Webapp security: Different DB permissions for different requests

January 12th, 2008

When a GET hits your server, your RESTful webapp should not alter the database. Why not enforce this at the permissions level?

Read full entry »

Odd Apache pitfall: ErrorDocument and POST

August 12th, 2007

I am writing a web app that hides much of its inner workings, as any good web app should. (Why? future-proofing, security, simplicity of user experience, etc.) I chose to route all requests that involve server-side scripting through a single file, capture.php. But somewhere along the way, form POSTs stopped working! Why?

Read full entry »