Technical Note TN2232: HTTPS Server Trust Evaluation

If this trust evaluation fails, the client refuses to connect. This can happen for a variety of reasons, some benign—the server might be using a self-signed certificate, an intermediate certificate is missing, and so on—and some malicious—the server is an impostor, looking to steal the user’s data. This document describes the reasons why server trust … [Read more…]

OAuth2 for iPhone and iPad applications

A client requests access to a provider’s service using its own unique client ID and secret token. The user logs into the service directly (using a web page on the provider’s server) and grants the client permission to access. The provider redirects the user to a URL unique to the client passing along a verification … [Read more…]

Flow Chart 和 UI Flow

上圖只是簡單的流程示範,不過是隨口多一句「喂、幫我加個驗證碼功能」,Flow Chart 就會突然肥一截。真正的會員登入驗證還有更多花樣以及安全性考量,比如登入錯誤 3 次就多提示一句「忘記密碼」等等,更狠的直接鎖帳號請使用者找客服申訴。Flow Chart 和 UI Flow 相輔相成,甚至是先有 Flow Chart 才有 UI Flow 。在沒有 Flow Chart 、不知道要處理多少判斷時就產出 UI Flow,規劃不周掉頁面漏功能的機率非常非常高。 Source: Flow Chart 和 UI Flow « 嫁給RD的 UI Designer