Securing data from unwanted users

I inherited a DBA position not so long ago, and even having worked with SQL for the past 20 years it is a different ball game. Anyway, here is my pain 🙂

We need to start hiding sensitive data information . This HAS to be done at the SQL level, as we do not have access to our software sources. I was reading on the web and Data Masking seemed to be the solution, BUT we are running 2014 SQL 🙁

Data encryption does not seem to be a solution (for what I have read) What other options are out there, and keep in mind that I am a newbie at this.

What is the best way to allow users select items from a very long list in a responsive web app?


Scenario

I’m designing a web app where the user adds predefined items from List A to a custom List B.
List A is over 100 items sorted alphabetically.
List B can be customized according to user needs.

I designed a drag-and-drop solution for the web app. The user can jump to List A items alphabetically by clicking a letter.

drag and drop feature

Problem

This drag-and-drop feature doesn’t work on tablets very well and is impossible for smartphones. So I designed a select form for mobile devices: When the user taps on a list item in List B, a picker/flipper populated with List A items is triggered.

mobile view select

Question

Is there a way to implement alphabetical filtering in a web app’s mobile interface?

How can the mobile interface for this feature solve the following requirements?

  1. Allow user filter List A
  2. Add items from List A to List B

What are the downsides of asking your current users to participate in a study (e.g. for new functionality)?

What I mean is, you rarely see companies put some form of banner out there on their homepage saying:

“Hey, we’re developing some new stuff and would like our customer’s opinions on it. Take a quick test!”

Usually, they do those tests behind closed veils and with specifically filtered testers (e.g. in remote testing).

So my question is, what is the primary reason for that?


These thoughts come to mind as arguments against it:

  • Only specific users would participate and skew the perspective. The average user, who is the main buyer, will ignore it; while the power or frequent users will use the chance to complain or inject their very specific wishes.
  • Your users are also accustomed to the site by now and will most probably view any new design changes as “bad” and will vote for keeping what they already know.

On the other hand, these are the things that could be said in favor of it:

  • You can get insight into problems that only long-term users might face, while new users do not even know they exist.
  • You build more loyalty due to the trust you display for their opinion.

I guess I kind of answered my own question, as it usually depends on context. You use foreign, new users to test things that are supposed to attract new paying customers, while you can ask existing users when you want to improve deeper & more complex functionality.

But it seems you never see the second case, but most always the first one.

Does anyone have further points to add to the two lists or other thoughts related to that?

Forcing Users To think up More Complex Passwords / Ease of Remembering Them

Are there any guidelines on the play-off between forcing users to have complex passwords (longer, including numbers and special characters etc) – and the reduction in security if users therefore have to write down these passwords because they can’t remember them ?

To clarify: what I’m thinking about here is where users may have their own preferred (and memorised) set of passwords, but get forced by sites to start making them longer; or adding a number, or sites which just refuse to accept the password unless the site itself deems it strong enough ( hello Google ). So users then have to think of other passwords that fit these particular criteria – which being non standard ones they are then more likely to write down.

So I guess the question is what do users actually do when confronted with a site which tries to force them to use passwords with particular formatting.

Interface for users that need to fill in data for thousands of items

The problem I encounter is that I have thousands of items a day (e.g. transactions of toys that have been purchased in a store). My goal is to provide the users with an interface to fill in manually 10+ data fields on this transaction (e.g. toy category, is it the main toy or something you purchase as extra, what age is it for, etc.). Then, I would categorize the data by the information the users provided me. How would you recommend doing it?

Thanks!

Validity of in-line help content over time as users graduate from novice to Intermediate stages

This is a question in regards to an Enterprise product.

Consider a selection menu –

Option 1

help text (2 liner max)


Option 2

help text (2 liner max)


Option 3

help text (2 liner max)


Notes –

1) This help text was added below the Options as there was feedback from new users that the Option Label itself was not sufficient to communicate the intent of the option.

2) Advanced users have come back saying that they do not need to see the help text every time as they are well aware of the options. This is very much understandable.

Questions –

Our product has both ends of the user expertise spectrum fairly distributed. Also, let’s note that users graduate overtime. A tooltip cannot be used as we have seen very less usage of the same and creates extra friction for new users, compared to immediate help. Considering that standard interaction design principles recommend designing for the ‘Intermediate User’ (Alan Cooper, Dan Normal) – is tooltip the only way out? Or are there other thoughts?

Please advice. Thanks!

What are filler words that you can use for responding to users’ saying in user interview?

In user interviews, I often say “very interesting” or “that’s an interesting point” or “very helpful” in response to users answer. “Interesting” is a perfect word choice because it has a neutral feeling, doesn’t really mean good or bad. Sometimes it would be very repetitive for keep saying those in a long conversation. Would you suggest any other phrases or words to response to users?

