Security – Page 3 – Xojo Programming Blog

The Ultimate Password Solution

Published May 4, 2017 by Geoff Perlman

World Password Day brings attention to some simple steps everyone can take to secure their digital life: 1. Create Strong Passwords, 2. Use a different password for each account, and 3. Get a password manager, no, not a post-it note in your desk drawer!

The best password is one that is diffcult to guess. But difficult to guess takes on a new meaning when hackers use computers to do the guessing. Hence, the best password becomes one that would take a computer so long to guess that it’s not practical to do so. That means a long series of random characters and the longer and more random, the better, and a different password for every site you use.

Comments closed

There’s No Excuse For Storing Passwords

There’s No Excuse For Storing Passwords

Published May 4, 2017 by Geoff Perlman

A few years ago it was reported that Russian hackers had stolen 1.2 billion usernames and passwords from a variety of websites. This was only possible because those websites were storing the actual password. Because it’s World Password Day and because this is web security 101, let’s discuss why there’s really no excuse for a website to store your password – ever.

Comments closed

App Transport Security for iOS

Published July 27, 2016 by Paul Lefebvre

Last year with iOS 9, Apple announced a new security requirement for your iOS and OS X apps: App Transport Security. From Apple’s docs: Starting in…

1 Comment

If Smartphone Encryption Is A Red Herring, How Do We Track The Bad Guys?

Published February 4, 2016 by Geoff Perlman

In the blog post Smartphone Encryption is a Red Herring, I pointed out the folly of requiring an encryption back door for the Good Guys to use. So the question arises- “What can be done? If we don’t want a global encryption back door that can be used by anyone, can we still track the Bad Guys?”

The answer is yes. There are plenty of options that don’t require a global back door. I’m not passing judgment on whether these are inherently good or bad options, just that they are available when there is a reason to track a Bad Guy.

Comments closed

Smartphone Encryption is a Red Herring

Published January 27, 2016 by Geoff Perlman

As the Founder and CEO of a software company that makes a development tool for mobile platforms, as well as for desktop and web, I have a lot of experience with encryption. The current controversy over encryption is really important to me. During World War II, the Germans created a way of sending encrypted messages to commanders in the field. The device came to be known as an Engima machine. It looked like a typewriter but had an encryption key that changed a message into unreadable noise. That message could only be decoded if you knew the key used to encrypt it. The Allies worked very hard to get their hands on one of these devices so they could learn how it works and be able to decrypt the messages and know what the German military plans. Ultimately the Allies figured it out and it helped them win the war. If this has peaked your curiosity, check out the movie U-571 (a fictional account of the effort to obtain an Enigma machine) and The Imitation Game about the team that figured out the encryption key.

Comments closed

Why Xojo Cloud? Because Updating A Linux Server Is Complicated On Any Planet

Published October 14, 2015 by Alyssa Foley

I was up hours later than I should have been last night reading The Martian when, after discussing in detail how to hack some really old software in some really old equipment located about 54.6 million kilometers away, I read this line: “âJesus, what a complicated process,â Venkat said. âTry updating a Linux server sometime,â Jack said.”

And my first thought was, “Oh!, that’s why we offer Xojo Cloud!”

Comments closed

Tips: Dealing with the Problem of Passwords

Published October 9, 2015 by Paul Lefebvre

Passwords are a problem, as we frequently see in the news when databases containing password and login information are hacked and exposed.

Though too much security is never enough, as developers, there are things we can do to keep our users’ passwords secure.

Comments closed

Web App Security- It’s For More Than Just Your App

Published June 29, 2015 by Xojo

Web apps built with the traditional tools (HTML, JavaScript, CSS, etc.) are nothing more than a series of text files and thus not very secure. Once a hacker gets into a server, they can steal your code or modify it. One big advantage web apps built with Xojo have is that Xojo compiles your app to machine code so there’s no code on your server to steal. Additionally, the overwhelming majority of hackers have no experience with machine code, so modifying your app to do something nefarious can be extraordinarily difficult.

Comments closed

Your Anti-Virus Software and Xojo

Published June 11, 2015 by Jason Parsley

UPDATE 12/2024

Though increasingly rare, we do still hear from Xojo users who get false positives from their anti-virus software when downloading Xojo or running Xojo applications. We’ve even heard of this occurring when users are debugging apps from the IDE. To get around this, you can refer to the documentation for your anti-virus software on how to exclude Xojo from scans. To fix these issues for yourself and future Xojo users, we ask that you report these occurrences to your anti-virus software makers.

If you are on Windows, you may also be interested in Avoiding False-Positive Virus Detection in Windows Apps

We’ve occasionally heard from Xojo users that their anti-virus software gives them a warning about Xojo. All of these have been false positives and we ask that you report these to your virus software makers if it happens to you.

Comments closed

Category: Security

UPDATE 12/2024