EPTThe Big Programming Thread - Page 914
| Forum Index > General Forum |
Thread Rules 1. This is not a "do my homework for me" thread. If you have specific questions, ask, but don't post an assignment or homework problem and expect an exact solution. 2. No recruiting for your cockamamie projects (you won't replace facebook with 3 dudes you found on the internet and $20) 3. If you can't articulate why a language is bad, don't start slinging shit about it. Just remember that nothing is worse than making CSS IE6 compatible. 4. Use [code] tags to format code blocks. | ||
|
sc-darkness
856 Posts
| ||
|
Hanh
146 Posts
| ||
|
phar
United States1080 Posts
On October 30 2017 08:23 WarSame wrote: But how?!? If I could get away without doing this, and also make it more secure I would love to do that. Or are you talking about just hiring someone for the security side of things? OAuth, what I said a few days back in my first reply to you. Use Google or Facebook or whatever other existing auth scheme, and just OAuth on top of that. Right even at large company X, essentially every single team will use an existing auth scheme, rather than inventing their own. Because even at a company like Google or Facebook or whatever, you'd only trust a few teams to actually get it right. Everybody else would fuck up in some way (forget one of the small details you need to have really hardened auth scheme), and bad shit would ensue. The only difference is that for you doing a throwaway toy project, "bad shit" translates to "temporary embarrassment, maybe having to shut down the project", whereas "bad shit" of this nature (completely failed auth scheme) at Google would translate into like literally billions of dollars being flushed down the toilet. On October 30 2017 03:12 Acrofales wrote: Is my app secure? I store the passwords in plain text in MySQL database. This is true. I do exactly that. But security is far far far less important than being able to tell 12-yo kids what password they used to register. And resetting 5-10 passwords every class would just take way too much time. I mean I don't know your code, but probably not. It depends on the threat model. If your threat model includes ever having a single vulnerability in your auth db such that a third party ever get access to it, then you would join the list of places which have had plaintext password dumps stolen (just search around for some examples). Read e.g. https://stackoverflow.com/questions/1197417/why-are-plain-text-passwords-bad-and-how-do-i-convince-my-boss-that-his-treasur Again for small throwaway test projects, this isn't that big of a problem. This is under the assumption that you're fine with setting the thing on fire if shit hits the fan, and then walking away. | ||
|
WarSame
Canada1950 Posts
| ||
|
Acrofales
Spain18159 Posts
On October 31 2017 10:36 phar wrote: I mean I don't know your code, but probably not. It depends on the threat model. If your threat model includes ever having a single vulnerability in your auth db such that a third party ever get access to it, then you would join the list of places which have had plaintext password dumps stolen (just search around for some examples). Read e.g. https://stackoverflow.com/questions/1197417/why-are-plain-text-passwords-bad-and-how-do-i-convince-my-boss-that-his-treasur Again for small throwaway test projects, this isn't that big of a problem. This is under the assumption that you're fine with setting the thing on fire if shit hits the fan, and then walking away. It was obviously tongue-in-cheek. They don't even have to steal the database. I've printed out the passwords on a handy piece of paper! :p | ||
|
phar
United States1080 Posts
On October 31 2017 12:21 WarSame wrote: Ah, sorry, I didn't connect the username. Alright, that would have saved me a lot of effort doing DB stuff and encryption, anyway. Why do most places have OAuth as well as a regular sign in option? Flexibility? Would it be that unusual to have an app that had no local way to sign in? I mean even just using OAuth doesn't solve all your problems, see e.g. warning here: https://oauth.net/articles/authentication/ As for why more places don't use oauth in place of their own stuff? Idk. Generally security practices across the entire industry are complete shit. Why did linkedin leak 6m (100m?) emails and passwords in 2012, despite being a big well-established company? Stuff ain't easy. One reason why places insist on local sign-in is that it allows people who don't have accounts with any of your supported oauth providers to still use your stuff. See here for an example of google messing up auth flow (actually a good read from the red team side of things if you want to see some ways that people will try to break your stuff): https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5 On October 31 2017 20:33 Acrofales wrote: It was obviously tongue-in-cheek. They don't even have to steal the database. I've printed out the passwords on a handy piece of paper! :p Ah ha ok, carry on  | ||
|
Programmer2
9 Posts
I am fascinated with programming. Has anyone have any experience with Visual Studio 2015? If anyone does, how do I make it so an image doesn't move after clicking it but after clicking the image, a blue print of it appears for you to place anywhere? Like how on The Sims you can place objects in your house. How would the code look? If I want the left click on the mouse button to do it, I assume I go to the "events" and click on "mousedown" but I have no idea what the code will be to get it to work. I am coding in C* | ||
|
WolfintheSheep
