Search This Blog

27 February 2018

Page security


Some time ago I noticed a problem with the security on some of the pages of a bank.
If we visit this address https://www.<blurred :)>.bg/bg/debitni-karti/page/10 , we see the result on image1 - green padlock and green text in the address bar of the browser, which informs us that the communication with this page is secured with an Extended Validation SSL certificate.

(image1)

If we continue browsing to the site and go to the pages for card products,  for example: https://www.<blurred :)>.bg/bg/page/3301#nasheto-predlojenie , we no longer see the green padlock and green text, but a gray padlock with a yellow triangle and exclamation mark. If we click on it we click on it it says that the connection to the page is not secure and the reason is that some of the content is not served over https - image2, image3, image4
(image2)

(image3)

 
 (image4)

If we look at the source code of the page we see that three of the images on that page are with URLs over http protocol. If we try to access these images we see that they are not available and that the server redirects us to their new location which is over https protocol. So the browser is making an unnecessary request over http just to get a response code 302 and a "Location" header with the new address of the image.
So the images have been removed from http and they are only accessible by https, but they have just forgotten to update some of the pages "src" attributes, and the browser is making an unnecessary http request.
(image5)


Needles to say I have informed the bank of their insecure pages and they have immediately solved the issue, of-course not missing to send a "Thanks" my way, which is always nice to hear.

I remember pointing out a problem with the e-commerce pages of a PC parts store, which prevented them from being loaded - the user had to manually reload the page if it was opened as a new tab. They fixed it after a week or so, but didn't even bother to say "Thank you". 

But here we see www.<blurred :)>.bg having a lightning fast reaction and this is what is expected when it comes to core business :)

17 February 2018

A * (A Star pathfinding)

    The repository contains a Java Eclipse project and Xcode iOS application project.
With the iOS application we can set the size of the maze and create it by touching on the squares to turn them from an empty walk able space into a wall square. We can set the start and end location and we can swipe on the map to scroll it in all directions if it can't fit on the screen, and we can pinch to zoom in and out in order to make the whole board visible or to make it easier to click on the board. Initially the size of the board is the number of squares that fit in the view size. We can set the number of squares we want the board to be in the "Width" and "Height" input fields and press on the "Create" button and we will get a new board with the desired number of squares.
    The Java implementation doesn't have a UI. We give it the maze in the ConstantsA class and we get the result in the console.


The start and end location are the squares with green color, the red colored squares are the walls and the yellow colored squares is the path.


Repository of the project at GitHub: