Monday, November 23, 2009


More from the exotic C++ bugs department:
Under GCC, the \ character at the end of a single-line comment extends the comment to the next line.

A similar behavior is well-known and oft-used for the preprocessor directives (#define etc.), but for the comments? No such behavior under MSVC; the code in question was ported from Windows, where it worked like a charm. And the worst part is, the IDE (Apple Xcode in my case) did not know about that either - the second, commented out line was not colored as one.

You learn something new every day.

Wednesday, January 14, 2009


Poor man's SSL:
Get yourself a JavaScript hash library and a JavaScript RSA library. Both exist.

For the logon page, use a hash-based challenge-response. Server generates the unique challenge, the page accepts the password in a form, on submission clears the password field, instead populates a hidden field with a hash of challenge and password (you can throw in a username and some client-based randomness, if you feel like it). The server calculates a hash with the same algorithm using the true password, matches the two hashes.

All fine and dandy, but the password has to get to the server somehow in the first place, right? That's where RSA comes in. For your user registration page, let the server generate a RSA key, cache the private key on the server, send the public key to the client. On submission, the page script would use the public key to encrypt the password, place the cyphertext into a hidden and clear the password field. The server code would retrieve the private key and decrypt.