site owner’s prerogative to do what they wish with their own site but it seems against the spirit of having a blog if instead of trying to foster a discussion on the topic you’ve written about you instead kill it even before it begins.
I hope this trend I’ve begun to see is limited to only a few and that this doesn’t become the norm as even if you’re site gets only a few comments like mine I’m sure people appreciate the opportunity to add their view.
3Jan
I’ve mentioned before on this blog that I use JQuery as my default JavaScript framework. At one time it just one of many frameworks I would find to suit a specific purpose but because all the cool kids were using it I gave it a proper go and now I don’t think I could live without it.
Following the crowd
As a dedicated follower of fashion the next big thing was to start using a CDN (Content Delivery Network) in order to serve jQuery into your website.
It made sense too. As a meaty 70kb file being able to use someone else’s bandwidth is great, but there were other benefits not least the fact users would cache the file possibly making a visit to your website even quicker as jQuery would not need to be re-downloaded.
Continue reading “Using a CDN to serve jQuery”