Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
Let say that I have a website with some information that could be access externally. Those information need to be only change by the respected client. Example: Google Analytic or WordPress API key. How can I create a system that work like that (no matter the programming language)?
A number of smart people are working on a standard, and it's called OAuth. It already has a number of sample implementations, so it's pretty easy to get started.
Simple:
Generate a key for each user
Deny access for each request without this key
Currently, I use a concatenation of multiple MD5s with a salt. The MD5s are generated off of various concatenations of user data.
A good way of generating a key would be to store a GUID (Globally Unique Identifier) on each user record n the database. GUID is going to be unique and almost impossible to guess.
There are also infrastructure services that manage all this for you like http://www.3scale.net (disclosure I work there), http://www.mashery.com and http://www.apigee.com/.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I have a game that is super simple, no animations or that kind of stuff, it is some sort of trivia game. I can, already, save user's max. score locally via sharedpreferences, what I want to do now, is to save max. scores in some kind of server all users' and display them, maybe, in one screen.
I am not asking here for code, I realize that would be hard without seeing my game's source code.
I need any advice here to which method to use for saving user's 'simlpe' data?
Should I use firebase to save all users' max. scores or using Google Play Games would be a better choice?
By the way, I don't want to interrupt user for email, google sign in or any other that kind of methods. User will only update their username and profile photo (if they choose to).
You can use firebase realtime database or firestore to save user data. You don't have to use authentication if you don't want Google sign in.
Check the following :
https://pub.dev/packages/cloud_firestore
https://pub.dev/packages/firebase_database
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
We want to store our passwords for FTP, websites, databases, etc. You can compare our software to keypass but we wanted to do our own solution.
The passwords will be encrypted and stored in a database. We can't use checksums because we need to show the passwords in plaintext.
The problem is that we couldn't find a good solution to store the private key. If it's written in the code, you can get it quite easily. If it's hidden in a dll, you can't hide it effectively, because the machine has to use it. All users of our software have full access to the source code, the database with the encripted passwords and are admins on their PCs, so they could read the code when it's used.
We thought about storing the private keys in a seperate database which is accessed with another password but the key will be used anyway.
So, we're not getting anywhere. We are aware that there is no 100% save solution for this but there got to be an almost safe one.
First i would advise against writing your own solution, there are so many ways to do it wrong, and you need to invest a lot of time to know about all important points.
You don't need to store a key anywhere, just use the key to encrypt the data then forget the key. For decrypting you use the key as entered, if the key is correct you get back the data, otherwise you get back scrambled content.
Because users do not like to type strong keys and prefere passwords, you should use a key-derivation function like BCrypt or PBKDF2 (Password-Based-Key-Derivation-Function-2), which can translate a password to a key.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am making a program in Qt5.2.1 and in it I am using a text file to store some data. I would like to encrypt it and decrypt it inside the program and display the text stored in the file in a QPlainTextEdit ( or any other similar widget).
I searched and came across Qcryptographichash but i have no idea how to use it. I read somewhere that it does not provide a very secure encryption but that doesn't matter ( I am not expecting hackers to try and read this file).
So, could anyone guide me in the right direction, maybe even give me some code. :D
QCryptographic hash creates a hash from given data. That is a one-way process, so the it will not do what you want, namely encrypt the data in a form that can be retrieved via decryption.
You can read more about the difference between encryption and hashes here.
You need to research into possible encryption algorithms. To my knowledge, that's not something that is part of Qt.
It's a large area of on-going research; there are so many to choose from, as you can see here.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I am writing a research on a service ranking algorithm, and I want to prove its performance and accuracy by running it on a public data. let's say apple store data, google play, expedia etc. Can I parse their data from HTML and use it in my research? or I would be performing illegal act (web scraping)?
And should i mention explicitly in my research that the data is used only for scientific reasons?
I've read about webscraping and the controversies about its illegality, but i did not find any article about if it's used for scientific purposes only.
Thanks in advance
There is nothing inherently illegal about web-scraping a site.
However, I would suggest that you pay attention to the particular site's "Terms of Use" to see if it is something which they expressly forbid. For example, the Expedia Terms of Use here http://www.expedia.ie/p/support/termsofuse outline:
you may not visit or make available the website or any part of the web
pages of the website by automatic means, such as by using crawlers or
shop bots to systematically retrieve or copy information or connect
the content of the website functionally to another website via links
*That being said, as long as you don't exert an unreasonable load on the site, or republish their content as your own, I don't expect you will run into any problems.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I installed the database asp.net Membership but I want to ask what is best practice here should I use the aspnet_Users table as a main table for Website user or should create new user table to store the website users login information and password ??
According to my understanding aspnet_Users tables are the easiest and best option if you already not having tables for user management
The generated aspnet_Users table gives you a quick out-of-the-box option, and you can also use it across multiple applications. I have used this before and it has served me well.
I have never used the aspnet_Users table even once in my entire career as a software developer, senior software developer and now present software architect. I think that pretty much sums this up.
To me using asp.net membership provider is a easier and safer way. And it contains in build method that can use. If we need to Implement a Custom Membership User it also possible.