Random notes

'A man provided with paper, pencil, and rubber, and subject to strict discipline, is in effect a universal machine.' (Alan Turing)

wwwhisper add-on for Node.js

The wwwhisper Heroku add-on is now available for Node.js. As with the Ruby Rails/Rack version, setup is just a matter of three lines that enable wwwhisper auth middleware.

One of the goals of wwwhisper is to decouple authentication and authorization logic from the application business logic. Such approach allows to easily enable auth without changing business logic at all, but it has also security benefits. The Open Web Application Security Project summarizes it nicely:

‘A common mistake is to perform an authorization check by cutting and pasting an authorization code snippet into every page containing sensitive information. Worse yet would be re-writing this code for every page. Well written applications centralize access control routines, so if any bugs are found, they can be fixed once and the results apply throughout the application immediately.’