Blog about the Xojo programming language and IDE
Passwords are a problem, as we frequently see in the news when databases containing password and login information are hacked and exposed.
Though too much security is never enough, as developers, there are things we can do to keep our users’ passwords secure.
Comments closedWeb apps built with the traditional tools (HTML, JavaScript, CSS, etc.) are nothing more than a series of text files and thus not very secure. Once a hacker gets into a server, they can steal your code or modify it. One big advantage web apps built with Xojo have is that Xojo compiles your app to machine code so there’s no code on your server to steal. Additionally, the overwhelming majority of hackers have no experience with machine code, so modifying your app to do something nefarious can be extraordinarily difficult.
Comments closedThough increasingly rare, we do still hear from Xojo users who get false positives from their anti-virus software when downloading Xojo or running Xojo applications. We’ve even heard of this occurring when users are debugging apps from the IDE. To get around this, you can refer to the documentation for your anti-virus software on how to exclude Xojo from scans. To fix these issues for yourself and future Xojo users, we ask that you report these occurrences to your anti-virus software makers.
If you are on Windows, you may also be interested in Avoiding False-Positive Virus Detection in Windows Apps
We’ve occasionally heard from Xojo users that their anti-virus software gives them a warning about Xojo. All of these have been false positives and we ask that you report these to your virus software makers if it happens to you.
If you do any work with private/public key cryptography, the addition of the Crypto library last year made it finally possible to create and verify digital signatures as well as encrypt and decrypt data. Using keys with other systems requires a little more work to convert them to and from the PEM format.
Comments closedThis week we have seen another example of why you can’t be too paranoid about Internet security.
Code Spaces, a company that specializes in svn hosting (hosting your source code so your team can access it) announced that their servers were hacked big time. Apparently, the perpetrator began with a Denial of Service Attack then gained access to Code Spaces’ Amazon EC2 account. He or she then contacted Code Spaces via email in an attempt to extort a large fee to stop the attack. When the folks at Code Spaces attempted to take back control of their Amazon EC2 account, the hacker deleted all of their data including backups and off-site backups. Unable to recover, Code Spaces has made the decision to shutdown completely. The cost of the attack is just too great to continue.
Comments closedAs you may be aware, the “Heartbleed” bug in OpenSSL has made the rounds across the internet. As soon as it was disclosed this week we began an investigation to see where we were impacted. Xojo.com services were updated and our SSL certificate was quickly reissued. Xojo Cloud servers were also rapidly updated. This does mean that (like many sites) we were potentially vulnerable for a time until the patch was released.
Comments closedThis week, a major vulnerability, referred to as “Heartbleed” was discovered in OpenSSL. Bruce Schneier, who blogs about Internet security, called it, “catastrophic” and “on the scale of 1 to 10, this is an 11.” Heartbleed has left just about anyone with a server scrambling to find out if their version of OpenSSL is affected or not and then taking measures to update OpenSSL and make sure everything is working again.
Comments closedXojo Cloud is now available with plans starting at just $49 per month for a fully managed and secure cloud server for running your Xojo web apps. What does this mean for your web apps?
Comments closedXojo 2013 Release 4.1 added a variety of RSA encryption functions for handling public/private key encryption. Here’s how you use them.
Comments closed