Which text is more effective to encourage users to leave review for Android App

I have prepared 2 types of text which used to ask user to leave review in Google Play store for Android app.

It is a dialog, which will pop up, if user has used this app for N times for last M days.

First Text

Hello!

My name is xxx. I’m the solo developer who develops JStock Android. JStock Android development is difficult and slow. It takes months to build, test and deploy a polished feature. If you like to support my work, please leave me a nice review in the market. Thank you for giving me the extra push to keep moving forward.

Second Text

We love you!

Can we assume that the feeling’s mutual? If you’ve been enjoying our app, we’d really appreciate it if you could leave us a nice review in the market. It’ll really help us grow 🙂

I was wondering, which type of text will yield a better “conversion” result?

User’s CLI input validation for filtering out injection attacks

I am writing a python script, Gestioner.py, which checks for some service CLI commands and validates them if they are suppported or not.

I am also trying to develop a test harness to verify and test such possible security attacks Like Injection attacks, Gest_Test.py, and see that if my earlier Gestioner.py should be able to stop/filter out injection attacks.

My question is :

How can I further add such security attacks filtering functionality in ‘Gestioner.py’, to stop any security injection related inputs given through CLI commands ?

Here are some of the example ‘valid’ commands:

--binfcmd filebinf  --filecmd fileftp  --binfcmd filebinf2 --zip testzipfile2 --stat --type None --mol None 

Here is the Gestioner.py file:

#Gestioner.py #For processing the PService cli commands  from pathlib import Path import os import errno import logging import sys from collections import namedtuple sys.path.insert(0, '..')   supported_cmds = ['binfcmd','zip','stat','type','mol','sync', 'filecmd'] ISSupported = namedtuple('ISSupported', 'result desc')  ### # Base Class for processing Pservice commands ### class CmdGestioner:     def __init__(self):         None      def set_full_command(self, in_cmd=None):         self.full_command = in_cmd      def get_full_command(self):         return self.full_command      def print(self):         print("Output: ", self.full_command)      def is_supported(self, in_command):         pservice_flags = [elem for elem in in_command.split() if str(elem).startswith('--')]          # Compare pservice flags with supported version.         command_not_supported = [x for x in pservice_flags if x.strip('--') not in supported_cmds]         # Compare pservice_flags with supported version.         if (len(command_not_supported) > 0):             commands = ' '.join(str(elem) for elem in command_not_supported)             command_not_supported_strs = 'The following commands are not supported: ' + commands             print (command_not_supported_strs)             return ISSupported(                 result=False,                 desc=command_not_supported_strs)          return ISSupported(                 result=True,                 desc='')   

Test file:

#Gest_test.py  from pathlib import Path import os import errno import logging import sys from Gestioner import CmdGestioner from collections import namedtuple   # Testing application. if __name__== "__main__":   print("Command line parser program.")   cmd = CmdGestioner()   cmd_mtg_str = ''.join(str(elem) for elem in sys.argv[1:])   cmd_args = [str(elem).strip('--') for elem in sys.argv[1:] if str(elem).startswith('--')]    print ("This is the name of the script: ", sys.argv[0])   print ("The arguments are: " , str(sys.argv))   print("The cmd.print() is: ", cmd)   print ("The program arguments are: " , cmd_mtg_str)   print ("Splitting commands into groups by -- from string: ", cmd_mtg_str.strip())   flags = cmd_mtg_str.split('--')   for x in flags:       print(x)   print ('Main commands i.e. those that start with -- ', str(cmd_args))    print('finished')  

Thanks for any suggestions/guidance to work my way in the scripts.

Can Forest Gnomes secretly converse (like Thieves Cant) with other Forest Gnomes/Firbolg/Speak with Animal Users via Speak with Small Beasts?

My party has two Forest Gnomes and a Firbolg and they want to use their racial features to secretly communicate.

Forest Gnomes have

Speak with Small Beasts: Through sound and gestures, you may communicate simple ideas with Small or smaller beasts.

Firbolg’s have:

Speech of Beast and Leaf: You have the ability to communicate in a limited manner with beasts and plants. They can understand the meaning of your words, though you have no special ability to understand them in return. You have advantage on all Charisma checks made to influence them.

Speak with Animals reads:

You gain the ability to comprehend and verbally communicate with beasts for the duration. The knowledge and awareness of many beasts is limited by their intelligence, but at minimum, beasts can give you information about nearby locations and monsters, including whatever they can perceive or have perceived within the past day. You might be able to persuade a beast to perform a small favor for you, at the GM’s discretion.

  1. Through their shared knowledge of Speak with Small Beasts can Forest Gnomes communicate simple ideas to each other?
  2. Can Forest Gnomes understand a Firbolg speaking to them as it would a small animal even though it could not respond in turn.
  3. Would a Speak With Animals user be able to eavesdrop on either?