Food Delivery Service Database Design Questions

For a Food Delivery application I am developing for a school project, I’m facing some problems during the ER model design stage. I have to fulfil many requirements but my main issues I’m having are the following:

A)

Restaurant

  1. Each order’s food items must be from a single restaurant, and each order is assigned to a delivery rider who will collect and deliver the ordered items to the customer.

I’ve learnt about ternary relationships and my current design doesn’t seem to be enforcing the constraint in (A). I’m thinking if a ternary constraint connecting Restaurant to “Ordered In” will be a better design but as I’m not familiar with refining schemas, I don’t know if it’s a good design decision.

B)

Riders

  1. Each full-time rider maintains a monthly work schedule (MWS) while each part-time rider maintains a weekly work schedule (WWS).

  2. In the FDS application, a week is defined to be a duration consisting of seven consecutive days, and a month is defined to be a duration consisting of four consecutive weeks.

  3. Each WWS specifies the hour intervals that the rider is available for work each day.

  4. For example, a rider’s WWS might specify the following work hours for six work days: for Monday to Thursday, the rider works for the hours 10am to 1pm, 4pm to 6pm, and 7pm to 10pm; and for Saturday and Sunday, the rider works for the hours 10am to 1pm and 5pm to 8pm.

What would be a good way to differentiate between a part-time weekly work schedule and full-time monthly work schedule, which is a duplicate of 4 identical weekly work schedules, the exact wording of my requirements are all shown in (B).

I follow my notation rather similarly to those quoted in R. Ramakrishnan & J. Gehrke, Introduction to database design, Database Management Systems, chapter 2. McGraw Hill, third edition, 2003. Do feel free to ask for more clarification

To authorize an App Service to get keys from Key Vault, do I need to use the IAM blade or the Access Policies blade? [migrated]

I’m unclear about how I authorize an Azure App Service to get a key from Azure Key Vault using System Assigned Managed Service Identities. Do I use the IAM blade and give the App Service Identity the Reader role? Or do I got to the Access Policies blade and find the Principal for the App Services identity and give it key permissions? Or do I do both?

*[Hostpoco.com] Dedi Server| 99% Uptime | 24*7 Service | Premium Bandwidth |Root Acce

If you are looking for a reliable and caring hosting provider, then you are on the right platform. Hostpoco.com offers high-quality dedicated servers with 100% up-time. Our dedicated servers not only provide full root SSH access but also enable you to host unlimited domains and install the application which you need, you can resell hosting to provide you the convenience and independence of a dedicated server.

====================================
Features available with every Plan:
====================================
~ Complete Root Access
~ 24×7 Rescue System
~ Premium Bandwidth
~ 99 % Uptime Guarantee
~ SSH Access
~ 7 Days Money Back Guarantee
~ 2x HDD SATAII 2TB 7.20 Storage
~ 4 Free IP Address
~ 1Gbps uplink 10 TB traffic included

=======
Plan:
=======
*Dedi Startup : $80 /Monthly
– E3-1240 ( 2 Cores x 3.3 )
– HDD Storage
– 8 GB RAM

*Dedi Pro : $85 /Monthly
– X5650 ( 2 Cores x 2.66 )
– SSD Storage
– 8 GB RAM

*Dedi Premium: $95 /Monthly
– E3-1240 ( 2 Cores x 3.3 )
– HDD Storage
– 16 GB RAM

*Dedi Elite : $110 /Monthly
– Intel Xeon 56xx (4 Cores)
– HDD Storage
– 16 GB RAM

For more Plan: https://hostpoco.com/low-cost-dedicated-server.php#

Thank You.

XEvil Captcha Service don’t work in GSA SER

Hi!

I used to use XEvil Captcha Service connected to GSA SER. Then I’ve reinstaled a new Windows on my PC and as a result can’t make GSA SER working now. I’ve been testing GSA with XEvil for connection (responding) and correct work – everything seems good. But when I start the project – captcha service don’t resolve (there is no resolved or failed result, nothing changes in “captcha cell”).

XEvil Captcha Service is working correctly with Xrumer. Proxies in GSA are also working (private ones).
Log is running, but no submissions are done.

What could be the problem? 

Thanks.

use recaptcha service on just first tier

sorry if the answer is already on here, but ive searched & did not find the answer, but how do you just select to use the recaptcha service (i.e. deathbycaptcha) on just the first (top) tier ?
ive looked in the “captcha” admin where you add the captcha service & there is nothing there.
i can only see it applies universally to everything.
i have gsa captcha breaker already – then first tier to go to deathbycaptcha
but i want lower tiers to be gsa captcha breaker only

SNMP Insecurely Configured Service

My vulnerability scan has revealed the following services have insecure group permissions:

  SNMP Service (SNMP) :    - Everyone: DC, WD, WO   SNMP Trap (SNMPTRAP) :    - Everyone: DC, WD, WO 

How does one ensure the groups listed above do not have ChangeConf, WDac, or WOwn permissions?

I’ve tried going into the services and attempting to edit the security tabs. No luck. Any other suggestions?

Are SSH certificates more secure for service accounts?

I’m considering how to deploy a service that needs SSH access to many important boxes in my infrastructure. Rather than store a long-lived SSH private key in a key store that the service could request, I’m considering using short-lived SSH certificates to allow SSH access for the service. So the two architectures I’m comparing are as follows (and I’m not mentioning the technologies at play, because I’m more interested in the theory and reasoning):

Public-key auth:

  1. distribute a service account public key to all necessary servers
  2. store private key in secure secrets store.
  3. run service in a role that has access to the private key store

Certificate-based auth:

  1. Distribute a CA cert to all servers
  2. Store CA Key in secure secrets store.
  3. CA service runs in a role that has access to the CA key.
  4. Service generates private key pair and sends CSR to CA service
  5. CA signs and returns certificate with short life span (~5 minutes or long enough to for the service to authenticate to the servers it needs).

Thoughts

The tradeoffs I see, is that with certificate-based auth, compromised certificates are quickly expired and thus less risky. If a service using SSH is compromised, I can revoke it’s ability to request new certificates without having to do any config on any of the servers and without taking away the ability for other such services to authenticate. However, this architecture is more complex, and in the end, the SSHing service still has to auth somehow to the CA server to authorize the signing. Whether this is from a provider role permission, shared secret (hard-coded or accessible by a secrets store), IP address, or some sort of PKI (having the service provided a signed cert by its provisioner).

But whatever the mechanism, is this providing a benefit above and beyond just giving the services access to the private key, because if the services are ever compromised, an attacker can just as easily request a valid cert and use it just as well as a private key.

Is there a method for providing a way of securely authing to the CA server for signing requests that doesn’t require human intervention and is resistant to the service being compromised? Or is there some other benefit to this architecture that would justify the extra complexity?

I don’t want to confuse the discussion too much by bringing specific technologies into it, but to prevent this from being too abstract, this would operate in a kubernetes, EC2, or similar cloud platform where I can provide a set of API permissions to a service from the platform itself using RBAC. The SSH services might be short-lived push-style tasks or long-lived services like Ansible Tower.