Hashbang.ca

Pages

  • Privacy Policy
  • About the author

Posts

  • Book review: Site Reliability Engineering
  • Diagnosing performance degradation under adverse circumstances
  • CSRF vulnerability at CloudAtCost.com
  • Legal issues in computer security research
  • Recovering from Heartbleed
  • Mike will be a Googler
  • Upgrading encrypted Android devices
  • Exploring Canada's computer crime laws: Part 3
  • Exploring Canada's computer crime laws: Part 2
  • Exploring Canada's computer crime laws: Part 1
  • How to run a question period
  • Validating SSL certificates for IRC bouncers
  • Introducing Hack::Natas
  • Presenting my Natas solutions at NSLUG
  • SSL configuration on nginx
  • Server-side security war games: Part 16
  • Server-side security war games: Part 15
  • Server-side security war games: Part 14
  • Server-side security war games: Part 13
  • Server-side security war games: Part 12

Tags

acme activemq advocacy agile android apache atlseccon bash bdfoy biella book-review bug busybox c-11 canada cfaa chromatic cli co-op coding-freedom conference copyright corba cpan crime crypto csp csrf curl cyanogenmod dagolden dal dancer dbix-class debian deployment design dhcp docs doy drdc drm dzil font foss gedit git google hacking hci heartbleed ide incident infosec ingy irc jacinta jamesgannon java journalism kentnl lawful-access leagueofmovabletype leont linux luks lvm lwp marketing memcached mgeist miyagawa mmims mock mod_perl modern-perl module-build moose movabletype mst natas nginx nickdepetrillo noose nslug obra oo p5p patch path-tiny performance perl perl5i php plack politics prepan psych pythian quinnorton regex release rjbs roadmap rolsky rwstauner schwern scm sf spying sql sre ssl survillance talks techpolicy testing thanks tls twitter typography ui unicode updated utf8 vuln wall waterfall wifi windows wordpress xss yanick yapc youtube

Links

  • Twitter
  • Instagram
  • Github
  • LinkedIn
  • CPAN
  • keybase.io

Customise

  • White
  • Black
  • Blue
  • Green
  • Grey

SSL security in HTTP::Tiny

I was asked to add SSL support to a client library, while also moving from home-grown manual HTTP code to a proper module. HTTP::Tiny was ideal because it is pure-Perl, a core module since 5.14 (so it’ll be maintained), and it’s just one .pm file, making it easy to ship.

An application server that supported SSL was provided for testing purposes, but the SSL certificate didn’t match the hostname – HTTP::Tiny correctly rejected connections. I needed to be able to control the settings sent to the underlying IO::Socket::SSL object used for the encrypted connection so I could turn off security features for testing. As I worked on that, David Golden offered invaluable feedback, which greatly improved the design of the features added to HTTP::Tiny.

As of 0.018, HTTP::Tiny is more configurable, and has a simple interface for easily making SSL connections more secure.

Read More...
Permanent link for post: /post/ssl-security-in-httptiny/
Posted: Apr 18, 2012
Tags: cpan  dagolden  infosec  perl  tls 

Dist::Zilla::Plugin::Twitter gets an OAuth update

My pluginbundle for Dist::Zilla includes, among other things, the Twitter plugin so I can brag on Twitter every time I release a module. Mysteriously, it broke one day. Looking at the code, I realized that it was sending my username and password to authenticate. I remember being uneasy with that at the time I set it up, but I quickly forgot, and continued along blithely. OAuth is an authorization standard that allows users to avoid giving their username & password to a potentially-untrusted application. Using OAuth has been requested since 2011, and the 401 Unauthorized error I got indicates that now it is mandatory for Twitter.

David Golden offered to let me maintain the module, and I’m a sucker, so… :D

Read More...
Permanent link for post: /post/distzillaplugintwitter-gets-an-oauth-update/
Posted: Apr 2, 2012
Tags: cpan  dagolden  dzil  mmims  perl  twitter 

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License .