Whenever I generate cloudformation template from CDK, I see that in logical ids, it adds some kind of Hash. What does that Hash mean? Eg.
Test4FCEEF4A
How does this Hash 4FCEEF4A gets generated?
The logical IDs for resources are set using the allocateLogicalId method which you can find here. It calls the makeUniqueId method which you can find here. In the makeUniqueId method, it creates a hash component of the logical ID and a human-readable component of the logical ID. It uses the crypto library to create an md5 hash using path, which it gets from the IDs of the nodes of the CfnElement and returns a hex value. So the Hash 4FCEEF4A you see is the hash component that is created in the makeUniqueId method.
Related
Is it possible to decode the namespace or the name from a given UUID?
Imagine that you have a house with a specific UUID and code, and now you need to know if the door or the windows belongs to the house only by looking at UUIDs.
My idea is to somehow put the house code inside the window and door UUID. and then somehow checking if the generated ids belong to the house extracting the house code inside from them.
Is it possible to get name or namespace from UUID V5?
No. It is not possible to extract either the name or namespace from a type 3 or type 5 UUID.
These two UUID types are produced by using MD5 or SHA1 to generate a 128 or 160 bit hash from a string that combines the name and namespace. Then some bits of the hash are thrown away.
It is mathematically impossible to reverse a hashing function (because of the Pigeonhole Principle) so extracting the original name or namespace would be impossible, even if the UUID contained the complete hash.
See also:
Universally unique identifier: versions 3 & 5
which says:
"Version-3 and version-5 UUIDs have the property that the same namespace and name will map to the same UUID. However, neither the namespace nor name can be determined from the UUID, even if one of them is specified, except by brute-force search. RFC 4122 recommends version 5 (SHA-1) over version 3 (MD5), and warns against use of UUIDs of either version as security credentials."
If you wanted to encode the the UUID and code of a house (or whatever) in an identifier, then you would need to use a reversible transformation on some representation of the information; e.g. Base64 encoding (insecure) or public key or private key encryption (potentially secure).
I have a get request that will give me a winner based on a list of inputs.
eg). [{rabbit:3, tiger:2}, {rabbit:1, donkey:3}, {bird:2}]. // the winner is {rabbit:1, donkey:3}
I would like to design a get end point that will take a list.
One way I could think of is like this:
/GET
winner?rabbit,3?tiger,2&rabbit,1?donkey,3
A request param map would like like key:{rabbit,3?tiger,2}: value=[]
alternatively, I could do:
/GET
winner?id1=rabbit,3?tiger,2&id2=rabbit,1?donkey,3
but I don't need the id information at all.
While this serves the purpose for what I need, I am wondering what would be the best way to represent query param with sub-object?
There really isn't a great answer here.
As far as HTTP is concerned, any spelling that is consistent with the production rules described by RFC 3986 is fine.
If you have a representation that is easily described by a URI Template, then you (and your clients) can take advantage of the general purpose template libraries.
BUT... templates are not so flexible that they can be used to describe arbitrary message schemas. We've got support for strings, and lists (of strings) and associative arrays (of strings), and... that's pretty much it.
On the web, we might handle an arbitrary case using a form with a textarea control that accepts a string representation of the message; the browser would then create a key value pair, where the value is an encoded representation of the information in the text area.
So, for example, you could copy a string representation of a JSON document into the form, submit the form, and the browser would compose the matching query-part. On the server, you would reverse the process to get at the JSON document.
There's nothing particularly magic about using a key value pair, of course. Another possibility would be to ignore the key of the key value, and just use the properly encoded value as the query. Again, the server just reverses the process.
Another somewhat common attempt is to use key value pairs, treating the keys as "paths" - which is to say each key identifies a location in the original document, and the value indicates the information available at that location.
?/0/rabbit=1&/0/tiger=2&/1/rabbit=1&/1/donkey=3&/2/bird=2
In this example, the schema of the keys is based on JSON Pointer (RFC 6901), which is possible way to flatten hierarchical data into key value pairs. Which may not be "best", but is at least leaning in the direction of readily standardizable. (A standardized form would be an improvement, but I wasn't able to identify one).
The most obvious seems:
GET /winner?rabbit=3&tiger=2&rabbit=1&donkey=3
Consider this code:
const hashPassword = function(plainText) {
return crypto
.createHmac(process.env.Secret_hash_Password, "secret key")
.update(plainText)
.digest("hex");
};
As you may have noticed, this is a simple hashing function using crypto.
Now consider this code excerpt:
bcrypt.compare(password, user.password, (err, isMatch) => {....}
As you may have noticed, this is a simple comparing hashing function using bcryptjs.
