I am developing an "additional factor" for a login system. So the user needs their username/password, regular 2 factor text/app generated passcode etc. and then a location based factor that I am working on. The idea behind it is that it isn't a full blown factor (or a replacement for regular 2factor), it is just meant to be provide a small amount of extra security on top of other measures.
Anyway, my problem is that I feel like the extra security my app provides could be broken down to the same level of security that was present before.
For example, here is kind of how I am visualizing it:
Third Party Service:
- You need your password
- Then you need your generated code
- Then you need to be authenticated by my app by being in the right location
My Apps Login:
- You need your password
- Then you need your generated code
The third party service is secured by the extra factor but my own apps login system isn't, so essentially the weakest point is my app where if they can break in they can disable my extra factor for the other app (essentially returning it to the same security level before my factor). Of course the user could have a different password + generated code on my app which would help somewhat.
Any thoughts? Please let me know if you have any questions
I like to modify / patch open source code. I used to patch binary code by inserting calls to patch, but that was eons ago. Could I get some advise on how to learn patching in higher level language - C++ preferred. I hope it can be done without major recompile of the source code, likes using "service packs" or configuration files? Thanks four your time Vaclav
I hope it can be done without major recompile of the source code
Most unlikely unless the code has been designed with that in mind. The best you could do is to replace certain object modules, but even that is fraught with problems. And since open source is, by definition, source code, what purpose would be served by trying to patch in some other way?
Scrum is a form of Agile. Agile means just that, it's a methodology designed to allow developers and teams to react quickly to changes by the customer. Scrum is an Agile methodology that has some of its own specifics.
I would recommend googling it and then if you still have questions, come back here and ask something more specific because it's hard to give a detailed answer here.
There are only 10 types of people in the world, those who understand binary and those who don't.
I have a Oracle DB in which all the information is stored and this information is been consumed by different teams and below is the two options i have to decide on :
1. Write a Stored procedure and give the stored procedure to the respective teams and they can call the stored procedure.
2. Write a stored procedure wrap it as an API and expose the API, different team will call the API exposed and API will in turn hit the SP and return the response to the team.
Like to know what is the PRON and CRONS with these options and what is the best possible solution to go with.
That ultimately depends on the stored proc but for the vast majority of cases you expose it in the same way everything else has been exposed.
So if the "teams" are accessing the rest of the database via wrapped SQL then they the will to the proc the same way.
If there is an existing "API" (like a Rest container) then it should be added to that.
That is the "best" way because it doesn't require the users to learn a new idiom for access. And if there is not existing API server then getting that up an running would require quite a bit of work both in implementation, installation and usage.
This question started in 'The Lounge', and I continue Here.
The Problem is Simpler than de Lorry Loading Problem.
I have to print a Number of Orders on an A4 Page, in Fixed Pitch Font. Each order has a Variable Numbers of Lines,
I want to minimise the Nr of Print Pages.
Apart from Neural Networks, is there a simpler way of optimizing this.
I'm in the early development (and design) phase of my first big project. Part of this project is planned to utilize the Google Maps API in at least some capacity to at the very least map out business locations. Their API also allows us to pull business "white page" info from Google Places as well which I could use and frankly, had been considering doing.
My question is, when a professional developer is designing and developing a web app, are there any general guidelines when it comes to using APIs and their provided data? What I mean by this is, obviously, when my application uses an API, it has now created a dependency on the organization whose API it uses (in this case Google). Therefore, if, for some reason, Google went down (not likely) or changed their service/model (possible),got hacked/whatever else, my application could break.
On the other hand, if I make less API calls and store more data in my database, that will be more costly on my hardware to be storing redundant data that Google already has out there. Also, chances are, Google is going to have a lot more data that my application will and probably be updated more frequently.
Another consideration is the API costs... I'm not sure whether it would be cheaper to just store business data myself or constantly be sending thousands of requests to Google's servers and having to pay them.
This question is a more general architectural/design question, however I used the Google example to better explain what topics I'm trying to ask about here.
My gut feeling, without any formal education in this area, would be to have my application and database depend on external services/APIs as little as possible for data integrity reasons. However, as I said, I am really taking a shot in the dark here. Even if you don't have a concrete answer for me, could you point me to any references or books that would address my questions? Thank you.
Therefore, if, for some reason, Google went down (not likely) or changed their service/model (possible),got hacked/whatever else, my application could break.
Err...speaking from actual experience google can refuse to service a request. And of course there can be other communication failures as well. So your calls to google must provide a way to track problems. I suggest logging.
Any time you make a call from one box to another, even if your own box, you need to
1. Expect errors
2. Track errors and as much information as provided about the error.
3. Provide enough information about what you were doing so you can start to determine why it failed.
Also it can also help to log even successes. The fact that the call returned with something that looks like a success doesn't actually mean it is. And such logs can help to determine that the call was made in the first place (no point in blaming google if the call never went to google.)
and store more data in my database, that will be more costly on my hardware to be storing redundant data
Because it will represent terabytes of data? Have you sized your business needs?
Not saying you should do that by the way but when making decisions about performance issues one must have a starting point that is reasonable and realistic based on business (not development) needs.
or constantly be sending thousands of requests to Google's servers and having to pay them.
If one user request generates thousands of calls to google then your are going to have a performance problem which is more important. So again sizing might be relevant.
Basically someone posted a comment with coding and it causes whoever opens the video link gets redirected to another website (spam) seconds after opening it.
I am unable to remove this comment because it redirects too quickly and I cannot cancel out the loading in any basic ways you think of.
I was able to quickly get a snapshot of the comment responsible for this issue: Http://imgur.com/a/OK0E1
Any ideas to remove this comment by canceling or killing the redirection script or code. I was hoping someone could look at the screenshot and tell me something about that code or script this spammer posted.
Yes, there are many people who are able to remove it. But unless you give us a link to the message there is not much we can do. And why did you report this under Design and Architecture, and not Spam and Abuse Watch Discussion Boards[^]?
There are much more dangerous things a malicious user can post. For example, they could steal your cookies, and impersonate you on the site. Or they could download malware onto your users' computers, which would appear to come from your site.
Once you've fixed the vulnerability, you will be able to open the page without the script from that comment executing.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer