Smalltalk Pharo Pharo Smalltalk Users

[ANN] Application Security for your domains

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
hernanmd
Reply | Threaded
Open this post in threaded view
|

[ANN] Application Security for your domains

hernanmd
Hello guys,
I'm doing a double announcement here.

First, a new blog about development with Pharo, and Smalltalk:

http://80738163270632.blogspot.com.ar/

Second, my first entry contains a post about Application Security, a new package to make Pharo applications more secure. You can start playing with the objects right now, while more documentation is being written for the next release.

Hope you like it and I'm looking forward to hearing from you.
Cheers,

Hernán
pharo4Stef@free.fr
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Application Security for your domains

pharo4Stef@free.fr
the linke o your blog leads to 

http://www.smalltalkhub.com/#%21/%7Ehernan/ApplicationSecurity


On 28 Mar 2014, at 00:58, Hernán Morales Durand <[hidden email]> wrote:

Hello guys,
I'm doing a double announcement here.

First, a new blog about development with Pharo, and Smalltalk:

http://80738163270632.blogspot.com.ar/

Second, my first entry contains a post about Application Security, a new package to make Pharo applications more secure. You can start playing with the objects right now, while more documentation is being written for the next release.

Hope you like it and I'm looking forward to hearing from you.
Cheers,

Hernán
Sergi Reyner
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Application Security for your domains

Sergi Reyner
In reply to this post by hernanmd
2014-03-27 23:58 GMT+00:00 Hernán Morales Durand <[hidden email]>:
Hello guys,
I'm doing a double announcement here.

First, a new blog about development with Pharo, and Smalltalk:

http://80738163270632.blogspot.com.ar/

Second, my first entry contains a post about Application Security, a new package to make Pharo applications more secure. You can start playing with the objects right now, while more documentation is being written for the next release.

Hope you like it and I'm looking forward to hearing from you.

I was just about to roll my own to use in a CMS-y thingie I´m crafting. You just saved me days! \o/

Cheers,
Sergi
hernanmd
Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [ANN] Application Security for your domains

hernanmd
In reply to this post by pharo4Stef@free.fr
Thank you for reporting.
I have added links to Pharo and Fuel websites.
Cheers,

Hernán

2014-03-28 4:53 GMT-03:00 Pharo4Stef <[hidden email]>:

> the linke o your blog leads to
>
> http://www.smalltalkhub.com/#%21/%7Ehernan/ApplicationSecurity
>
>
> On 28 Mar 2014, at 00:58, Hernán Morales Durand <[hidden email]>
> wrote:
>
> Hello guys,
> I'm doing a double announcement here.
>
> First, a new blog about development with Pharo, and Smalltalk:
>
> http://80738163270632.blogspot.com.ar/
>
> Second, my first entry contains a post about Application Security, a new
> package to make Pharo applications more secure. You can start playing with
> the objects right now, while more documentation is being written for the
> next release.
>
> Hope you like it and I'm looking forward to hearing from you.
> Cheers,
>
> Hernán
>
>

Andy Burnett
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Application Security for your domains

Andy Burnett
In reply to this post by hernanmd
<<<

Hello guys,
I'm doing a double announcement here.

First, a new blog about development with Pharo, and Smalltalk:

http://80738163270632.blogspot.com.ar/

Second, my first entry contains a post about Application Security, a new
package to make Pharo applications more secure. You can start playing with
the objects right now, while more documentation is being written for the
next release.
>>>

That's great!  I think it would be wonderful if we could - collectively - develop a really secure base framework.  There was some interesting discussion of this topic, regarding clojure, on HN (https://news.ycombinator.com/item?id=7472841). It made me wonder how secure Pharo/Seaside/Aidaweb etc are in comparison.

Couple of minor points:
  1. The blog doesn't seem to have an RSS feed.  At least, not one that Feedly can find. Is there a setting you can turn on?
  2. The correct link to the package is: http://www.smalltalkhub.com/#!/~hernan/ApplicationSecurity
Cheers
Andy
hernanmd
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Application Security for your domains

hernanmd



2014-03-28 13:31 GMT-03:00 Andy Burnett <[hidden email]>:
<<<

Hello guys,
I'm doing a double announcement here.

First, a new blog about development with Pharo, and Smalltalk:

http://80738163270632.blogspot.com.ar/

Second, my first entry contains a post about Application Security, a new
package to make Pharo applications more secure. You can start playing with
the objects right now, while more documentation is being written for the
next release.
>>>

That's great!  I think it would be wonderful if we could - collectively - develop a really secure base framework.  There was some interesting discussion of this topic, regarding clojure, on HN (https://news.ycombinator.com/item?id=7472841). It made me wonder how secure Pharo/Seaside/Aidaweb etc are in comparison.


Cool discussion.
 
Couple of minor points:
  1. The blog doesn't seem to have an RSS feed.  At least, not one that Feedly can find. Is there a setting you can turn on?
  2. The correct link to the package is: http://www.smalltalkhub.com/#!/~hernan/ApplicationSecurity
Cheers

Thank you Andy, I've fixed the StHub link and added a RSS feed. I will update the post this weekend with a description of the checkpoint usage.
Let me know any other issues.

Hernán

 
Andy
Pierce Ng-3
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Application Security for your domains

Pierce Ng-3
In reply to this post by hernanmd
On Thu, Mar 27, 2014 at 08:58:48PM -0300, Hern??n Morales Durand wrote:
> Second, my first entry contains a post about Application Security, a new
> package to make Pharo applications more secure. You can start playing with
> the objects right now, while more documentation is being written for the
> next release.

Hi,

Good stuff!