Canada14127 Posts
On November 02 2017 07:09 Programmer2 wrote: Hello everyone. I am fascinated with programming. Has anyone have any experience with Visual Studio 2015? If anyone does, how do I make it so an image doesn't move after clicking it but after clicking the image, a blue print of it appears for you to place anywhere? Like how on The Sims you can place objects in your house. How would the code look? If I want the left click on the mouse button to do it, I assume I go to the "events" and click on "mousedown" but I have no idea what the code will be to get it to work. I am coding in C* I think, if I understand properly, you'll basically want the following... 1) You'll have a blank area on the interface where images can be placed. 2) On mouse click, a "copy" of the image will be made. It either replaces your mouse cursor, or has a trigger on mouse movement to copy the mouse movement. 3) If you have an image selected (can use a boolean flag or something to check this), and you click on the blank area, the image from step 1 will have its x/y position locked. (Or if you went with a mouse cursor replace, a new image element will be placed where you clicked, and mouse will go back to default). There's a lot of finagling you can do to make it the whole process look better, flashier, etc. | ||
|
Manit0u
Poland17544 Posts
On November 02 2017 07:09 Programmer2 wrote: Visual Studio 2015? image doesn't move after clicking it but after clicking the image I am coding in C* Whoa! Not to discourage you but you're mentioning some weird stuff in conjunction with each other... If you are coding in C, you don't need VS (kind of overkill unless your project is really big). By "image doesn't move" do you mean VS templates for GUI or stuff in some game engine? In other words. What are you working on and what is your exact problem? (Being able to define what your problem really is is probably the most crucial skill to attain when learning programming) On October 31 2017 12:21 WarSame wrote: Why do most places have OAuth as well as a regular sign in option? Would it be that unusual to have an app that had no local way to sign in? Not having OAuth as your only source of user info might indicate 2 things: 1) Possibility of signing up users who do not have accounts at other providers (most commonly Google, Facebook and Twitter, but in enterprise world this extends to Okta and other custom identity providers). 2) Need to consolidate OAuth accounts (there's no real way to tell if WarSame@Google is the same as WarSame@Facebook unless you have some other - sometimes virtual - local user account that you can link with other providers). That's from my experience. Technically, you should have a different account for each provider but sometimes business requirements have you to allow the same user to be able to log on from different providers to the same account (I guess that's because most people don't realize how hard can it be to actually implement). | ||
|
Programmer2
9 Posts
On November 02 2017 07:50 Manit0u wrote: Whoa! Not to discourage you but you're mentioning some weird stuff in conjunction with each other... If you are coding in C, you don't need VS (kind of overkill unless your project is really big). By "image doesn't move" do you mean VS templates for GUI or stuff in some game engine? In other words. What are you working on and what is your exact problem? (Being able to define what your problem really is is probably the most crucial skill to attain when learning programming) I don't know how to quote more than one person in the same post but the person above you explained it wonderfully. | ||
|
Manit0u
Poland17544 Posts
On November 02 2017 08:47 Programmer2 wrote: I don't know how to quote more than one person in the same post but the person above you explained it wonderfully. Hah, I haven't seen the answer at the time of my posting (must've been posting it at the same time)  Glad someone knew the problem you're facing and was able to shed some light on it. | ||
|
bo1b
Australia12814 Posts
Also, intellij is providing support to it now, and more importantly they're working on support for the windows subsystem. All I need now is microsoft to finally fix it's i/o speed and I'll be one happy man. For anyone newish to low level languages but knows enough basics to understand functions, strings etc a good project is literally anything simple which has a gui - one of the best things I ever did was learn how to use qt to make a sine wave generator which used mouse position in a window to select the output frequency. | ||
|
Hanh
146 Posts
| ||
|
bo1b
Australia12814 Posts
| ||
|
Hanh
146 Posts
On November 02 2017 14:20 bo1b wrote: Windows subsystem file i/o is really quite slow in comparison to normal linux, can be quite painful sometimes. Do you have an objective speed comparison study or is it your opinion? | ||
|
bo1b
Australia12814 Posts
https://www.phoronix.com/scan.php?page=article&item=windows-10-lxcore&num=4 Here was a benchmark from a while ago, it's definitely somewhat better now but compiling things is still a pain in the ass on wsl in comparison to linux. | ||
|
Silvanel
Poland4736 Posts
| ||
|
bo1b
Australia12814 Posts
On November 02 2017 20:03 Silvanel wrote: Those tests are about native linux vs ubuntu environment running on windows 10. Thats what the windows subsystem is. wsl stands for windows subsystem for linux. | ||
|
Silvanel
Poland4736 Posts
| ||
|
bo1b
Australia12814 Posts
On another note, I thoroughly recommend using wsl + vscode if you use a lowlevel language on windows at all, it's really quite good. | ||
| ||
