Sonntag, 28. November 2010

Sessionmanagement in X-Header

Hi,

I recently stumbled upon a solution for session management where I'm searching hard to find the weak points but I failed so far.

There is this web 2.0 application which neither uses cookie nor it transports the session ID within the URL. The devs decided to transport the session ID within an X-Header HTTP field which they send over on each (XHR) request. This seems smart from a range of perspectives:
  1. They do not have to care about CSRF Protection, because no session identifier is sent without explicit intend.
  2. They do not have to care about cached or otherwise leaked session ids, since the ID is held in RAM only and the user doesn't see (and thus cannot share it accidentally) it.
  3. They fully control the transport of the session ID (they do not need a "secure" flag for their cookie as the ID is only send to desired hosts with desired transport protocol).
  4. The session invalidates as soon as the user changes to another site.
  5. No crossdomain.xml hassle: As far I know a flash movie cannot access in-memory variables of a JavaScript instances.
So, these are the advantages, but hey: if there is light, there must be shadow :).
Here are the drawbacks I identified so far:
  1. The X-Header isn't clearly specified in RFC2616 - only in RFC2045ff
    I'm not sure how this affects this approach - Are there any Proxies etc out there which are stripping X-Headers?
  2. No "HTTP only" flag, but hey it's a web 2.0 application. Even if a cookie is set this can't be done for such an application
I'm not happy with such less drawbacks :). Is this solution of a web2.0 session management so simple and smart that there are no big drawbacks? What I'm missing here?

comments appreciated...

wlet

Mittwoch, 17. November 2010

DVD to iPad - free and easy

Hey there,

I won an iPad at a conference booth and use it mainly for watching movies on my train ride to work in the morning and in the evening. Besides stuff I record myself on my VDR, I recently got some DVDs from a collegue to watch. Now I had the problem that I have to reencode that movies to h264 and had no clue about how to do it in a smart (and in a cheap, preferably non-cost) way.

I've made some good experiences with handbrake. But this is not enough to reencode CSS protected DVDs. To mount the DVDs in a way that Handbrake can read them you need fairmount.

The next steps are pretty simple:

  1. start fairmount
  2. put in your DVD - you should see something like this:
    Don't pay attention to the wrong size which maybe is displayed in the column "Data Read"
  3. Start Handbrake and choose the "VIDEO_TS" folder on the now mounted DVD.
  4. To encode it for the iPad the preset "AppleTV" fits perfectly. You can choose it by clicking "Toggle Presets" on the icon bar.
  5. You may want to change some values for the desired audio tracks etc. You can do that in the "Audio" Tab.

  6. You do not have to make any changes to the video settings.
If you start the recode process you'll get a h.264 encoded file with the main title and the chapters set as on the DVD. Just copy it to you iPad and watch it with the preinstalled "Video"-App.

Done!

cheers,

wlet