Why is it important for every table to have a primary key?

So I have some tables in Sql Server that are essentially a list of sales, things like:

ProductID  SalesOrderID ProductFamilyID  ProductCost ProductSource 

and so on. In this case, none of the columns are necessarily unique, so I can’t create a primary key from any combination of them. In fact, the only constraint that I really have on the table is that I need every row in the table to be a unique combination of the columns. So I’m assuming something like a unique index would be the way to go there.

The only primary key I could add is something like an autoincrement primary key. But what would be the actual use of that, database wise? What are the possible problems with not creating a primary key for a table like this?

Is `SecAction` order important for an OWASP ModSecurity config file?

Using a web server with Nginx + ModSecurity + OWASP ModSecurity Core Rules…

On the OWASP config file crs-setup.conf is the order of the config section SecAction important or can i order them differently from the example config file ?

Example:

SecAction \  "id:900250,\   phase:1,\   nolog,\   pass,\   t:none,\   setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /translate/ /if/'"  SecAction \  "id:900200,\   phase:1,\   nolog,\   pass,\   t:none,\   setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'" 

By default SecAction id:900200 is written before SecAction id:900250, is that order important?

Coronavirus, you and hosting company important updates for hosting customers 2020.

Corona-virus, you and hosting company important updates for hosting customers 2020.

Corona-virus created problems in almost all countries and maybe you are facing the same also. Please take care and stay safe. If your are hosting customer please support hosting industry if anything urgent or important then contact provider because most of the employees working from home and few facing health issues. So it is time to help each other. If any hosting provider was not able to provide you support then maybe they are facing big problems so please trust them and don’t cancel your services.

If any customer looking for a web hosting plan for any startup idea in this situation and we provide free of cost hosting and support. Also logo designing. We are ready to help you and make your business successful.
Many thanks for your valuable time.

Below are Free Hosting for a lifetime, host without cost details:

FREE Startup-$0 /Lifetime

>> Single Domain Hosting
>> 200MB Web Space
>> 200MB Bandwidth
>> 2 Email Accounts
>> 2 Sub Domains
>> FREE Auto SSL
>> DDOS Protection
>> 99.99% uptime
>> Softacolous Supported
>> Tier 1 Technical Support

Order Now >> https://hostpoco.com/free-hosting.php

Thank you.

VERY IMPORTANT!

Dear administration who doesn't want to write back to me…

https://forums.digitalpoint.com/threads/xxxxx.2857360/
In accordance with the law on the protection of personal data of the European Union I DEMAND to delete this thread or the e-mail inside this thread.

VERY IMPORTANT!

Dear administration who doesn't want to write back to me…

https://forums.digitalpoint.com/threads/xxxxx.2857360/
In accordance with the law on the protection of personal data of the European Union I DEMAND to delete this thread or the e-mail inside this thread.

Phishing attempt?? – EML attachment from a “trusted source” might be urgent and important, or malware / phishing

I don’t usually feel competent enough to ask decent questions, let alone answer one here. But, this is rather urgent, so please be patient with me:

I CANNOT tell if the “secure encrypted message” I got in an email from a “state agency” was genuine or malware! I was somewhat (reluctantly) expecting an email from that department and their email signature appeared genuine. Unfortunately, they may or may not have attached that file, which purportedly contained the message body as an *.EML “secure attachment message”.

I couldn’t open the secure message attachment, which was the first clue of something amiss. (I also do NOT want to call them, and then have them read me the message, which would trigger a conversation I’m not prepared for, without first knowing what the message was about.)

As I started working hard to open the attachment. As I failed and researched more, my findings appeared more and more ominous. I will keep this question UPDATED with any missing details.
SUMMARY:

  • Received seemingly valid email from a known state agency, known person, known division I do business with.
  • Plain text message body:
    “Please find the attached.” [?? Odd wording –> “‘FIND‘ the attached” ??]
  • The [real] message was attached, encrypted, and only viewable by the email recipient that it was addressed to. The attachment then had to be opened by the email client, (Gmail-web). I’ve done this before once or twice, so it is a pain, but not unheard of.
  • Email ATTACHMENT was then “viewed in a an NEW WINDOW” in Chrome and Vivaldi with similar if not the same results: https://mail.google.com/mail/u/0/?????????????..[etc.]/: WHICH SAID:

[ERROR MESSAGE FROM GOOGLE MAIL:]
“You are viewing an attached message. COMPANY Mail can’t verify the authenticity of attached messages. Your document has been completed”

“VIEW COMPLETED DOCUMENTS:”
[LINK GOES TO: https://www.notion.so/(KNOWN_AGENCY_-_GUID)/]

“Ms. [known person]”
“[Known State Agency]”

  • After clicking on the link from the popup shown above, it opened a new TAB in my email browser’s page at this URI: https://www.notion.so/(KNOWN_AGENCY_-_GUID)/ which said the following:

“[KNOWN STATE AGENCY]”
“This PDF is password protected ,”   “[KNOWN PERSON] sent you an important vital file to review.”

“REVIEW FILE HERE:”
[LINK GOES TO: https://fafanfan.tk/000/nsw/data/UntitledNotebook1.html ] 

“Please take a look and let me know if these are ready to print.”
[ HUH?? Why let you know?? And, why print, instead of view?? ] 
“Kindly open with your professional email.”
[ HUH?? “Kindly”, “Professional email”?? Who talks like this?? ]
“Login with your email and password to view file.”

  • So, then I clicked on the email link and TRIED to log into my company GMAIL account.
  • It appeared to log into my account successfully, but then said I had to verify my account and to provide [either the] recovery phone or recovery email address
  • I provided a valid phone #, which failed with an error.
  • Then I tried my valid recovery email address, which also failed with an error.
  • I tried both Vivaldi and Chrome, and all failed each time. (I assumed that it opened a window without cookies, so the login to Google was from a new, unknown page.)

At this point, I started Googling the URI’s and other things —

  • Hmmm strange domains [TLD].TK ?? Searched the URI = NO hits.
  • Searched [TLD].TK — not good — It said 95% of the .TK traffic is malware / spam.
  • Searched the other URI shown above = NO hits. NOT cool.
  • I changed all my email PW’s. I checked for odd logins, but saw nothing odd. (If I provided my credentials to the bad guys, they are a bit slow today. So maybe I dodged a bullet.)
  • I Checked/scanned the downloaded file with Windows Defender — no detection
  • I submitted the file to Virus Total — no detection by anyone.
  • I also submitted the two URI’s shown above, and came up with only one hit from an unknown security company, who likely flagged the *.TK as possibly a “bad URI”.

At this point, I’m not at all sure what to do… I do NOT want to call them and start a conversation that might later deny “plausible deniability that I received this notice”. OTOH, I can’t ignore it too long, either.

RANT: I hate all these “protections”, that invite malware to be easily inserted. Then, you are relying on ordinary users to figure out if the attachments are safe?? Few users are smart enough, and I know that I’m not. (Although I’m not a total security idiot, as I’m more cautious and knowledgeable most than anyone I know.)
If Adobe wants to provide tools like this, fine. Then please make it much easier and obviously safe for both senders and [very novice] readers. For instance, use Adobe.com URI’s and never TLD’s that are also used for malware. If providing security tools, please don’t rely on these agencies’ IT staff to try to train equip their users to properly use these tools with the public, most of whom have never opened a “secure attachment”, let alone know how to open them (OR NOT), safely.