As I believe everyone will agree, the second is most secure.
Now consider the problem:
I have a key to store on mongo, and this key is a sensitive information, as so, I have decided to hash it as so no one can decrypt it. This key is used to make mongo searches, this an information that just the user has, a sort of password.
Solution: use the first code, as so nonetheless you cannot decrypt, you can get the same result of hashing if the input is the same.
Problem: my solution is using a tecnique that is well-known to be easily hacked, someone that somehow had access to the server just need to enter several inputs and once they get the same output, they got it! this is a well-known flaw of my solution.
Desired solution: use the second code with mongo.
Discussion: I could simply get all the database information with find({}), and apply say ForEach and bcrypt.compare, nonetheless, I know from my studies that mongo is optimized for search, e.g. they use indexes. It would be nice to be able to pass the bcrypt.compare as a customized function to mongo search enginee.
It was suggested "Increase the bcrypt salt rounds.": I cannot use salt since that would change the key and whenever I will need to compare, it will change. bcrypt.compareexists to overcome that, but mongo/mongoose queries does not have such internal enginee.
What I have in my head, in pseudocode:
Model.findOne({bcrypt.compare (internalID, internalID')}) //return when true
Where: bcrypt.compare (internalID, internalID') would be a sort of callback function, on each search, mongo would use this function with internalID', the current internalID under comparison, and return the document that produces true.
Any suggestion, comment, or anything?
PS. I am using mongoose.
From what i understand, you don't ever want anyone to know the patient ids (non -discover-able from real life patient-ids), even the database admin (and of course hackers).
I think you design is a bit messed up.
Firstly - indexes use B tree data structure for faster lookup so you have to provide exact string for lookup and by your condition of un-hash-able ids, indexes won't work. So you'll have to iterate over every patient id by that doctor and compare to get true result, which is pretty compute- extensive and frankly bad design.
There are multiple ways to approach to approaching this problem- depending upon your level of trust and paranoia.
I think using cryptojs is the correct solution. Now you have to add some randomness to the key/solution. Basically you hash the id with cryptojs, but instead of supplying the key yourself, you could take the secret key from doctor itself then hash every id with that key. Now you will have to unhash and hash every patient id everytime doctor changes secret key (using some sort of message queue).
You could also hash the secret key entered by doctor before saving and will have to unhash everytime (twice!) doctor wants to lookup by patientId.
Depending upon the number of users you expect your application to serve, if number is low enough- my solution would work. But too many users, you'd have to increase compute resources and probably invest in some security measures instead of my overkill solution. Why'd you be losing secret key to hackers anyway?
Good luck.
here is my use case:
I have a simple client/server app, where the communication goes thru socket.io. Since I need to keep track between room name and its corresponding socket owner, I decided to create simple Redis hash, where, each pair is . This hash allows me to quickly find specific room owner socketId by its room name. So far so good.
The above hash is updated on subscribe backend event, using very simple haset call via node_redis redis.client.hset(keyRoomToSocketId, room, socketId, cb);
This makes sure, each time a new socket arrives and creates its own room with a unique name, to set its socketId to the hash along with it's corresponding field - room.
Now, I would like on socket disconnect event to find this pair and set socketId to empty string. Apparently (tell me if I am wrong), I cannot search the hash by socketId. What I have in my mind is to make one more hash in parallel, in which, the pair to be reversed, i.e. . This will allow me to search second hash by socketId, retrieve room, delete the pair from there and then search first hash and set socketId to "" into the corresponding pair.
Is there anything I am missing and can I make this in a more efficient manner, using Redis?
This should work - your thinking is correct. What you'll be doing is basically a two-way mapping, and a Hash or two are simple and efficient for that, with the main "price" being the duplication of data. Denormalization is a common practice with NoSQL and specifically Redis.
Actually, in the light of the fact, I am using redis along with socket.io, I ended up with just one hash, where pair is .
As a second hash, I am using socket object on the backend - when subscribe event fires, I assign room to socket.ownRoom field. The on disconnect event, I am using this field from socket object and search into the only hash.
I need to store a password's SHA-256 hash in OrientDB REST function - so I can use it to authenticate the user. The incoming call to the REST function will contain the password (over HTTPS) but I want to generate a hash and store that instead of the password itself.
However, OrientDB does not expose any helpers to do this. And straight javascript does not have helpers to do this either... any way I can make this happen?
(one obvious option is to SHA-256 it in the middle tier and pass that to OrientDB but I'd rather keep this in the database tier)
You can use OSecurityManager from Javascript functions like this
return com.orientechnologies.orient.core.security.OSecurityManager.instance().digest2String("password");