Entries for month: “June 2010”
Mango Blog Setup Folder Security
Over the last few days I have found an alarming number of 404 errors in my coldfusion server logs. They all had one thing in common. A missing setup.cfm page. Naturally we don't want 404 error's right? In this case it's a good thing.
It is my belief that someone, or some group of people are testing the security of Mango Blog by looking for the setup directory that comes with Mango blog when you first download and setup your blog. The installation instructions state that once your blog is setup correctly, you should remove the setup folder from the admin, to prevent no-gooders from doing anything malicious to your site.
I went to the mangoblog.org site and took a look at a long list of people in the "Who uses Mango" section of the site and most everyone still had the setup directory intact. I was actually really surprised to see the carelessness of so many people. Especially by a few people that SHOULD know better than that.
What's worse is that I was able to add a new table to one unlucky site by guessing the username, password, and datasource! And it wasn't very hard! How lazy are we people!? Do we have to get hacked before we wise up? This is just plain ridiculous! I am not even a security person and was able to compromise one system in just a few minutes. Imagine what a security expert could do with all their tools and knowledge
Mango Blog owners. Remember you need to delete the setup folder after installation has been verified. It's obvious to me that people are checking for the existence of the setup.cfm so we best be on our toes.
My Solution
Here is what I am proposing as a solution. I am interested in your feedback.
The idea I had was to have the admin overview page check for the existence of the folder and if it finds the setup folder intact it could warn you that leaving the setup folder on the server is a security risk. It should then offer the admin user a chance to delete the folder. I think this is a better method as it provides the blog administrator a good chance to verify that things are working before deleting the folder. It also gives continual reminder to those that forget to delete the folder on their own.
Here is a sample design that I had. Maybe there is a better way to do things. I just thought I would get the ball rolling and see what can be done.
A plugin could easily be built for this, but I honestly feel it should be apart of the core install and not a plugin provided by an end user. That would pretty much defeat the purpose really.
→ Respond NowTags: Mango Blog · Opinions & Rants
Redesigning the Desktop Calendar
Most people use a calendar of one form or another in their day to day lives. With so many people using calendars I am really surprised that nobody has gotten annoyed by their functionality to the point where they felt that they needed to rewrite the way calendars work. Maybe I am alone on this idea but stay with me.
It seems to me that the computer calendar was simply a copy of the old paper calendar. The ones that hang on the wall in your cubical with the last month still in view because you never look at the thing except when you finally remember to flip the thing to the next month. Yeah that one.
It seems to me that when designing the desktop calendar programmers took the tried and true route. They built the calendar to look just like our old trusty friend the paper calendar. Granted they gave us more views like week view, day view, and even year view. But I think their needs to be one more view. "Rolling Month View"
Rolling Month View is for people who like the birds eye view of the month, but also want to see the next three or four weeks in addition to the current week. The problem with the traditional calendar system is that if I am at the end of the current month I have to click over to the next calendar month to see what's going on in two weeks. flipping back and forth counting days, trying not to count those extra days that are dimmed out but added in there to complete the boxes in the grid.
I just want to see what's happening in the next week or two. I never care about what happened last week unless the police are asking me "Where were you on the night of…" Anyway, you get the point.
Below is a screen shot of my calendar for the month of May. Assuming today was the 25th of May, it is nearing the end of the month. Granted I can see a few days ahead, but what if I want to see what's happening the week after? I have to toggle to the next month. Meanwhile the calendar is happy to show me what I did 4 weeks ago. What a waste of space! And totally useless in my opinion.
Rolling Month View might be the solution. It continues to roll the calendar forward a week at a time so you always have the next two or three weeks ahead of you displayed in the familiar monthly grid view.
Here is a very rough screenshot for conceptual purposes. There is probably a nicer way to do the rolling calendar, but this took me all of 1 minute to put together. The point is, it makes sense even if the presentation needs some work.
If your a developer for Apple, or know a developer for Apple, can you please get this worked into the next version of iCal? I will love you long time.
→ Respond NowTags: Design · Opinions & Rants · Software · usability
