Is it safe to save a user’s email into php session variable for later use?

I’m in the process of creating a password reset functionality for my project. I currently have my website send a password reset link to the user’s email if they request it and validates the link properly when clicked (checks for selector and validator tokens and not expired) before displaying the form to create a new password. The problem I’m having is finding a way to updating the correct user’s password in the database once they submit the new password. One method I have thought of to achieving this, is to get the email associated with the matched selector and validator tokens in my password reset database table and storing it into a session variable so it can be accessed by another php file to update that user’s password in my users database table. I’m wondering if this approach has any security risks to the user or is it a valid method?

How to share information between devices, decrypt it later with private key

I’m developing an app for alert people if they encounter covid-19 positive person. I’m very much concern about user’s privacy. So I need to make a user completely anonymous.

What is want is as follows.

Suppose there are devices A, B, C,

A, B, and C should broadcast the their own UUID via bluetooth When A, B, and C is near to each other A will have B, C UUID’s and B will get A, C’s UUID and vise versa.

Lets suppose A’s find out that A is positive for Covid-19. A will upload its UUID to a central server B and C also checks for UUID’s with the server. When B, C gets UUID list of infected person’s apps B, C will check if they match any of UUID downloaded from the server against locally saved UUID.

But in my case I don’t want the server to find out UUID of A. But somehow I need to send A’s UUID to other devices as well. Whats will be the best approach.

My Solution.

All the devices will generate public, private key pairs of their own. Each app will encrypt their UUID with the public key they have generated and broadcast to the other devices encrypted UUID + public key.

Once particular user find him positive for covid-19 he will upload his private key to the server. All the apps will download all the private keys from all the covid positive devices. and check if app’s themselves can decrypt their messages with the private key’s they have.

Will this be possible ? or what will be the best approach.

Its stupid to disclose the private key. And also it will be chaos to find appropriate public key which matches with the private key also.. But yet this was the only thing that I could think of.

Can Fireballs be saved for later in the Bag of Holding?

My heroes are well on their way to becoming champions of the realm. On their adventures they finally found a Bag of Holding. Being new to D&D they didn’t really know the limitations of the bag itself so they were drilling me with endless questions. I was able to hold them off for a while, however they asked me:

Can I chuck fireballs into the bag and release them as a huge fireball after a while?

My thinking was that the Bag of Holding is a separate dimension, however there is no oxygen so technically the fire would die out. But that lead me to ask myself: can you send ice missiles or frost breathe into the bag and send them out later?

When a monster doesn’t use an AoO, does it mean it can’t take one later on?

I’m surrounded by melee monsters and I want to cast a spell, but I’m afraid that I would fail the concentration either when casting defensively or when taking damage during spellcasting.

Casting the spell is more important for me than not taking damage, and I would prefer to stay in my current position if possible.

I’m thinking of this tactic: move one square (using the Move action), then

  • If all the monsters attack me, that’s great, their AoO is spent, I can return to my original position and cast my spell safely without making a concentration check.
  • If they don’t, then that means that they chose to not take the opportunity and I can use the rest of my Move action to safely move through any squares that they control without triggering another AoO from them, perhaps moving to a square that they don’t threaten and cast my spell from there.

Does this work?

What are the vulnerabilities of the autofill feature in iOS 11 and later?

iOS 11, 12, and later offer an autofill function from the iOS keyboard for specific apps enabled for the function. I have read Apple’s documentation and it appears that the passwords are stored in the app and then recalled to the keyboard UI where they can be selected to autofill the appropriate field in the displayed app form. I am not sure if this is true for browser login pages, too. Generally, autofill functions have contained vulnerabilities in the past. But, what are the vulnerabilities of Apple’s iOS autofill approach?

How to store passwords and be able to reuse them later

Lets assume the following scenario

I am writing an application where you can log in and then provide login details to another system ie your email account, FTP account etc
The application then reuses those login details later when it tries to log into those services to perform a certain task. Those tasks are performed in the background via a cron script and the user does not want to have to log in every time to provide the login details to those services.
This means I need to store the…

How to store passwords and be able to reuse them later

Directx11 batching verticies to draw later

I have several draw functions in my renderer to draw primitives e.g.:

Drawing a Quad:

void Renderer::DrawQuad2D(float left, float bottom, float right, float top, const Rgba& color /*= Rgba::WHITE*/, const Vector4& texCoords /*= Vector4::ZW_AXIS*/) noexcept {     Vector3 v_lb = Vector3(left, bottom, 0.0f);     Vector3 v_rt = Vector3(right, top, 0.0f);     Vector3 v_lt = Vector3(left, top, 0.0f);     Vector3 v_rb = Vector3(right, bottom, 0.0f);     Vector2 uv_lt = Vector2(texCoords.x, texCoords.y);     Vector2 uv_lb = Vector2(texCoords.x, texCoords.w);     Vector2 uv_rt = Vector2(texCoords.z, texCoords.y);     Vector2 uv_rb = Vector2(texCoords.z, texCoords.w);     std::vector<Vertex3D> vbo = {         Vertex3D(v_lb, color, uv_lb)         ,Vertex3D(v_lt, color, uv_lt)         ,Vertex3D(v_rt, color, uv_rt)         ,Vertex3D(v_rb, color, uv_rb)     };     std::vector<unsigned int> ibo = {         0, 1, 2         , 0, 2, 3     };     DrawIndexed(PrimitiveType::Triangles, vbo, ibo);  } 

Sending the verts and indexes to the GPU

void Renderer::DrawIndexed(const PrimitiveType& topology, const std::vector<Vertex3D>& vbo, const std::vector<unsigned int>& ibo) noexcept {     UpdateVbo(vbo);     UpdateIbo(ibo);     DrawIndexed(topology, _temp_vbo.get(), _temp_ibo.get(), ibo.size()); } 

Setup and call DrawIndex on immediate context.

void Renderer::DrawIndexed(const PrimitiveType& topology, VertexBuffer* vbo, IndexBuffer* ibo, std::size_t index_count, std::size_t startVertex /*= 0*/, std::size_t baseVertexLocation /*= 0*/) noexcept {     GUARANTEE_OR_DIE(_current_material, "Attempting to call Draw function without a material set!\n");     D3D11_PRIMITIVE_TOPOLOGY d3d_prim = PrimitiveTypeToD3dTopology(topology);     _rhi_context->GetDxContext()->IASetPrimitiveTopology(d3d_prim);     unsigned int stride = sizeof(VertexBuffer::arraybuffer_t);     unsigned int offsets = 0;     ID3D11Buffer* dx_vbo_buffer = vbo->GetDxBuffer();     ID3D11Buffer* dx_ibo_buffer = ibo->GetDxBuffer();     _rhi_context->GetDxContext()->IASetVertexBuffers(0, 1, &dx_vbo_buffer, &stride, &offsets);     _rhi_context->GetDxContext()->IASetIndexBuffer(dx_ibo_buffer, DXGI_FORMAT_R32_UINT, offsets);     _rhi_context->DrawIndexed(index_count, startVertex, baseVertexLocation); } 

The most noticeable problem is each function issues a draw call. Doing this enough per frame (about 100) causes massive lag. How would I implement a batching such that each of these functions, instead of emitting a draw call immediately, collects all the verts/indexes and doesn’t draw until the end of the frame?

I killed a PC’s animal companion at the end of last session, but later realized it should have survived; what are my options?

Notes: I am the DM, my players are a group of 7, levels of 11 or 12.

So, our last weeks session ended with a black dragon releasing an acid breath attack on the only visible enemies in a courtyard. This was a servant, my wife’s ranger PC, and her falcon animal companion. The servant and the falcon failed their Dex saves and took 58 points of acid damage, outright insta-killing both of them.

Going back to look at it as I prep for the upcoming session, I realize the falcon stats were incorrect. It should have 4 times the ranger’s level in hit points. As she is level 11, this would mean the falcon should have 44 hit points. Not only that, but the falcon should have had the ranger’s proficiency added to the Dex save, which would have made them pass the DC 18 Dex save, reducing the damage to 29 instead of 58.

As this was the last thing to happen at the end of last session, I wasn’t sure if I should retcon the hawk to still being alive and conscious, or leave it a pile of goopy acid and note that I will fix it with the next animal companion? What are my options in a situation like this and what are the pros and cons of making those choices?

How do email clients “send later” without storing a password?

Email clients like Spark for macOS have a feature where a user can send an email later, at any given time, even when the computer is turned off. An SMTP server needs a password based authentication, though.

Does that mean that if I use Spark to send an email later, my password gets sent over to Spark servers in plaintext, so that they can authorize on the SMTP server later? Or is there a different method?