![[RSS]](http://tweakimg.net/g/if/v2/icons/rss_small.png){kind=icon}
Anything that is direct or indirect related to my job as a senior developer for Tweakers.net
CSRF protection with 'self-validating' tokens
Cross-site Request Forgery is a very common social exploit method to make people unknowingly do things on their own behalf on a targeted website. It's the number four on the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors list.
The main reason this problem exists in most websites is the fact that they don't check the origin of an incoming request that results in an action on that website. There are several ways a website can protect itself against these sort of attacks and I'm going to explain the way we, at Tweakers.net, have implemented our own protection method.
Read more »
The main reason this problem exists in most websites is the fact that they don't check the origin of an incoming request that results in an action on that website. There are several ways a website can protect itself against these sort of attacks and I'm going to explain the way we, at Tweakers.net, have implemented our own protection method.
Read more »
Die IE6, die!
The Dutch nowadays are a conservative kind of people; they don't like to stick out their necks when it comes to radical changes. They much rather prefer to keep everything as it was. But when a greater power tells them to jump, the Dutch will gladly ask "how high?"
Read more »
Read more »
Clientside performance no priority for Dutch websites
As a senior developer at Tweakers.net and being specialized in frontend development I always take clientside performance very seriously. Even if your backend code is optimized to the bone, a slow rendering frontend can still spoil the whole experience for your visitors, and a bad first impression will make your visitors go elsewhere. A couple of recent articles on some other Dutch ICT-centered newssites made me wonder if they are taking clientside performance just as seriously.
Read more »
Read more »
Spam @ tweakblogs 
De Tweakblogs lijken de laatste tijd steeds meer in het vizier te liggen van spammers. Van de week heb ik al meer dan 300 spamreacties op (veelal oudere) blogposts getrashed, en vandaag heb ik alweer 60 anonieme spamreacties kunnen trashen. Tijd voor actie dus!
Lees verder »
Lees verder »
Inline validatie met een Ajax sausje
Onlangs las ik een interessant artikel op A List Apart over de gebruiks(on)vriendelijkheid van formulieren op webpagina's, en hoe de gebruikerservaring verbeterd kan worden door inline validatie toe te passen. Zelf liep ik al langer met een dergelijk idee rond en ik had daarbij al een specifiek formulier op Tweakers.net op het oog; namelijk ons registratieformulier. Naar aanleiding van het artikel op ALA heb ik besloten om dit eindelijk eens te realiseren 
Lees verder »
Lees verder »
