Introducing Boink: the “good enough” security challenge


I've been using Tumblr for a while. I like the simplicity of the platform, the ability to aggregate out posts to social network sites & the fact that I can easily download all the content out via the API. The problem is it doesn't have a lot of security or access control features.

Now, I don't want a full blown username/password type of a security. I only wanted for people to prove that they ‘kinda’ know me in real life by asking a private question like what is my daughter's name. A good enough security measure.

Introducing Boink

Boink is A simple javascript framework that does just that. It's still at its early stage. Would love to see it used more on other sites, forked, or just to get your feedback if you like/hate it!

See it in action on my personal photo blog: Kucing Nyasar

What it doesn't do

  1. it doesn't stop hackers (or html/js savvy people) from getting in. It's just a ‘good enough’ security measure.
  2. it doesn't protect the information of the webpage securely.
  3. (right now) it doesn't even protect the secret answer securely. On the next release, instead of storing the secret answer as plain text, it will require the admin to specify an md5 hash of the secret answer instead. Feel free to help out implementing this.

How to get it

Head over to Boink's repository at GitHub for a sample page that has Boink applied to it. I'm working on a simple web app that host the core javascript & generates the required tag to be copy pasted to any webpages.

You can also find the road map.