Tag Cloud
My Reading List
This is a list of books currently on my To Read shelf... literally. I do not suggest or anti-suggest any of them at this time as I haven't read them yet.
- Agile Project Management with Scrum
- Beautiful Code
- Code Reading
- Databases in Depth
- Essential Business Process Modeling
- Good to Great
- Head First PMP
- Making Things Happen
- Manage It!
- Mind Hacks
- Practical Django Projects
- Prioritizing Web Usability
- Regular Expression Recipes
- Software Project Survival Guide
- The No Asshole Rule
Links of Interest
Current Efforts:
Blue Parabola, LLC
CaseyMultiMedia
web2Project
PHP'ers:
Ben Ramsey
Brandon Savage
Cal Evans
Eli White
Elizabeth Naramore
Joe LeBlanc
Matthew Turland
Matthew Weier O'Phinney
Planet PHP
Tony Bibbs
DC Social Media:
Aaron Brazell
Jessie X
Shashi B
Business/mISV:
Bob Walsh
Eric Sink
Gavin Bowman
Guy Kawasaki
Joel Spolsky
Micah Baldwin
Paul Graham
Planet mISV
Past Projects:
CodeSnipers
HOBY
Judicial Watch
mobile FoxNews.com
NRTW
Great Tools I use:
Drupal
phpUnit
Subversion
Zend Framework
User login
Search
Upcoming Events
Welcome
This is not the home of dotProject or web2project. It is the home of CaseySoftware, LLC. Any dotProject support questions should be referred to their support forums.
Recent blog posts
Items of Interest
- A Primer on Information Theory and Privacy | Electronic Frontier Foundation
- A Primer on Information Theory and Privacy | Electronic Frontier Foundation
- UNIX tips: Learn 10 good UNIX usage habits
- How do we kick our synchronous addiction? - Die in a Fire - Eric Florenzano’s Blog
- How do we kick our synchronous addiction? - Die in a Fire - Eric Florenzano’s Blog
Recent comments
- risk management module
1 week 4 days ago - web2project better than dotProject?
2 weeks 22 hours ago - Is this BETTER than dotProject then?
2 weeks 1 day ago - I have not gone through this
4 weeks 1 day ago - Pragmatic Programmer
4 weeks 4 days ago - Dash Board
4 weeks 4 days ago - Vacation hotspot, condominium rental service at Alabama & Arizon
4 weeks 4 days ago - hook_block
4 weeks 5 days ago - Dashboard
4 weeks 5 days ago - Agreed.
4 weeks 6 days ago
Popular content
Today's:
Ads
Date: 29 January, 2010 - 11:40
Late last month, I received some bad news about web2project...
It turns out that web2project was vulnerable to a handful of select Cross Site Scripting (XSS: definition) vulnerabilities. While the attack vector was pretty specific to being an already authenticated user, it had the potential to be a major problem in a poorly configured system.
On the positive side, I say "was" because within 10 days of being notified of the problem - and the same day the vulnerability became public - we had a patched release out the door and available to users. We've spent the past month since encouraging them to upgrade. Of course, we further benefit from the fact that although the vulnerability does affect us, we're not named in the report.
On the negative side, it did take us 10 days to close the vulnerability. The patch itself was available a few days earlier via Subversion but it might not have been enough. Further, we didn't explicitly notify our users of a need to upgrade but since it was rolled with a handful of other major fixes, it appears that many people have upgraded already. Once again, we benefit from the very specific attack vector.
To make this process easier and faster in the future, as of v1.3, we can already detect if upgrades have been uploaded but not applied. For an upcoming release, we're implementing a Drupal/WordPress-style means of notifying existing administrators thatan upgrade is available. In the meantime, watch this space or web2project's page on Sourceforge.
It is a little strange that
It is a little strange that nowadays such vulnerabilities could happen. :-/
Vulnerability
The thing is that that code is quite old. It was written in 2002-2004 long before most people had heard of these concepts. And since it works without problem, most developers have kept their attention elsewhere.
I'm just glad that we were able to get the fix out in time. So far we've been able to track and resolve these things before they were made public thanks to our great community.
Dashboard
Hello
I was wandering if there was any plans in the works to have a dashboard on Web2project. I have been looking at a product called Teamwork and the only thing nice about it is the first page you log into have different sections that are configurable (Block code). There is Company news, Department news, announcements and such.. There is a section for tasks that are due (summary). There is a current activities section that shows a summary of the current activity on the projects the user is associated with. I can think of a lot of things that could be summarized on a dashboard page.
hook_block
No, there's not a "plan" for a dashboard, but there are some ideas for it. I'm going to start laying the groundwork in v1.3 by adding a hook_block method onto the core classes. It's not going to do anything yet, but I envision it working similarly to how Drupal's blocks work.
Do you have some thoughts on how it should work?
Dash Board
I was thinking something that tied all the user info together i.e. Calendar, tasks, Company News, department news. Of course to have News, there would need to be a news module added.
Take a look at the script "Teamwork". It has a dashbord that is nice.
Post new comment