Search Results

Search found 650 results on 26 pages for 'flaws and pitfalls'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 4/26 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Security benefits from a second opinion, are there flaws in my plan to hash & salt user passwords vi

    - by Tchalvak
    Here is my plan, and goals: Overall Goals: Security with a certain amount of simplicity & database-to-database transferrability, 'cause I'm no expert and could mess it up and I don't want to have to ask a lot of users to reset their passwords. Easy to wipe the passwords for publishing a "wiped" databased of test data. (e.g. I'd like to be able to use a postgresql statement to simply reset all passwords to something simple so that testers can use that testing data for themselves). Plan: Hashing the passwords Account creation records the original email that an account is created with, forever. A global salt is used, e.g. "90fb16b6901dfceb73781ba4d8585f0503ac9391". An account specific salt, the original email the account was created with, is used, e.g. "[email protected]". The users's password is used, e.g. "password123" (I'll be warning against weak passwords in the signup form) The combination of the global salt, account specific salt, and password is hashed via some hashing method in postgresql (haven't been able to find documentation for hashing functions in postgresql, but being able to use sha-2 or something like that would be nice if I could find it). The hash gets stored in the database. Recovering an account To change their password, they have to go through standard password reset (and that reset email gets sent to the original email as well as the most recent account email that they have set). Flaws? Are there any flaws with this that I need to address? And are there best practices to doing hashing fully within postgresql?

    Read the article

  • High Salaried Investment Banking Jobs for Developers — What are the pitfalls?

    - by Jaywalker
    This question might make more sense to somebody having multi-threaded programming experience in Java/ C++ with some job experience in London / Singapore. There is a huge market of Investment Banking development jobs with astonishingly high salaries (sometimes more than 100K pounds per year). Can someone with experience as a front office/trading developer tell what are the requirements to land this type job? What are the downside that i should be ready for?

    Read the article

  • rails fake data, considering switch from faker to forgery, any advantages or pitfalls?

    - by Michael Durrant
    With Ruby on Rails I've usually used Forgery for generating dummy data for testing. I've noticed recently that several clients and tutorials are using Faker They both seem fairly similar in use and popularity: Faker 128 forks, 418 watchers. Forgery 59 forks, 399 watchers. They both seem similar in how current they are: Faker Most updates are from 6 and 9 months ago. Forgery Most updates are from 4 and 9 months ago. The one distinguishing factor I've found so far is that Forgery seems like it has better instructions. Are there any particular benefits or disadvantages to using one over the other? Have you ever needed to switch from one to another for a particular reason?

    Read the article

  • What are the common pitfalls that would stop Authorised Key SSH access, and how do I find and correct for them?

    - by Ashimema
    EDIT: This question was reworked to make it more useful to the community and less specific to me. Questions seem to come up reasonably often regarding ssh and problems with authorised keys access, but very few seem to have a clear answer anywhere; Server keeps asking for password after I've copied my SSH Public Key to authorized_keys ssh not accepting public key how do I use ssh with key access in 11.10 passwordless ssh not working So, In the communities opinion, what is the tried and tested method for getting to the bottom of such problems?

    Read the article

  • What are the pitfalls of hardlinked files on my desktop PC?

