Tag Archives: on

MIT 開發出靜態分析工具,找出 23 個 RoR 軟體未被發現的漏洞

MIT 弄出來的新玩意,靜態分析工具叫做 Space:「New MIT Scanner Finds Web App Flaws in a Minute」,MIT 官方的報導在「Patching up Web applications」這邊: In tests on 50 popular Web applications written using Ruby on Rails, the system found 23 previously undiagnosed security flaws, and it took no … Continue reading

Posted in Computer, Murmuring, Network, Programming, Security, Software, WWW | Tagged , , , , , , , , , , , | Leave a comment

GitHub 升級到 Rails 3 了...

GitHub 從 2.3.github 特製版升級到 Rails 3:「Upgrading GitHub to Rails 3 with Zero Downtime」,其中切換的原因之一是維護成本: This choice has bitten us in the form of gem incompatibility, having to manually backport security patches, missing out on core framework performance and feature improvements, and … Continue reading

Posted in Computer, Murmuring, Programming, Software | Tagged , , , , | Leave a comment

UPSERT

維基百科對 UPSERT 的說明:(取自「Merge (SQL)」條目) A relational database management system uses SQL MERGE (also called upsert) statements to INSERT new records or UPDATE existing records depending on whether or not a condition matches. 在 MySQL 裡的兩種語法其實就是在實做這個需求: REPLACE INTO ... INSERT INTO … Continue reading

Posted in Computer, Database, Murmuring, MySQL, PostgreSQL, Software | Tagged , , , , , , , , , , , , | Leave a comment

AWS IAM 支援 SAML 2.0

剛剛看到 AWS 宣佈 AWS IAM 支援 SAML 2.0:「AWS Identity and Access Management Using SAML」。 SAML 是 Single Sign-On 協定的一種,2001 年就推出來了,不過其中用到的架構頗為複雜,由於是 XML 交換技術,再加上要在 XML 上面簽名 (XML Signature),其實我不是很喜歡這東西... @_@ 當初會硬要接觸是因為 Google Apps 的 SSO 是使用 SAML,真是懷念啊... 由於是個公開標準,有不少企業 SSO 方案都有支援 SAML。而 AWS IAM … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network, Security | Tagged , , , , , , , , | Leave a comment