I am interested in how eth-lightwallet stores user passwords to generate keys if they are for example pre deterministic where you don't need to store them somewhere or if they are encrypted and stored in some kind of location
When you create an eth-lightwallet you have an instance that you can use. the library doesn't handle longterm storage of wallets. you have to use a storage library storj.js or serialize the wallet and make users download it as a JSON-file and upload it later.
Related
I have a shopping cart which I am maintaining with Ngrx and for maintaining the persistence of the state after a page refresh I have two options:
Stringify the state and store it in local storage and get it back after the reload.
Stringify the state and store it inside a text file and then get the string out of the file and use JSON.parse to convert the string back to a JSON object.
I am storing some price related data so didn't want to store in local storage.
What should I use? Or is there any better way to do this?
Using the following library you can achieve your desired result
https://www.npmjs.com/package/ngrx-store-localstorage
I am using it myself in multiple projects and it works great, it acts as a meta reducer and therefore 'automatically' takes care of things for you.
https://ngrx.io/guide/store/metareducers
You can use the ngrx-store-localstorage package as https://stackoverflow.com/a/58362198/10112124 mentioned, or write your custom meta-reducer or as you mentioned use effects to do this. For the latter, Tomas Trajan has an example in his angular-ngrx-material-starter project.
All the above options are find, but I wanted to give an answer on what to store
I am storing some price related data so didn't want to store in local storage.
If you have sensitive information, you could store it in the sessions storage - when the session is ended, the storage will be cleaned up.
You shouldn't have to store sensitive information, why don't you store important information like the article id and the quantity? This way you can rehydrate the store with this information, and build up your shopping cart with this information plus the products of the catalog you would load in a normal way.
I am working on a Laravel app that should allow the user to manually add integration to 3rd party APIs and databases. With APIs it's easy: you only need to store the token. But the user should also be able to add integration with their own databases like MySQL. For that I'll need to store a host, user, password, basically all of the credentials. The issue I'm having is finding a proper and secure way of storing those credentials.
I was thinking about storing all of the connections in a connections table, adding the credentials to a connection_parameters JSON type field (so there would be flexibility and different types of connections can be stored in the same table) and hiding the details using the $hidden property on the model. This would be a first step towards a secure way of storing them, but I'm not sure that's enough.
Do you have any suggestions or practices you've used that you can explain to me?
I can see your main concern is to hide sensitive data from 3rd parties. What you are doing is already "ok" unless someone gets access to your database somehow. You may want to treat those fields the same way you treat users' passwords, since they also contain credentials.
One way would be to encrypt them before storing. Laravel comes with encryption/decryption out of the box https://laravel.com/docs/5.8/encryption.
Another solution is to store each user's credentials in a file and store the file in any directory but the public directory (e.g: /storage/connections). This way, only you can access those files. Each file could be named something like user_1234 1234 being the user ID. So it's easy to retrieve.
My client wants to store his login in the Adobe AIR application. Is this a good idea? I've looked at using Encrypted Local Storage (which uses the operating system) or is there another method more suitable?
I've found this answer but it is very confusing, https://stackoverflow.com/a/11899254/441016. It is saying it is OK to use to store login information but not OK to store registration keys for licensing software. I don't understand that. Login is more important than registration keys.
It's saying that other applications can read that information. Does that mean my application can read sensitive data from other applications simply because the user is logged in? That doesn't sound right. If an application adds sensitive data to the keychain it should be the only application that can retrieve it.
You should use the Encrypted Local Storage for saving login information in the device, it's save and easy to use.
If some user is able to see the contents in the Encrypted Local Storage (ELS), all he will see, is his own login info, so there isn't a security risk here. However, if you save registration keys or API keys, the user could use this information to hack your App.
Hope this helps.
Background
I am building a multi-tenant (approx. 100 paying clients) Customer Relationship Management application for a specific industry niche. The CRM will store data about my clients' prospects and customers (or rather, contacts). The data that will be stored will be a combination of known / standard data (Id, Name, Address, Phone, etc.) and configurable / dynamic data defined by each client. In other words, there will be a "form builder" allowing my clients to add more data about each contact. Furthermore, they will need to be able to import both the standard and dynamic data from legacy systems. The key requirement: in addition to searching through the "standard" data, clients should be able to search through "dynamic" data to find matches to queries, or even create reports that include / summed / grouped by this dynamic data.
I would prefer to use Microsoft Azure since I am a C# developer and have some familiarity with the user interface, even if I'm not widely experience in all the tools Azure has to offer.
Problem
My hope was to use reflection emit to create instances of dynamic classes representing contacts with both standard and dynamic properties, then serialize those instances into JSON and into Azure Blobs. However, I've read via several Stack Exchange threads that you cannot search through JSON data stored in a Blob (not efficiently, at least).
Question
What is the correct Microsoft Azure technology for storing and searching through dynamic data? Is there an existing pattern / approach that would allow me to store this "expando" data, allow me to search through it, and allow me to deserialize it back out to POCO's without a lot of hassle?
Alternatively, is there a better tool for the job other than Microsoft Azure that is C# friendly?
Check out Azure's document database that will store data in JSON.
http://azure.microsoft.com/en-us/services/documentdb/
http://weblogs.asp.net/scottgu/azure-new-documentdb-nosql-service-new-search-service-new-sql-alwayson-vm-template-and-more
If that doesn't work, you can fire up ElasticSearch or MongoDB on a Linux VM to store dynamic data as JSON.
One year after posting this question the answer is now clear. The correct technology is DocumentDb. It can work with static and dynamic types as this ScottGu post explains:
http://weblogs.asp.net/scottgu/azure-new-documentdb-nosql-service-new-search-service-new-sql-alwayson-vm-template-and-more
Can Riak be used to store images or binary data? It seems to only be able to store JSON documents, is this a correct assumption?
As z8000 said, Riak can store any data you like. If you're using the Erlang interface, just set the value of the riak_object to whatever you want to store.
If you're using HTTP, point your client at the "raw" interface: http://hg.basho.com/riak/src/tip/doc/raw-http-howto.txt It allows you to store data and serve it with whatever content type you like.
No, Riak can store arbitrary data. The jiak interface expects JSON with a certain "schema" however.