It's the most wonderful time of the year, and it's the most wonderful content on DevCentral. Our DevCentral authors never disappoint, and this edition of the Top 5 is sure to please again. Sit back, grab another shot of egg nog, and enjoy the great articles that consistently grace the pages of this community.
Madhu Rajagopal serves up a festive holiday treat with this little LineRate beauty. He points out that many web servers and applications set response headers that reveal software versions and technology type. For example, a server response header might include information like "Apache/2.4.7 (Ubuntu)". This gives would-be attackers a great starting point to begin their nefarious behavior against your web application...they know exactly what software and version you are running, so they can pinpoint vulnerabilities to exploit. Using a few lines of LineRate code, you can remove the "Server" field and "X-Powered-By" field so as to not disclose sensitive and unnecessary information. Thanks for keeping us safe, Madhu!
That is the question. And Jason Rahm gives us the answer. We've all been taught to document our code, but some have claimed that adding comments are a veiled admission of a programmers lack of ability of expression. "How can I improve this code so that this comment isn't needed?" said Steve McConnell. Be that as it may, many programmers understand the need to add comments to their code. Jason does a great job of explaining the various syntactical approaches for commenting iRules, and he even points out best practices that will prove useful as you enjoy the Tcl experience. Feel free to #comment on his article and add tell Jason what you think about code documentation.
Gary Newe hits a home run with this very relevant and timely article. When you think about web applications and security, online banking always makes the list. For good reason, banks and other financial institutions put a great deal of emphasis on security, but if the user experience becomes too slow and cumbersome, customers might be inclined to take their business (and money) elsewhere. Certainly, you want to find a good balance between usability and security. Gary reminds us that it's best to forget the end device and concentrate on protecting the data that flows across the network. An additional, transparent layer of protection away from the device increases security for the business without impacting the usability of the application.