Tom Mollerus' Weblog

Jakob Nielsen just called for password masking to die:

Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures. It's time to show most passwords in clear text as users type them. Providing feedback and visualizing the system's status have always been among the most basic usability principles. Showing undifferentiated bullets while users enter complex codes definitely fails to comply.

He claims that miscreants can still steal your password just by watching the keyboard instead of the screen, and that mistyped passwords will reduce business because of user frustration. I don't agree that either of these are worthy arguments: first, it's a lot harder to watch someone's keystrokes than it is to read off letters accumulating in an on-screen field; and second, I would guess that the amount of lost business due to user frustration over password fields is very neglible. Plus I'm willing to bet you'd lose more users if you didn't obscure your passwords because they would think your site was lacking in good security.

I do agree with one of his suggestions later in the posting, which Jeff Atwood has proposed before: adding a checkbox to the form (or dialog box) so the user can control whether the password field is masked or revealed. This setting could even be applied globally in application preferences, applied by web site, or even applied by network connection. If you're on the home network, don't mask; if you're at work, mask; if you're on an unrecognized network, and therefore probably in public, mask.

For those of you in the Boston area: want to hear about the next version of ColdFusion and the new IDE, code-named Bolt? Then you'll want to make sure to attend tomorrow night's Boston CFUG meeting at Adobe's offices in Newton, with speakers Adam Lehman and Tim Buntel.

Adam will be giving us the scoop on the upcoming version of ColdFusion as well as the new IDE codenamed Bolt. Tim Buntel will show us some of the features in Flex 4 and Flash Builder designed specifically with ColdFusion developers in mind.

Brian and I are planning for food and giveaways that are even better than usual, too!

RSVP Today! http://www.eventbrite.com/event/356084057

Lately I've been working on a site where we have to gather some network information from our customers, including the domain name/IP of their LDAP server, and an LDAP username and password. We want the ability to tell them right away whether the credentials they've typed in are valid, so we offer a test right there on the page. This isn't too hard-- just pass the credentials back to the server via AJAX, run them through CFLDAP, and return the result to the customer. But what's not as easy to do is to handle connections when the LDAP server only allows SSL-protected transactions and uses a self-signed certificate. To enable your server to recognize the custom certificate, you'll need to add it to the list of trusted certs in your server's keystore.

Continue reading "Importing SSL certs to Railo's keystore programmatically" »

We've scheduled a great meeting for June 23rd that you will not want to miss. Adam Lehman, ColdFusion's Product Manager, and Tim Buntel, Flex Product Manager, will be back to host this year's Adobe User Group Tour which will include discussion of the next versions of ColdFusion and Flex/Flash Builder. This meeting will include a number of giveaways and we will be providing good food and drinks.

Date and Time: June 23, 2009 from 6:00pm - 9:00pm

Address:
Adobe Systems
275 Grove St
Newton, MA 02466

RSVP: http://www.eventbrite.com/event/356084057

I'm happy to announce the next Boston CFUG meeting, Open Mic Night, on May 19th, 6pm, at the offices of iSite Design in Cambridge. Details are available on our Adobe Groups site.

Back by popular demand, Open Mic is a meeting where members can show off their latest projects, cool techniques, or code to everyone else. Audience members can offer comments, criticism, or offers of coding help. One lucky presenter will will the night's door prize of an iTunes gift certificate. Members who are interested in presenting should contact me.

Register at http://www.eventbrite.com/event/340829430

The following is a partial list of presenters:

Ben Margolis: CFWheels Intro
Let's see if the promise of CFWheels as a fun and powerful framework is true. We'll make a hello world app and then play around with the code in my project that uses it: a job seeker tool.

John Luke Mills: ColdFusion to the Rescue
The key technical part is how to generate very precise printed output by pushing cfdocument really hard. There is also a little bit about how this ties into the rest of the application with a Flex client.

Back by popular demand, the Boston CFUG is hosting another Open Mic meeting where members can show off their latest projects, cool techniques, or code to everyone else. Audience members can offer comments, criticism, or offers of coding help. One lucky presenter will will the night's door prize. Members who are interested in presenting should contact co-manager Tom Mollerus by April 17th.

Scheduled for April 22nd at 6pm, this meeting will be hosted by ISITE Design Boston in Cambridge. ISITE is also generously providing food for the night.

Event details: http://groups.adobe.com/posts/ba4ef5b7ce
RSVP: http://www.eventbrite.com/event/321540737