ARQC validation is not working, I understand there could be several reasons for that, I need to first confirm I have the correct issuer master key. Is it possible to get the check digits of the key(used in arqc generation) from the chip application
Yeah tough to analyze and correct, but unfortunately, KCV is available only for certification authority public key, not for card key or session key.
Related
What should I do to find an existing contracts?
e.g. I have a template which create Account contract. Before creating the contract, I need to search the existing contracts to make sure the account id is not duplicated.
As Shayne Fletcher points out, DAML recently gained a feature called "Contract Keys" which addresses the specific issue you are trying to solve. You make use of this feature by declaring a key on a template together with a set of maintainers, who ensure the uniqueness constraint in that key and validate any lookups.
template Account
with
issuer: Party
owner: Party
accountNo: Text
where
signatory issuer
observer owner
key (issuer, accountNo) : (Party, Text)
maintainer issuer
The above specifies that the tuple (issuer, accountNo) is the "primary key" of this type of contract and that the issuer of an account is responsible for maintaining the index for accounts issued by them.
You now have two functions at your disposal: fetchByKey and lookupByKey. Both take a tuple (Party, Text). fetchByKey returns a tuple (ContractId Account, Account) and aborts the transaction if the key can't be found. lookupByKey returns an Optional (ContractId Account), with the additional subtlety, that the use of lookupByKey must be authorised by the issuer.
More generally, though, queries tend to be done off-ledger, in the integration layer of the application. If, for example, you wanted to check that a given owner doesn't hold more than 10 account already, you would typically do that by maintaining a mirror of the active Account templates in a queryable database of your choice and querying that before submitting your transaction.
You can have a look at this example, which maintains all active contracts in a MongoDB.
This a newbie security/console question...I created a key ring in my project in a specific (wrong) location, Europe.
I can't see any way in the console to edit or even delete a key ring. The key ring is completely empty...no keys in it.
How can I edit/delete a key ring?
Sorry, you can't delete or rename keys or key rings. We were concerned about the security implications of allowing multiple keys or key versions over time to have the same resource name, so we decided to make names immutable. (And you can't delete them, because we wouldn't be able to do a true deletion--there would still have to be a tombstone tracking that this name had been used and couldn't be reused).
We're aware that this can make things untidy, but we have no immediate plans to change this.
If you want to avoid getting billed for a key or otherwise make it unavailable, you can do so by deleting all the key versions; neither keys nor key rings are billed for, just the active key versions within the keys.
Thanks for your question and for using GCP and Cloud KMS!
Interesting. For comparison on AWS keys have unique IDs and there is a separate resource to alias names to ids.
Your question: How can I edit/delete a key ring?
Visit Destroy a key version. You can destroy an enabled or disabled key version. You may also disable and enable the KMS API. I just did it.
The Reference guide for Session.getTemporaryActiveUserKey() says the method returns "a temporary key that is unique to the active user" and that this key "rotates every 30 days and is unique to the script".Actually the method returns a temporary key also for "anonymous" sessions, indicating that no user is currently logged in.Is this temporary "anonymous user" key stored somewhere? Since it changes every 30 days, is there any method to get the current "anonymous key" to compare it against the one returned by the getTemporaryActiveUserKey() method?Thanks!
I've recently built something using this very param so I think I just might know what you need.
To your question though -
Is this temporary "anonymous user" key stored somewhere?
The answer is No. The Session.getTemporaryActiveUserKey() is not automatically stored somewhere.
You can however, store it using PropertiesService (or practically any other place that you're comfortable accessing like Sheets, Notes etc.) and one of the implementations of this can be found here.
Hope this helps.
Just wanted to ask.
I have site where each user is linked to an ID in the Database and this Primary Key is included in many tables. The fastest way for me to pull a users information is to have this ID.
Would it be considered bad practice to put this ID in website HTML code? eg id="theIDnumber"
Otherwise i can just use the username and then reference this in the Database for this ID - which is fine but using the ID would be faster I believe.
thoughts?
I'd say no, if your keys are predictable. A trivial example: if you are using sequentially incrementing primary keys users can extract information from data that could be a privacy concern. e.g. they can infer which account was created before their account. Life also becomes easy for those trying to systematically leech information from your site.
Some related reading
https://stackoverflow.com/a/7452072/781695
You give your end users the opportunity to mess with those variables
and pass any data that they like. The counter measure to mitigate this
vulnerability is to create indirect object references instead. This
may sound like a big change, but it does not necessarily have to be.
You don't have to go and rekey all your tables or anything, you can do
it just by being clever with your data through the use of an indirect
reference map.
https://security.stackexchange.com/a/33524/37949
Hiding database keys isn't exactly required, but it does make life
more difficult if an attacker is trying to reference internal IDs in
an attack. Direct references to file names and other such internal
identifiers can allow attackers to map the internal structure of the
server, which might be useful in other attacks. This also invites path
injection and directory traversal problems.
https://www.owasp.org/index.php/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet
An object reference map is first populated with a list of authorized
values which are temporarily stored in the session. When the user
requests a field (ex: color=654321), the application does a lookup in
this map from the session to determine the appropriate column name. If
the value does not exist in this limited map, the user is not
authorized. Reference maps should not be global (i.e. include every
possible value), they are temporary maps/dictionaries that are only
ever populated with authorized values.
I am the person in my company who tries to solve coldfusion errors and bugs. We get daily emails with full details of coldfusion errors etc, as well we store this information in our database.
And for a few different applications in ColdFusion, they seem to sporadically generated "Violation of PRIMARY KEY constraint" errors.
In the code we always check for the existence of a row in the database before we try to do an insert, and it still generate's that error.
So my thinking is, either we need to a cftransaction around these each of the check, insert or update blocks. But I am not sure this will truly solve the problem.
These are coded in standard coldfusion style/framework. Here is an example in pseudo-code.
cfquery name="check_sometable" datasource="#dsn#"
select id
from sometable
/cfquery
if check_sometable.recordcount gt 0
-do insert
else
-do update
/endif
So why would this intermittently, cause primary key violations?
Is this a sql server problem, are we missing a configuration option?
Are we getting all of this because we are not on the latest hotfixed version of coldfusion 8 standard?
Do we need to upgrade our jdbc/odbc drivers?
Thank You.
Sounds like race conditions to me. Two connections check for the next available id at the same time, get the same one and then the insert fails on the second one. Why are you not using an identity field to create the PK if it is a surrogate key?
If you have a PK that is a natural key, then the violation is a good thing, you have two users trying to insert the same record which you do not want. I would try to fail it gracefully though, with an error that says someone else has created the same record. And then ask if they want to update it after loading the new values to their screen. I'm not sure I would want it to set up so that the data is automatically updated by the second person without them seeing what the first person put into the database.
Further this might be an indication that your natural key is not as unique as you think it is. Not sure what this application does, but how likely is it that two people would want to be working with the same data at a the same time? So if your natural key were something like company name, be aware that they are not guaranteed to be unique and you might have users overwriting good data for one company with data for another company already. I've found in life there are truly very few really unique, never changing natural keys. So if your natural key really isn't unique, you may already have bad data and the PK violations are just a symptom of a differnt problem not the real problem.