Thread Rules
1. This is not a "do my homework for me" thread. If you have specific questions, ask, but don't post an assignment or homework problem and expect an exact solution.
2. No recruiting for your cockamamie projects (you won't replace facebook with 3 dudes you found on the internet and $20)
3. If you can't articulate why a language is bad, don't start slinging shit about it. Just remember that nothing is worse than making CSS IE6 compatible.
4. Use [code] tags to format code blocks.

kalitoma40

Italy1 Post

November 05 2019 21:20 GMT

#20221

Bot edit.

User was banned for this post.

WarSame

Canada1950 Posts

November 07 2019 17:35 GMT

#20222

When designing an API where you have child objects, how do you send your responses?

Say I have a Debate, which has children Arguments.

I could pass back all Arguments in a list back with my Debate, but I could have a large number of Arguments.
I could pass back Argument IDs, then query each Argument separately.
I could pass nothing, then query for all arguments of my particular Debate

What is your preferred method?

Currently I'm trying 3, and using an endpoint like /api/d/<debate_id>/a/ to query it. Is there a potentially better URI format to use?

tofucake

Hyrule19210 Posts

November 07 2019 18:58 GMT

#20223

generally you want to be as verbose as possible, you don't want people to have to guess at what an endpoint is for, so

/api/debate/<debate_id>/argument/<argument_id>/<action>

What I'd do in this particular situation would be something like

GET /api/argument
    Headers: debate_id, date, time, for, against, etc, where each is a different property that an Argument can have
    Return: a filtered list with all arguments that match all filters, where passing no filters returns all arguments, and having debate_id be required

GET /api/argument/<argument_id>
    Headers: debate_id, date, time, for, against, etc, where each is a different property that an Argument can have
    Return: a filtered list with all arguments that match all filters, where passing no filters returns all arguments, and having debate_id be required, as well as having the specified argument_id

WarSame

Canada1950 Posts

November 08 2019 00:56 GMT

#20224

I think if you include the action you move from REST more towards RPC. Ideally I'd keep this all RESTful.

By headers are you referring to query params? I could do that but I'm not sure why I should prefer that vs. a fully qualified URI.

tofucake

Hyrule19210 Posts

November 08 2019 02:17 GMT

#20225

Headers are just cleaner, imo. You can do request params instead, if you'd prefer, I was just saying how I'd do it. Detaching the argument from the debate allows you to do stuff like "give me all arguments made by person X" instead of having to loop over all debates with person X, then getting all the arguments with person X.

WarSame

Canada1950 Posts

November 08 2019 04:07 GMT

#20226

Hmmmm, I see what you're getting at. Thanks! I'll consider that too. There's a lot to consider when building an API!

Silvanel

Poland4751 Posts

November 11 2019 11:03 GMT

#20227

What security concerns should i take into account before rolling out my webpage for limited use for my close friends on a private server?

Manit0u

Poland17743 Posts

November 12 2019 14:38 GMT

#20228

On November 11 2019 20:03 Silvanel wrote:
What security concerns should i take into account before rolling out my webpage for limited use for my close friends on a private server?

Standard XSS, SQL injection etc. For sure you want to encrypt passwords if you store them.

Manit0u

Poland17743 Posts

November 12 2019 14:38 GMT

#20229

ShoCkeyy

7815 Posts

November 12 2019 15:38 GMT

#20230

On November 08 2019 13:07 WarSame wrote:
Hmmmm, I see what you're getting at. Thanks! I'll consider that too. There's a lot to consider when building an API!

You should also take a look into GraphQL, for readability it’s far far superior than REST.

Excludos

Norway8255 Posts

November 12 2019 18:50 GMT

#20231

On November 12 2019 23:38 Manit0u wrote:

Show nested quote +

Standard XSS, SQL injection etc. For sure you want to encrypt passwords if you store them.

The one and only solution for any programmer that doesn't work in a large corporation with their own needs: Never ever store user credentials. There's just too many fall pits. Just use OAuth instead.

If you're at the point where you're unsure how you should store user details, and then go ahead and do it anyways, I can promise you will hack your website within the hour. What I can do from there just depends on how many mistakes you've done.

Manit0u

Poland17743 Posts

November 12 2019 21:01 GMT

#20232

On November 13 2019 03:50 Excludos wrote:

Show nested quote +

For simple stuff storing user creds is perfectly fine. Especially that most major frameworks have pretty good libraries to handle that (where they encrypt your passwords - default is bcrypt, don't show them in logs etc.), even for API development you have libraries to handle JWT and other authentication methods. There are also plenty of libraries for authorization, but that's another matter.

If he's new to that it'll be easier to use such things than setting up OAuth and integrating with third party authentication providers (where you add more traffic, need to set things up on the third party's side of things, have to think about stuff like how to revoke tokens, different authentication flows and the like, it's not beginner level endeavour).

Excludos

Norway8255 Posts

November 13 2019 07:45 GMT

#20233

On November 13 2019 06:01 Manit0u wrote:

Show nested quote +

Easier, yes, but vulnerable. If it's just for fun and you don't care about potentially being hacked, then by all means go ahead. We've all made sites like that. As long as you know it's vulnerable and have nothing to lose.

R1CH

Netherlands10342 Posts

November 13 2019 15:42 GMT

#20234

On November 12 2019 23:38 Manit0u wrote:

Show nested quote +

Standard XSS, SQL injection etc. For sure you want to encrypt passwords if you store them.

You should be hashing passwords using a modern algorithm like Argon2id, not encrypting them. Big difference.

JimmyJRaynor

Canada17486 Posts

November 17 2019 18:24 GMT

#20235

The Casualty Actuaries I work for are laughing at all the money wasted on dumb Data Science projects.

Manit0u

Poland17743 Posts

November 17 2019 20:13 GMT

#20236

Really fun watch. Made me chuckle really hard.

Manit0u

Poland17743 Posts

November 18 2019 10:41 GMT

#20237

This cracked me up:

https://twitter.com/chrisalbon/status/1196136359636815872?s=20

Deleted User 3420

24492 Posts

November 21 2019 22:06 GMT

#20238

I had an assignment in my security class. Part of it was to implement openssl in C and encrypt a message file. Then we also hash that file using SHA.

I missed both of those parts. Apparently an automated script was checking the hash and ciphertext, and it didn't catch stuff like whitespace or newlines or something. So I checked, and my hash was correct.

I informed the TAs of the error (which happened to lots of students). They then gave me the points back for the SHA portion.

But I didn't get any points for the encryption part. So my question is, if I encrypted the message and then hashed the ciphertext, and the SHA hash was correct, then doesn't that mean that the ciphertext must have also been done correctly?

Nesserev

Belgium2760 Posts

November 22 2019 09:48 GMT

#20239

--- Nuked ---

Deleted User 3420

24492 Posts

November 22 2019 16:21 GMT

#20240

On November 22 2019 18:48 Nesserev wrote:

Show nested quote +

Yes.