On
this page
it mentions JSON fields and properties
specify a particular field or property to examine
What is the difference between a JSON field and property?
Nothing.
When talking about JSON (as opposed to C# or C++), both terms mean the same thing.
He mentions both terms to clarify for people who are only familiar with one of them.
Related
I want to transfer and share some data inside JOSE JWE/JWS packets between different endpoints running differing os/libraries. Therefore I want to adhere to the relevant Standards (RFCs) as closely as possible, for interoperability. Sadly I did not find an answer while reading these texts (maybe missed something?).
Some of my payloads are naturally JSON while others are not. I think it would be dumb to convert the others into a JSON wrapper with just one entry, if only one entry is possible anyways.
I noticed anyway that some libraries only allow some form of dictionaries when encoding data into JWE/JWS, while others will accept any string. Therefore I am concerned if it would be considered bad practice to encode data plainly into these formats or not?
I would like to design my protocols future proof, which is why I am very concerned for doing stuff the right way when working with encryption/encoding.
Only JWTs in JWE or JWS format needs to be a top level JSON object. But there is no requirement to payload/plaintext format/content in pure JWS and JWE.
Do I need to write the enums for the TwinCAT data types? Or they exist somewhere and I just can't find them?
Example: there is a data type called MC_HomingMode, which defines how to perform homing. I want to control it VIA ADS, so I need an enum for it. Couldn't find it.
Thanks
Well it apears there is no such thing. In my case, the TwinCAT types I needed, I made them in C# by my self.
According to the docs about scalars in GraphQL there is no support for binary data up to now.
According to above page it is possible to define own Types.
How could you implement a binary scalar in GraphQL?
I came here looking for an answer and after some reflection I got to the following conclusion, it is not a direct answer to the question but I think it is related and important to consider. You shouldn't implement a binary scalar in GraphQL.
I think for small images the encode as base64 solution will work great but for bigger files it goes against the design philosophy of GraphQL about efficient data transfer, so a better alternative would be to have those files somewhere else, like a CDN and just use the reference in GraphQL.
Size matters, for small queries it could make no difference but for big complex queries it could be a big performance problem.
The documentation seems to hint that custom types would still somehow boil down to default types:
In most GraphQL service implementations, there is also a way to specify custom scalar types. For example, we could define a Date type.
Then it's up to our implementation to define how that type should be serialized, deserialized, and validated. For example, you could specify that the Date type should always be serialized into an integer timestamp, and your client should know to expect that format for any date fields
The first thing that pops to mind in this case will be a base64-encoded string. Depending on your language of choice SO likely will have a sample serialisation/deserialisation routines.
You can but have to use default data-type to create a new one. For audio, video or images you can easily convert it into base64 and pass them as a string but in that, you have to keep in mind the length of the data as it's not stored in the buffer.
This SO question explains how to ignore extra fields when deserializing JSON with Jackson
by using #JsonIgnoreProperties(ignoreUnknown=true), but I want to know when/why should I do this?
This overrides the default for Jackson, which is to throw an exception for unexpected fields. I assume if I should just use this default normally, but when/why would I want to design my system to be strict vs accept anything it can?
I guess this is more of a design philosophy question, so let me know if this is not the right place to ask.
The SO question itself has one of the scenarios as an answer to this question.
The problem is, the JSON objects might change and have new fields added while the application is published, but currently it will break even when a simple String field is added, which can safely be ignored.
There can be various scenarios where you need to ignore some of the json properties while serializing/deserializing JSON like If you are consuming json from a web service and just want few meaningful fields to be serialized. For example from an employee details json, you want just the employee first name and last name. This way you will avoid having a heavy employee object.
If the consumed service upgrades in future adding some fields, your code will continue to work.
I'm not sure of the terminology here, so let me specify that when I say "verify" user input, I mean watch out for users claiming 30 Feb 2021 as their birthdays, rather than guarding against injection attacks.
Are there any guides to doing this correctly, or lists of common ways people do it wrong? Strategies for ensuring correct input even before it's entered (e.g., picking out of a calendar instead of typing into a text field)?
Note that I am not interested in language-specific answers (e.g., ASP.NET Validation Controls) but rather general strategies and principles.
The freer you make the input field, the more you have to check. Some languages may make it easy for you to verify that a text field is a valid date; others may not.
Then again, some users will resent clicking on a calendar control or three drop-downs to enter their birthdate. They may prefer to just type it in. That's a trade-off.
The term you are looking for is input validation.
As you point out if you use a control where it is impossible to enter invalid data you can help the client, but you still need to implement proper validation on the server.
I mean watch out for users claiming 30 Feb 2021 as their birthdays, rather than guarding against injection attacks
Why not do both? Is there a specific reason why you want to leave yourself open to injection attacks?
Assume that the user sends a string to the server, either one they entered themselves or else one that was sent by a control you placed on the page. The first part is to find a library function for parsing the string into typed data. In your example you could use DateTime.TryParse to parse a string to a date. This will fail for your given example as the given date is invalid. If you cannot find a library function for what you are trying to parse you can try to write a parser yourself. For simple validations you may be able to express it as a regular expression. For more complicated inputs you may need to write some code that performs the validation, perhaps even using a parser library to help you if the input language is particularly complicated.
The second part is to implement business validation rules specific for your needs. For example you know that a birth date must be in the past, but not too far in the past. This will require some judgement as it's not impossible that someone using your site could be 100 years old, but it's highly unlikely that they are 200 years old since no-one is believed to be this old.
i would recommend using a design pattern called "strategy". this is one of the patterns created by "the gang of four", or "gof" for short. there are some copies and variants of this pattern that you may have heard of, e.g. "inversion of control" and "dependency injection".
anyways, for an object oriented language, what you do is that you create a class called "validator", which validates data in a method called "validate". you'll have to make validate accept some relevant form of input, or overload it to have different methods for different sorts of data. or if you have access to some form of generics, you can use that.
next up, the constructor of this class should take a "validatorstrategy" object as argument. and then the actual validation will be passed through the strategy object.
to take this even further, you could then create some sort of input form generator system, where you specify input fields with your own type names. these will then generate different input fields depending on your front end language (html/android xml/java swing), and they will also affect the way in which the input is validated.
hmm.. i wonder how to solve the issue with two password input fields that need to have the exact same content to validate. how would this look in the form generating system? maybe there would be one input type named "password" which would generate one input field which doesn't show the input and has no validation, and another type named "passwordsetter" which would generate two input fields which doesn't show the input, and has the validation strategy of comparing the data from th two fields. creating that validation strategy could be pretty tricky though D: