I know that Relational Algebra is the goto data model for storing information related to SQL queries.
I am however yet to find a standard data model that can encapsulate constructs of stored procedures such as cursors, loops, in/out variables, statements etc.
I might be wrong, but usually people talk about an AST, but is there something more specific? I tried looking into MySQL code to get some idea but wasn’t too successful.
I thought cookies are stored on client side only, as files. Then I realize if cookies are not stored on server side, how could a server match a cookie just received from a client to some session or other information created in the past?
So is it correct that cookie information is also stored on the server side?
How does a server store cookie information?
I have searched about “client side cookie” and “server side cookie” and reached several discussions including
I’m looking for established patterns of how to handle the stored password hash and the hash of the password for the current login attempt. These are the principles I’m looking to satisfy I think:
1) minimize transit time of the plain text password -> hash password immediately after the POST request is submitted. I understand client side hashing could be combined with server side hashing, but I’m not considering that at this moment.
2) minimize transit of the stored (correct) hash -> this is the authoritative hash, so attempt to minimize attack surface area. Bring the password hash for the current login attempt to the hash storage medium (or close to it).
Regarding the handling of the stored hash, I found a source that was discussing the use of a separate table (or DB) with separate credentials, and stored procedures to compare the incoming login hash. However, I can’t find that source again. If anyone has an authoritative link to a discussion on this topic, I would be interested.
In the end, I would lean towards a method that affords good security, and is relatively easy to do correctly. I’d like to avoid a method that should provide the best security, but is difficult to do correctly, thereby forfeiting the security benefit.
Q: At some point, I need to compare the stored hash with the login hash, but it isn’t clear WHERE I should do this. Is there a commonly accepted place in code to do so?
Q: Are there other aspects of hash management that I’ve overlooked so far?
an interval heap is a binary tree stored on an array where the size of each node is 2.
i would like to be able to find the index of a parent and find one of the child indices given the index of a node.
an example of an interval trees indices would be:
[0,1] [2,3] [4,5] [6,7][8,9][10,11][12,13]
[1,2] [3,4] [5,6] [7,8][9,10][11,12][13,14]
I’m trying to figure out if the data created by a Mac user on a local mac is truly secure from other users on that same mac. For example, on MacOS Catalina, I have three accounts:
- User 1 (Standard)
- User 2 (Standard)
Each user as a discreat robust password. FileVault is enabled.
If User 2 saves data in their private (non-shared) folder, is there anyway for User 1, or Administrator to access that data without User 2’s password?
All three users are me. I use User 1 account for everything personal. I only use Administrator for administrator functions. I’ve created User 2, to use for working at home, for the purpose of segregating sensitive work documents from my personal account. My thought is that if User 1 account gets hacked or compromised, can a hacker get the information I saved on the same computer as User 2?
The only thing I can think of is if hacker gains access to Admin account, then a key logger can be installed and capture my credentials when logging into User 2.
Assuming that online storage providers are considered untrusted, if files and directories are encrypted, how can these be protected against fingerprinting?
The files are encrypted using rclone’s implementation of Poly1305 and XSalsa20 before being backed up to the cloud provider.
According to rclone’s documentation, the available metadata is file length, file modification date and directory structure.
- What can be identified?
- What can be inferred?
- What attack vectors are there against the encrypted files and directories if the online storage provider is compromised assuming the passphrase is at least 24 characters long and is a combination of alphanumeric and special characters (uppercase and lowercase) as well as salted with similar entropy?
The encrypted data is considered to be sensitive.
How can I protect those files from being fingerprinted and the contents inferred such as ownership, source and the like?
I don’t readily see anything in the sys schema objects, other than the DM_EXEC_SQL_TEXT function that requires a plan handle, but the procedures I’m trying to get their query texts from aren’t currently running. (Maybe there’s a way through their cached plans?…though the ones I’m looking for might not have a cached plan.)
Are the query texts of stored procedures stored anywhere that’s queryable?
I see sp_helptext might be an option: https://docs.microsoft.com/en-us/sql/relational-databases/stored-procedures/view-the-definition-of-a-stored-procedure?view=sql-server-ver15#TsqlProcedure
Glyph of Warding looks like it is going to be a very fun and useful spell once I learn it, but in its description I don’t see any mention of whether is can be cast multiple times to store spells in multiple objects. I’m guessing there is a verdict on this, does anyone know it?
I am wondering where the firmware / driver is stored on these devices? If it cannot be used as a storage device, how could it possibly store any firmware for itself?
How could I access these “files”? I cannot access the drive as I would a regular storage device.
Can a USB receiver be used as a USB drive?
Many recent phones come with a fingerprint scanner. I use them rarely but I’m curious how do hardware and software protect user’s fingerprint data from being stolen.
Does a fingerprint scanner come with its own storage where fingerprints are stored?
How does the fingerprint scanner decide which fingerprint requests from apps are legitimate?
When you factory reset a phone, do all the fingerprints get securely wiped?