    - by MountainX
    All the identical-content files on my PC are now hardlinked. (My data is completely de-duplicated. It is a consequence of the way I copied my data from my old computer.) What pitfalls do I need to be aware of now that certain actions on one file could silently affect a number of other files? I know that deleting the file I'm working on is not a problem (assuming I deleted it on purpose). It doesn't affect any of the other hardlinked files and I don't see that the delete action would lead to unexpected side effects. Moving or renaming the file is not a problem. I don't see any unexpected consequences. I don't think copying hardlinked files is a problem, but I'm not as confident about any unexpected consequences in this regard. What I have seen is that making a copy (to the same disk) of a hardlinked file with cp keeps the copy hardlinked (i.e., inode number doesn't change in the copy). Copying to another filesystem obviously breaks the hardlink. (I guess one pitfall is forgetting this fact, given that my PC has 3 hard disks.) Changing permissions does affect all linked files. So far this has proven handy. (I made a large number of the hardlinked files read-only.) None of the operations above seem to produce any major unexpected consequences. However, as was pointed out to me by Daniel Beck in a comment, editing or modifying a file can sometimes be a problem. It depends on the tool and maybe the type of edit. (For example, editing small text files using sed seems to always break the link while using nano doesn't.) This introduces the chance that editing one file could affect all the hardlinked files (i.e., alter the original inode). My proposed solution to this is to make all hardlinked files read-only (and that is already mostly the case). If I can't do that for some files, I will unlink those particular files. Is there any problem with this read-only approach? I'm assuming that if I go to edit a file and find it to be read-only, I'll remember to unlink that filename while making it writable. So one pitfall might be forgetting this rule. In that case, I'll have to rely on my backups. Am I correct in the above statements? And what else do I need to know? BTW, I'm running Kubuntu 12.04. I'm also using btrfs. (I have 2 SSD's and 1 HDD in the PC. I will also be adding an external USB HDD. I'm also connected to a network and I mount some NFS shares. I don't assume any of these last bits are relevant to the question, but I'm adding them just in case.) BTW, since I have more than one drive (with separate file systems), to unlink any file all I have to do is copy it to another drive, then move it back. However, using sed also works (in my testing). Here's my script: sed -i 's/\(.\)/\1/' file1 Surprisingly, this even unlinks zero byte files. In my testing it also appears to work on non-text files without any special options. (But I understand that the --binary option might be needed on Windows, MS-DOS and Cygwin.) However, copying to another disk and moving back may be the best way to unlink. For my use-case, unlink command doesn't really "unlink", rather it "removes".

    Read the article

  • Any pitfalls using char* instead of void* when writing cross platform code?

    - by UberMongoose
    Is there any pitfalls when using char*'s to write cross platform code that does memory access? I'm working on a play memory allocator to better understand how to debug memmory issues. I have come to believe char*'s are preferable because of the ability to do pointer arithmetic and derefernce them over void*'s, is that true? Do the following assumptions always hold true on different common platforms? sizeof(char) == 1 sizeof(char*) == sizeof(void*) sizeof(char*) == sizeof(size_t)

    Read the article

  • Are there any pitfalls to having two different Models from two different assemblies? (EF)

    - by Jonn
    I have two projects, both of them data access layers, and both using EF. I have another project calling services related to the two different assemblies. Are there any pitfalls on using two different models on two different databases linked to the same database? I'm asking this because I've been getting this generic "EntitySqlException" could not be resolved in the current scope or context. Make sure that all referenced variables are in scope, that required schemas are loaded, and that namespaces are referenced correctly., near escaped identifier. that does not appear when are run separately but appear when under the same project.

    Read the article

  • Pitfalls and practical Use-Cases: Toplink, Hibernate, Eclipse Link, Ibatis ...

    - by Martin K.
    I worked a lot with Hibernate as my JPA implementation. In most cases it works fine! But I have also seen a lot of pitfalls: Remoting with persisted Objects is difficult, because Hibernate replaces the Java collections with its own collection implementation. So the every client must have the Hibernate .jar libraries. You have to take care on LazyLoading exceptions etc. One way to get around this problem is the use of webservices. Dirty checking is done against the Database without any lock. "Delayed SQL", causes that the data access isn't ACID compliant. (Lost data...) Implict Updates So we don't know if an object is modified or not (commit causes updates). Are there similar issues with Toplink, Eclipse Link and Ibatis? When should I use them? Have they a similar performance? Are there reasons to choose Eclipse Link/Toplink... over Hibernate?

    Read the article

  • Pitfalls to using Gluster as a home/profile directory server?

    - by Bart Silverstrim
    I was asking recently about options for divvying up access to file servers, as we have a NAS solution that gets fairly bogged down when our users (with giant profiles, especially) all log in nearly simultaneously. I ran across Gluster and it looks like it can cluster different physical storage media into a single virtual volume and share it out like a virtual NAS from the client perspective and it support CIFS. My question is whether something like this would be feasible to use for home and profile directories in an active directory environment. I was worried about ACL's, primarily, as I didn't think CIFS was fine-grained enough to support NTFS permissions and it didn't look like Gluster exports those permission levels, just the base permissions for basic file sharing. I got the impression that using Gluster would allow for data to be redundant across multiple servers and would speed up access to the files under heavy load, while allowing us to dynamically boost storage capacity by just adding another server and telling Gluster's master node to add that server. Maybe I'm wrong with my understanding of it though. Anyone else use it or care to share how feasible this is?

