[quote user="CodeWhisperer"]the 'modified postfix traversal' method.[/quote]
I must say I haven't heard (had success with google) of that method before. Can you elaborate?
[quote user="CodeWhisperer"]the 'modified postfix traversal' method.[/quote]
I must say I haven't heard (had success with google) of that method before. Can you elaborate?
All this talk gave me an idea on how to store hierarchical data more efficiently. I've written up a small article at http://orangebeta.blogspot.com/2006/11/on-storing-ordered-hierarchies-in-sql.html
Well.. One could denormalize all the way. Have a table containing id, depth, ancestorId, order and level information. This way you have a record handy for every question. Sure it's lots of records but this is TDWTF right?
If your data is mostly static and/or you don't need to support versioning you might look into the object path option. The basic idea is to have each object contain a complete path to itself eg. object id4 path might be id1/id2/id3/id4/. This way you can query for object's child object or descendants in single like query eg. select * from table where path like 'id1/%'. It's a pain to maintain the correct path for each object but it pays off if you need quick retrieval. It's a trade-off. Either you read fast or you write fast :)
Then there's always Celko's nested sets .
According to wikipedia:
1.0 Beta 2 | 1.0.2914.0 | 2001-07-01 |
And I was wondering the same at http://thedailywtf.com/forums/thread/95924.aspx
[quote user="UncleMidriff"]
How would you all go about generating unique (per course) invitation codes that are shorter than UUIDs. Of course, the invitation codes shouldn't be easily guessable.[/quote]
1. Generate a random sequence of chars.
2. Get the next auto-incremented number.
3. Mix the two in a predefined way.
Eg.
1. sd3kea
2. 000001
3. sd3kea000001 or s000d300kea1 etc...
This way 1. Gets you a random key that is hard to guess and 2. Gets you uniqueness.
@Bob Janova said:
I'd love a language where threading and parallel coding was more 'designed in'.
We are experts in html, seo, and java?
Where is xml?
@Fred said:
@db2 said:@Nick said:[Obvious joke about mysql not being a real database]
[Lame recommendation to try postgresql, oracle, sqlite, etc]
[obligatory varchar2 dig]
[varchar2 retort]
[general, unrelated stab at the uselessness of VB, in any situation, and how <programming-language> solves all my problems]
@CDarklock said:
So it goes in a try() block with a corresponding catch().
2. YOU are an idiot who doesn't understand exceptions...
@CDarklock said:
The PURPOSE is to illustrate where you should put your exception handling.
@VGR said:
McDonald's
encouraged people to transport in a moving vehicle something which can
cause these burns.
@CDarklock said:
Rethrowing the exception is EXACTLY the right thing to do.
@dhromed said:
UltraEdit for windows supports folding.
@jesirose said:
I know this is a bit weird, but the only thing I like to write code in is Textpad. The ONLY thing I wish it did that it doesn't is code folding like on loops and functions etc.
Can anyone reccomend an good editor which is very similar to Textpad in it's simplicity and such, but has code folding?
I will be forever greatful.
@danielpitts said:
And C++ does short circuit, so if c fails, a and b will not be evaluated.
@codenator said:
I'm starting to think most people here are idiots, am I the only one who thinks Parsing a String as a int and covering up the exception is bad thing?
So basicly you are trying to parse the number out of string?
nonDev
@xrT said:
<font face="Tahoma">I tried implementing this in VS.NET, but it tends to convert my style back to Allman everytime I reopen my project or rellocate a code block so I just use Allman recently.
</font>
Well I guess it can be done ( quirksmode )...
nonDev
My best bet would be parameter sniffing problem.
Declare local variables in you sp and set them to values of parameters. Use local varables in your sp instead of parameters.
nonDev
Me - I get freaked out by people using google to look for google... I mean - you're there dude!
@unklegwar said:
That "colon P" was supposed to be a smiley tongue thing...oh well.
@tofu said:
This is why people don't like talking to geeks. We come off as so goddamned arrogant.
@tofu said:
A vote is a boolean. There is no room for interpretation.
Thanks, I'm bookmarking you for future security questions :).
@atk said:
It doesn't change, it's interceptable (HTTP over SSL won't
save you, here - URLs are passed outside the encrypted data), it's
guessable,
@craiga said:
Just curious as to how you're thinking on this one ...
I found this article quite interesting: http://msdn.microsoft.com/winfx/reference/infocard/default.aspx?pull=/library/en-us/dnwebsrv/html/lawsofidentity.asp
It's interesting that almost everything on the web relies on "a secret".
How about an ip check? Let's say you are using a service that makes sense being used only in a specific area (How many of you do online banking from out of state?). Now your security relies on "a secret" and "a location".
How about loging unsuccessful logins. Would your users mind if you send them a helpful e-mail saying something along the lines of: "We noticed you have attempted to login with an invalid password several times this week. Did you wish to have your password reset?".
How about loging succesful logns and looking for things out of pattern? ...
@craiga said:
Username is for identification, password is for authentication.
You CANNOT rely on user action or inaction for security. If the system is vulnerable at ANY stage, then it is vulnerable always.
You completely miss the point. By having a password in a database, you
move away from security by obscurity into a slightly (but only
slightly) higher form of security.
With a simple 'admin=true' system, all you need to know is the backdoor.
@craiga said:
Having a manual addition to the URL is slightly worse than a username/password system, as it is effectively just the password.
Add to that the fact that the URL is cached locally, visibly in server, proxy and browser logs, and you have yourself one nice security hole.
If they were ever to find out (as in your &admin=true example) then they could get full access. No extra knowledge beyond the workings of the system is required.
@ Angstrom - If someone has access to your code I'd guess he has access to your db.
In any case I could develop a web based security solution where typing
&admin=true in the url gives you admin priviledges without it being
obvious from the code itself. Eg. the "true" part might be compared to a
value stored in the db.
</span>
I often hear this phrase from knowledgeable individuals but never in a context of a username/password protected system. Isn’t that the ultimate “security by obscurity" security? Anyone knowing the username/password combination can get in. Security stems from the fact not everyone knows it.
Is there a fundamental difference between a login control and a secret url?
The "on-site customer" does wonders for scope cre... ahm "the natural process by which clients discover what they really want."
nonDev
@dhromed said:
Still, gravity is weak.
nonDev
Update!
I recieved the e-mail as the sistem promised. There's no password ot temporary password in the mail though.
nonDev living on cookies
I've decided it's time to change my password to something I can remember, but the forum software thinks it’s a bad idea. After going through the trouble of typing the desired password twice I was greeted with:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>
“User Password Changed
The password has been changed and a temporary password has been emailed to your account. Please allow up to 15 minutes for it to take effect.”<o:p></o:p>
Now what is my password?
nonDev