I've been doing some password-related work as well.

  http://samadhiweb.com/blog/2013.08.11.splitpasswordstore.html

This allows writing the following:

  spec := DBConnectionSpec new
            key: 'mysql';
            host: 'localhost'; port: 3306;
            user: 'myappuser';
      ====> password: (SpsSplitPasswordStore readFrom: 'myappuser.dat');
            yourself.

Also, SHA256/512 password hashing:

  http://samadhiweb.com/blog/2013.11.17.shacrypt.html

Code for both is published on SS3.

--
Pierce Ng
http://samadhiweb.com/blog/
LogiqueWerks
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Application Security for your domains

LogiqueWerks
do we have a Pharo PassPhrase 4 X 4 - specific project/variant/branch ?  

(i.e., four  4-char substring => 1 Passphrase )

I had done some work on mnemonics for such passphrases ...  and I realize some like to salt-and-pepper with 3-char and 5-char Unicode chunks ...

thnkx


On 29 March 2014 10:05, Pierce Ng <[hidden email]> wrote:
On Thu, Mar 27, 2014 at 08:58:48PM -0300, Hern??n Morales Durand wrote:
> Second, my first entry contains a post about Application Security, a new
> package to make Pharo applications more secure. You can start playing with
> the objects right now, while more documentation is being written for the
> next release.

Hi,

Good stuff!

I've been doing some password-related work as well.

  http://samadhiweb.com/blog/2013.08.11.splitpasswordstore.html

This allows writing the following:

  spec := DBConnectionSpec new
            key: 'mysql';
            host: 'localhost'; port: 3306;
            user: 'myappuser';
      ====> password: (SpsSplitPasswordStore readFrom: 'myappuser.dat');
            yourself.

Also, SHA256/512 password hashing:

  http://samadhiweb.com/blog/2013.11.17.shacrypt.html

Code for both is published on SS3.

--
Pierce Ng
http://samadhiweb.com/blog/
hernanmd
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Application Security for your domains

hernanmd
2014-03-29 10:58 GMT-03:00 Robert Shiplett <[hidden email]>:
> do we have a Pharo PassPhrase 4 X 4 - specific project/variant/branch ?
>

I don't know, but I would be happy to integrate it.

> (i.e., four  4-char substring => 1 Passphrase )
>
> I had done some work on mnemonics for such passphrases ...  and I realize
> some like to salt-and-pepper with 3-char and 5-char Unicode chunks ...
>

Can you comment more about it? Do you have some code?

I'm interested in image-based password mnemonics beacuse a well-known
picture is easier to remember that text-based mnemonics, specially
when passwords contain special characters.
Cheers,

Hernán

> thnkx
>
>
> On 29 March 2014 10:05, Pierce Ng <[hidden email]> wrote:
>>
>> On Thu, Mar 27, 2014 at 08:58:48PM -0300, Hern??n Morales Durand wrote:
>> > Second, my first entry contains a post about Application Security, a new
>> > package to make Pharo applications more secure. You can start playing
>> > with
>> > the objects right now, while more documentation is being written for the
>> > next release.
>>
>> Hi,
>>
>> Good stuff!
>>
>> I've been doing some password-related work as well.
>>
>>   http://samadhiweb.com/blog/2013.08.11.splitpasswordstore.html
>>
>> This allows writing the following:
>>
>>   spec := DBConnectionSpec new
>>             key: 'mysql';
>>             host: 'localhost'; port: 3306;
>>             user: 'myappuser';
>>       ====> password: (SpsSplitPasswordStore readFrom: 'myappuser.dat');
>>             yourself.
>>
>> Also, SHA256/512 password hashing:
>>
>>   http://samadhiweb.com/blog/2013.11.17.shacrypt.html
>>
>> Code for both is published on SS3.
>>
>> --
>> Pierce Ng
>> http://samadhiweb.com/blog/
>>
>>
>

hernanmd
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Application Security for your domains

hernanmd
In reply to this post by Pierce Ng-3
2014-03-29 10:05 GMT-03:00 Pierce Ng <[hidden email]>:

> On Thu, Mar 27, 2014 at 08:58:48PM -0300, Hern??n Morales Durand wrote:
>> Second, my first entry contains a post about Application Security, a new
>> package to make Pharo applications more secure. You can start playing with
>> the objects right now, while more documentation is being written for the
>> next release.
>
> Hi,
>
> Good stuff!
>
> I've been doing some password-related work as well.
>
>   http://samadhiweb.com/blog/2013.08.11.splitpasswordstore.html
>
> This allows writing the following:
>
>   spec := DBConnectionSpec new
>             key: 'mysql';
>             host: 'localhost'; port: 3306;
>             user: 'myappuser';
>       ====> password: (SpsSplitPasswordStore readFrom: 'myappuser.dat');
>             yourself.
>
> Also, SHA256/512 password hashing:
>
>   http://samadhiweb.com/blog/2013.11.17.shacrypt.html
>
> Code for both is published on SS3.
>

Cool, thanks for sharing.

BTW you can compile sha512crypt.c under Windows MinGW by conditionally adding:

#define MAX(x,y)                ((x) > (y) ? (x) : (y))
#define MIN(x,y)                ((x) < (y) ? (x) : (y))

#ifndef alloca
    #define alloca(x) __builtin_alloca(x)
#endif

/* Taken from http://searchcode.com/codesearch/view/22364370 */
char * stpncpy (char *dst, const char *src, size_t len) {
    size_t n = strlen (src);
    if (n > len)
    n = len;
    return strncpy (dst, src, len) + n;
}

 cc -m32 -shared -o libshacrypt.dll *.o

Hernán

Free forum by Nabble Edit this page