|
Thread Rules
1. This is not a "do my homework for me" thread. If you have specific questions, ask, but don't post an assignment or homework problem and expect an exact solution.
2. No recruiting for your cockamamie projects (you won't replace facebook with 3 dudes you found on the internet and $20)
3. If you can't articulate why a language is bad, don't start slinging shit about it. Just remember that nothing is worse than making CSS IE6 compatible.
4. Use [code] tags to format code blocks. |
On October 25 2017 16:30 Silvanel wrote:Yeah i found this also. I think i will try to run line by line and if that doesnt help try override sys.execpthook. Still there is number provided in that exit process message (its 0 for example if application finish without errors), so i wondered if anyone knows what 3 stands for in my example, thats probably some group of errors. Knowning that could probably help me a lot.
If I remember correctly, 3 is the return code from abort() on Windows. On Linux, you would get another value. In any case, that's just the program unwinding the exception and not finding any handler.
|
|
|
Exit codes are process dependent so you can't infer much from an exit status of 3. Error codes are different, eg if you CreateFile an invalid path you'll get error 3 (PATH_NOT_FOUND) in Win32, but this is a Win32 API specific thing.
|
On October 25 2017 13:59 Manit0u wrote:Show nested quote +On October 24 2017 08:52 LG)Sabbath wrote:After reading the intro, still not sure what that framework is like. The intro is basically a docker-compose + doctrine tutorial. It's pretty much Symfony in API-only mode 
Ah, I was hoping for something new. Every PHP framework seems to be based on Symfony lately. :/
|
|
|
On October 25 2017 20:12 LG)Sabbath wrote:Show nested quote +On October 25 2017 13:59 Manit0u wrote:On October 24 2017 08:52 LG)Sabbath wrote:After reading the intro, still not sure what that framework is like. The intro is basically a docker-compose + doctrine tutorial. It's pretty much Symfony in API-only mode Ah, I was hoping for something new. Every PHP framework seems to be based on Symfony lately. :/
That's because Symfony is pretty much the standard library for PHP nowadays. Everything is using it (even Zend).
|
In Java, particularly Android, is it a good idea to log on entering an exiting a method for current and future traceability?
|
On October 27 2017 08:00 WarSame wrote:
In Java, particularly Android, is it a good idea to log on entering an exiting a method for current and future traceability?
In every situation it depends on how much logs it will generate. Especially on mobile devices, where storage space is at a premium.
|
On October 27 2017 08:00 WarSame wrote:
In Java, particularly Android, is it a good idea to log on entering an exiting a method for current and future traceability?
In Java, it is better to leave it for later by using aspects.
|
If someone is still intrested in my problem it turned out that if run my app directly from windows console the python traceback is there. Only if i use some kind of IDE (tried PyCharm and IDLE but from what i heared it is also the case for Eclipse and others) the traceback is gone.
So right now i am developing in PyCharm and testing in console.
|
On October 27 2017 08:00 WarSame wrote:
In Java, particularly Android, is it a good idea to log on entering an exiting a method for current and future traceability?
No. Just write well-structured code with good tests. Assert your preconditions when it's not explicit, and throw instead of swallowing errors.
|
On October 27 2017 17:36 Silvanel wrote:
If someone is still intrested in my problem it turned out that if run my app directly from windows console the python traceback is there. Only if i use some kind of IDE (tried PyCharm and IDLE but from what i heared it is also the case for Eclipse and others) the traceback is gone.
So right now i am developing in PyCharm and testing in console.
You know of course that you can launch console inside PyCharm? 
I've always got my console open in jetbrains IDEs.
|
Do you guys think there's a more elegant way to write this stuff?
class PropertyValidator < ActiveModel::Validator
def validate(record)
attributes = record.property_attributes_info
attributes.each do |properties_attribute, definitions_attribute|
@properties = {}
@errors = []
next if skip_validation?(record[properties_attribute], record[definitions_attribute])
@properties = record[properties_attribute]
validate_properties(record[definitions_attribute])
next if @errors.empty?
record.errors.add(properties_attribute, @errors)
end
end
private
def skip_validation?(properties, definitions)
properties.blank? || definitions.blank?
end
def validate_properties(definitions)
@properties.each do |property_name, property_value|
validate_property(property_name, property_value, definitions[property_name])
end
end
def validate_property(property_name, property_value, definition)
return @errors << "#{property_name} has no definition" if definition.blank?
