12:53 AM - Security enhancements, Export Blogs as PDF and RTF
I just released some new features.
Security
The security enhancements have to deal with Private Journals. If you set your journal private, it is no longer listed in the member list. Profiles are now blank for members with private blogs. You could in theory validate there is a user but you would not know any personal information beyond their username. I also disabled links for the RSS feeds if you login to a private journal. Those features only work for public journals. Who would want to consume a public rss feed of private data? There are a few areas where security could be improved. I suggest anyone using the private journal feature also post each entry with private security. In the event there is a bug with private journal somewhere, private security should block public display of the data. private security is tested much more vigoriously. These changes are a result of the number of recent signups using the private feature. I'm hoping to make more improvements later. If you notice any problems with your private blog, let me know so I can create a test blog and see if i can reproduce it.
PDF and RTF
While this is a work in progress, I've added links to the PDF and RTF versions to each blog. Currently, it only displays the last 15 public journal entries. This will be changed to include ALL blog entries for users logged in and on their own blog, and ALL PUBLIC entries for everyone else. I probably won't implement friends security on this one as it would be time consuming. The reasoning behind this feature is so that users can get a snapshot of their blog at any time. If the site were to close tomorrow, someone could still have a copy of all their journal entries. Google also does good PDF indexing so if someone has search engine searching on, it will make it more likely to come up down the road. I look at this as an extra backup feature. The original just journal specification used XML for all blog entries, and I planned to use Apache FOP to translate into PDF at the time. After the XML plans fell apart due to some issues with the XSLT libraries available at the time, I just gave up on the whole idea. I'm using a library called iText which is under MPL and LGPL. It works very well so far. The work in progress relates mostly to formatting. I'm still working out the formatting I want to use for the documents. Expect the format to change a few times. I also must add a new method to the database code for entries to gather all entries and not just a subset. If there is demand, I will also try to provide a "backup" format in XML. Remember, if you have a lot of entries, it may time out generating the PDF. Eventually I'll add a progress feature with a refresh (hopefully). I also noticed a few problems with IE 7 in initial testing. I think I've got this resolved.
For people interested in the technical details, most of the new code is in the horrid users servlet. (com.justjournal.Users)
Other Changes
Other changes to JJ include modifications to the base servlet to set a buffer and to include the content length. That should improve HTTP standards compliance and also fix some minor bugs with IE. I'm also testing changes to the avatar fetch and photo fetch code which may fix problems I've noticed with safari. Images are corrupted in the cache and sometimes fail to download in safari. I notice this more often with avatars.
Security
The security enhancements have to deal with Private Journals. If you set your journal private, it is no longer listed in the member list. Profiles are now blank for members with private blogs. You could in theory validate there is a user but you would not know any personal information beyond their username. I also disabled links for the RSS feeds if you login to a private journal. Those features only work for public journals. Who would want to consume a public rss feed of private data? There are a few areas where security could be improved. I suggest anyone using the private journal feature also post each entry with private security. In the event there is a bug with private journal somewhere, private security should block public display of the data. private security is tested much more vigoriously. These changes are a result of the number of recent signups using the private feature. I'm hoping to make more improvements later. If you notice any problems with your private blog, let me know so I can create a test blog and see if i can reproduce it.
PDF and RTF
While this is a work in progress, I've added links to the PDF and RTF versions to each blog. Currently, it only displays the last 15 public journal entries. This will be changed to include ALL blog entries for users logged in and on their own blog, and ALL PUBLIC entries for everyone else. I probably won't implement friends security on this one as it would be time consuming. The reasoning behind this feature is so that users can get a snapshot of their blog at any time. If the site were to close tomorrow, someone could still have a copy of all their journal entries. Google also does good PDF indexing so if someone has search engine searching on, it will make it more likely to come up down the road. I look at this as an extra backup feature. The original just journal specification used XML for all blog entries, and I planned to use Apache FOP to translate into PDF at the time. After the XML plans fell apart due to some issues with the XSLT libraries available at the time, I just gave up on the whole idea. I'm using a library called iText which is under MPL and LGPL. It works very well so far. The work in progress relates mostly to formatting. I'm still working out the formatting I want to use for the documents. Expect the format to change a few times. I also must add a new method to the database code for entries to gather all entries and not just a subset. If there is demand, I will also try to provide a "backup" format in XML. Remember, if you have a lot of entries, it may time out generating the PDF. Eventually I'll add a progress feature with a refresh (hopefully). I also noticed a few problems with IE 7 in initial testing. I think I've got this resolved.
For people interested in the technical details, most of the new code is in the horrid users servlet. (com.justjournal.Users)
Other Changes
Other changes to JJ include modifications to the base servlet to set a buffer and to include the content length. That should improve HTTP standards compliance and also fix some minor bugs with IE. I'm also testing changes to the avatar fetch and photo fetch code which may fix problems I've noticed with safari. Images are corrupted in the cache and sometimes fail to download in safari. I notice this more often with avatars.