Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
In Meteor, what is the most efficient way to check the database to see if something exists while the user is typing?
For example, I'm trying to check if the username exists in database while the user is typing his/her desired name to register an account.
I could create a keydown event to check every time when there's a key stroke, or I could use setInterval, but I feel like that's an overkill.
Is there a built in method in Meteor to do something like this?
I did't see anything like that, so you'll have to built it yourself.
Security
Showing which usernames are taken while typing makes it very easy to retrieve a list of existing users. This could be okay if the user list is available to public anyway (for example in a forum), but in most applications you should avoid that.
Waiting until user stops typing
Users probably type faster than the service is able to check the database. Therefore checking on every key stroke would cause a lot of unnecessary service calls. You should at least implement a delay or wait until the field looses focus.
Forseeing next character
You should try to minimize service calls. For example if someone types "Mic", besides checking the exact name, you could add that "Mick" and "Mic1" are already taken too. Further optimization would be to predict more than one character based on common names, but that probably will never be needed.
Reusing Autocomplete Code
You could reuse some code of a autocomplete component, for example when to trigger a service call. But most of the code you can't reuse, because the user interface is very different.
You might find this smart package useful.
https://github.com/mizzao/meteor-autocomplete
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I am trying to simulate a call center with chatting and in this scenario, a customer service representative can serve multiple customer chats at the same time, depending on their capabilities
I started nby creating an Employee agent and build on this, but I could not simulate a scenario in which one “Employee agent” can serve several client “chat” agents at the same time based on their total capacity, as in a real chat call center ...
Please advise how I can configure the logic so that several agents can capture / delay one resource. Or create a block in which the employee agent will bypass each chat and check if he can release it.
Thanks in advance
This is a more advanced question and not that easy to answer in detail without building a lot of logic and functionality.
Overall I can suggest the following design, but depending on your level of expertise in AnyLogic (And Java) this might not be the best design and I am curious to see if anyone will venture any other options. But as for a moderate user (and use case), this design will be sufficient
Since there is no way to do what you asked with a standard resource pool I would suggest to setup a resource pool inside a new agent type and then either as a population or graphically (as per my design) you can send chats to these agents. Since each agent has a resource pools inside of them you can define the number of chats an agent can handle in the parameters of the agent which defines the resources in the resource pool
You can then have a function that takes a chat from the queue and gives it to the first available agent that has capacity.
And you call this function whenever something arrives in the queue as well as when something leaves a chat agent and also when a agent gets a new chat as multiple chats might arrive at the same time and we only send the first one.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I am building a mobile app using Flutter. All user's data is stored online in a MySQL database, so the app needs an internet connection for almost every user interaction (there is a backend REST API).
Users have to be able to create some lists of tasks, update and delete every task and list, and so on. But from the user's perspective, the need for an internet connection for every simple operation like adding or deleting a task is a bad experience. I need a way to support these operations even without connection with the backend and to apply these changes later when it is possible. But what is the best practice to handle this case?
How to keep the app behaving like normal even without an internet connection and sync all changes that the user has done with the backend when the internet is available again?
For example, if the user creates a new list the app expects to receive the new list's object (with id) from the backend. Later this id is used for every backend call about this list like adding a task in it.
What you can do is use a state management approaches like
Providers, Bloc etc and have a local state of your database or the needed list inside them and apply all the changes on them when offline and implement all these on to the server when connected to internet.
Read here about flutter state Management
also you can check when the device is connected to internet with this connectivity and data_connection_checker packages
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I've registered a GitHub account to test their email verification process. So:
They've sent me an email with a link, containing my username and 40-chars code, like:
https://github.com/users/USERNAME/emails/120066679/confirm_verification/47889d71648523e5d99db5b969f59809c2715fb6
I have not followed the link
4 days later, the've sent me another (a reminder), that I have to verify my email, containing link with another different 40-chars code
So, what was the purpose of changing 40-chars code? As I remember, other services, used to expire verification code anyway. If there is already a username in verification link, is there really a need to do that? In case of brute force, I can just count failed attempts related to specific user and block it, right?
P.S. Also interesting, what is the purpose of emails/120066679 in link? (which is similar for both letters)
There are several reasons why quick expiration of verification codes is the best practice.
