Defiant: A Proposal For Tool Unification.

Defiant is a Node.js module that I am writing to answer the problems that I will address in this post. First of all I must address the question: "Why the name 'Defiant'?" In order to do so, I must first make sure that you understand the mindset of current development (mainly addressed at the Node.js ecosystem, although it is not limited to such).

The Motivation For Tool Development

We should probably begin with the Unix tool philosophy. For the uninitiated, the philosophy states that programs should be small, accomplish a single task, and have a well-defined input/output mechanism. As many command-line warriors will tell you, knowing how the individual tools work saves them time and allows quick, powerful, bug-free productivity without having to reinvent the wheel for every task. It is one of the philosophies that has propelled Linux to be the powerhouse of development that it is today.

What's Missing In Form Security

One day, a professor came to me with an interesting question: "Corey, my server is getting hacked! Can you figure out how?" "Can you tell me what exactly is happening?" "Yes," he replied. "Somehow, people are uploading files to my server, and trying to hack me." And with that, I delved into the world of form handling (a solved problem, I had assumed), and was appalled at what I found.

This professor was neither unintelligent nor shoddy in programming skills. What he was not, however, was an expert in web security, and therein lies the problem that this post is about. It's not about SQL injection. It's not about using the newest tools or the most recent library. It's about understanding how form submissions can be your Achilles' heel. The professor was qualified in his programming ability, but he was not a web security expert, and you are probably not an expert, either. He was doing everything right, according to the docs and numerous tutorials on how to work with his particular framework, but the information was wrong. The scariest thing is that it's very likely that the framework that you are using is getting it wrong, too.

The Git Logo
Image from git-scm.com.

I have had the opportunity to explain Git and the basics of its operation on more than one occasion. It's something that I enjoy doing, especially because I believe it is an indispensable skill for collaboration in industry and academia. I have always distributed a small "cheat sheet" with the most-used commands, and I am posting it here (for no reason other than I can find it quickly in the future). I will include the text in this post, but I will also provide the .txt file that I use. (Yes, I wrote it in a txt file. I like the way it looks, and when I print it out using Notepad++, the wrapped text is indented nicely.