check_type(property_name, property_value, definition[:type_of_value])
check_allowed_values(property_name, property_value, definition[:options])
check_constraints(property_name, definition[:options])
end
def check_type(property_name, property_value, type)
return if type_valid?(property_value, type)
@errors << "#{property_name}: #{property_value} is not a #{type}"
end
def check_allowed_values(property_name, property_value, options)
return if options.blank? || options[:allowed_values].blank?
return if value_allowed?(property_value, options[:allowed_values])
@errors << "#{property_name}: #{property_value} is not allowed"
end
def check_constraints(property_name, options)
return if options.blank? || options[:constraints].blank?
return if constraints_met?(options[:constraints])
@errors << "#{property_name}: does not meet constraints"
end
def type_valid?(value, type)
case type
when 'string'
value.is_a?(String)
when 'integer'
value.is_a?(Integer)
when 'float'
value.is_a?(Float)
when 'boolean'
value.is_a?(Boolean)
else
raise "Unknown property type \"#{type}\""
end
end
def value_allowed?(value, allowed)
case allowed[:type]
when 'range'
(allowed[:min]..allowed[:max]).include?(value)
when 'array'
allowed[:values].include?(value)
else
raise "Unknown allowed values type \"#{allowed[:type]}\""
end
end
def constraints_met?(constraints)
case constraints[:kind]
when 'other_property_equals'
constraints[:property_values].include?(@properties[constraints[:property_name]])
when 'and'
all_constraints_pass?(constraints)
when 'or'
any_constraints_pass?(constraints)
else
@errors << "Unknown constraint kind \"#{constraints[:kind]}\""
end
end
def all_constraints_pass?(constraints)
constraints[:constraints].each do |constraint|
return false unless constraints_met?(constraint)
end
true
end
def any_constraints_pass?(constraints)
constraints[:constraints].each do |constraint|
return true if constraints_met?(constraint)
end
false
end
end
I know it doesn't have any docs for now, but it's basically a form of custom DSL that I'm figuring out as I go (will add comments in the code later on) but I'm so far gone in wrapping my head around it that I've lost all perspective.
Is this code understandable enough if you look at it from the outside?
Edit:
Context for this is that I need to parse JSON and then validate some fields in it based on preconditions. This way an external application can pass me constraints like (a && (b && (c || d))) and each one of them can have similar nested constraints so I have to parse them recursively.
|
For my login system I hash user's passwords and check it against a DB. Is it a bad idea to have a field in my User class that is my password hash in a byte array? Is that vulnerable to anything?
|
On October 28 2017 01:24 WarSame wrote:
For my login system I hash user's passwords and check it against a DB. Is it a bad idea to have a field in my User class that is my password hash in a byte array? Is that vulnerable to anything?
Yes. You need to add a salt to the data or the password can be found with a rainbow table. Also make sure you use a good hashing algorithm (NOT MD5 or SHA1 please).
|
My database is on the phone, so they can't use a rainbow table against it I think. I was thinking more of concerns surrounding passing the hashed value around.
Also, I'm using SHA-256, so I should be fine on that end.
|
On October 28 2017 02:05 WarSame wrote:
My database is on the phone, so they can't use a rainbow table against it I think. I was thinking more of concerns surrounding passing the hashed value around.
Also, I'm using SHA-256, so I should be fine on that end.
The database being on your phone doesn't protect you against a rainbow table. If you have a million users and you hash all the passwords then you're going to have a bunch of duplicate entries in your database as anyone with the same password will have an identical entry after the hash. You add the salt so that each of those will hash to a different value and if an adversary brute forces one password they don't have everyone else's password who was using that same value.
Salts protect the collective. They're useless if the adversary is brute forcing one password. The rainbow table is just a list of what common passwords hash to with various algorithms. By utilizing a salt the adversary has to generate a rainbow table for every salt instead of having a master copy.
|
As far as I understand it the database is on each phone, so they would have to have access to millions of phones with this app, their hashed passwords, and password hints. I agree salting is a good idea, but I don't think it is necessary in this case. Anyway, this is beside the question I was asking, which is whether passing around an object with a password hash field is vulnerable to anything if all the data stays inside the app. Could someone get the value? If they get the value could they log in with it somehow?
|
If it's just passing around the password as a string parameter then it's fine.
If the password is persisted in any way then no.
"data stays inside the app" means lots of things. Just because data is saved to app storage doesn't mean malicious users can't easily access the data.
|
Hyrule19220 Posts
salting the hash costs next to nothing and is far more secure than not.
you not wanting to salt means you either don't care (bad), don't think it matters (bad), don't want to do it because you don't understand salt (bad, but not as bad as the others), or "need" every possible byte of storage you can get for some other reason (bad)
tl;dr just fucking salt the password
|
|
|
|
|
|
EPT