If protection with a verification code is deemed appropriate, it's safest to make it not only complex enough but also valid for minimum amount of time. If you only make the code work for the time needed (usually really short), you diminish the risk of someone abusing it. (For example, someone could programmatically 'guess' the codes - the more time for this exercise, the higher chance for success.)
Also, it's not efficient to store data of this kind. It's used once, it doesn't contain any actual information and as soon as it's used, it's ready to be "thrown away". It's not a good practice to store anything that doesn't add value when stored.
In addition, it's fairly rare that users don't use the codes immediately/soon. For the small percentage of cases where the code expires by the time the user tries to use it, it's more efficient to generate new ones.
Well, the purpose of an email validation link is to make sure that you actually own the email. Most validation links simply contain some secret that they send out your way, only in the possession of which may you verify the email address.
The reason they changed the code is because it probably expires. In that case you could not activate the account, so they sent you another in case you'd like to continue.
What if they don't send out a secret like this then?
In that case there is nothing that prevents an attacker from "verifying" emails that they actually have no control over. They could just visit the url with the username plugged in and activate the account.
Normal users would not do this, but spammers might.
For the case of brute force:
If the secret is sufficiently random, and the keyspace is large enough, trying to guess it is a fool's errand.
We can assume this is a random 40 hex char number, which gives us:
16**40 == 1461501637330902918203684832716283019655932542976
possible values for it. It is safe to say that no one will guess this number in the near future.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
What's the RESTFul pattern for enabling and disabling a system user.
Example:
a DELETE request to /users/123
and PATCH/UPDATE request to /users/123
Or should I use /user/enable/123 using PUT and /user/disable/123 using DELETE?
First of all: DELETE always removes a resource. So it cannot be used to change a value. Read more about the different Http methods and how they are supposed to used here: https://www.rfc-editor.org/rfc/rfc7231
You can solve this in three different ways. Whatever fits you best.
Update user object
Another approach would be by updating the User resource.
In this case you could send a PUT /users/123 with a body that contains the full updated user object.
Partial update of user object
If you define that you are allowed to do partial updates (partial means you only need to send the changed values which will be merged in to the existing user object) you can send a PATCH /users/123 containing a json with {enabled:true}. This is usually a bit trickier to handle on the backend.
Directly set enabled property (not recommended)
enabled is a property of a User. There for you can address this property directly in your URL.
You can use PUT /users/123/enabled with a body that contains true or false. To this approach, also see #Roman Vottner comment below
What's the RESTFul pattern for enabling and disabling a system user.
How would you do it with pages on a web site?
It might be that you would load a page that describes the system user, and from there navigate to a form with affordances for changing the users state; you would set the values on the form you want, and submit the form to the URL provided. The server would process the request, and either give you a status page, or redirect you back to an updated copy of the user, or whatever.
Notice: throughout the entire process, the client is following links provided by the server; no guessing URI, no guessing which http methods to use; the client follows the instructions embedded in the hypermedia
Repeat that same process in a machine readable way, and you've got a REST api.
REST, keep in mind, is about manipulating "resources" by passing messages around; the changes made to your domain model are side effects of the resource manipulation. In other words, the resources are part of your integration domain. See Jim Webber - REST: DDD in the Large
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I want to implement a simple in-house table that tracks user page views on my website. Without targeting some specific hypothesis, what is useful data to store? Eventually I'll use it to build graphs or decision trees to better learn about our user base. This is static (no javascript).
Things I can think of:
URL accessed
HTTP refer[r]er
HTTP Accept Language
Browser-agent
Session id
User id (if logged in)
Time visited
It depends on how public your site is. If your site requires authentication you can have more controlled statistics because you can trace the user (visitors) history. In the case the user does not require authentication you are limited to the information provided by the SERVER VARIABLES: HTTP_USER_AGENT; REMOTE_USER; REMOTE_ADDR; REMOTE_HOST; REMOTE_PORT; HTTP_COOKIE; HTTP_USER_AGENT.
I have implemented something like this for some non-public site each time the user logs on to the site, the information I'm storing looks like:
User Key
Remote host IP
Date Logon
Last Request Datetime
Total time connected (minutes)
Last Request Minutes
Event/Action performed
Sounds like a good start,
I'd be inclined to store visitor IP address, and derived from that via a geo ip lookup the location of the visitor.
Also you could consider reverse dns'ing the IP to get an idea of the isp you're user is on, you might never use it but then again it could be useful if you have a report of downstream caching causing problems.