    Read the article

  • Are there pitfalls to using incompatible RAM (frequencies) in motherboards?

    - by osij2is
    I'd like to use 2 x 4GB DDR3 1600 dimms in a motherboard capable of only DDR3 1066. The DDR3 1600 is on sale and the cost is identical to 1066 dimms. It'd be nice to have these faster sticks around should i upgrade the motherboard. I assume the RAM can under clock itself or be changed in the BIOS. While obviously it's less than ideal situation, I don't know if there are other unintended consequences in terms of stability, performance and longevity of the board and said RAM. Am I doing any damage to the memory controller or RAM? I've always bought RAM at the max speed specified for the motherboard and I've never gone over so I'm not sure if there any caveats to this at all. Edit: I intend to use the RAM in pairs. I know that mixing RAM speeds is just a bad idea.

    Read the article

  • pitfalls with mixing storage engines in mysql with django?

    - by Dave Orr
    I'm running a django system over mysql in amazon's cloud, and the database default is innodb. But now I want to put a fulltext index on a couple of tables for searching, which evidently requires myisam. The obvious solution is to just tell mysql to ALTER TABLE to myisam, but are there going to be any issues with that? One that comes to mind is that I'll have to remember to do that any time I build a new version of the database, which should theoretically be rare, but there doesn't seem to be a way to tell django to please set the storage engine at the table level. I guess I could write a migration (we use south). Any other things I might be missing? What could possibly go wrong?

    Read the article

  • What pitfalls (if any) are there to learning C/C++ as a first language?

    - by thyrgle
    Hi, I first learned C++ then moved to C (I know kind of backwards) and then I found a thing called iTunes U and began watching programming classes to extend my knowledge and noticed that Stanford and MIT both did not teach C or C++ as an introduction to computer programming. Then I began to wonder why they didn't begin teaching C/C++ because I thought C/C++ was more efficient than Java (which Stanford taught) and Python (which MIT taught). Or maybe there is no particular reason?

    Read the article

  • Does C# give you "less rope to hang yourself" than C++?

    - by user115232
    Joel Spolsky characterized C++ as "enough rope to hang yourself". Actually, he was summarizing "Effective C++" by Scott Meyers: It's a book that basically says, C++ is enough rope to hang yourself, and then a couple of extra miles of rope, and then a couple of suicide pills that are disguised as M&Ms... I don't have a copy of the book, but there are indications that much of the book relates to pitfalls of managing memory which seem like would be rendered moot in C# because the runtime manages those issues for you. Here are my questions: Does C# avoid pitfalls that are avoided in C++ only by careful programming? If so, to what degree and how are they avoided? Are there new, different pitfalls in C# that a new C# programmer should be aware of? If so, why couldn't they be avoided by the design of C#?

    Read the article

  • How to do the transition from project manager to product manager? [on hold]

    - by E. Topp
    I'm working as project manager / head of software for a small software company and was working on my own previously to this position. I want to however make the transition to product manager from my current position. You could ask about position differences, pitfalls of using project management processes and decision making as a product manager. What skill sets you need for the product manager job What are the position differences? What are the pitfalls of using project management processes and decision making as a product manager? What skill set is required for the product manager job? Is the transition easier for a project manager?

    Read the article

  • How do you write straight to the point documentation without looking sloppy and informal?

    - by James
    I'm currently at a contract position and am looking to add to the documentation of the projects I worked on, to assist the next hiree taking over my projects. The documentation I received was overly technical (i.e. references code right away, references replacing certain values on certain lines, no high level description at all) How do I write documentation in simple plain English that is of actual benefit without looking sloppy? I find it difficult in areas such as outlining a system's flaws without coming off as judgmental, but still emphasize the severity of how detrimental some of the flaws are.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >