• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Cookie in data file

 
Bartender
Posts: 1558
5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

As per the format of data file, first 2 bytes are reserved for cookie value.

So, while validating the data file, I'm reading first 2 bytes of the data file (provided from GUI) and checking its value with cookie in original file. If that value does not match, I'm exiting the application.

Is this approach valid for data file validation? Or anything else can be done?

Thanks in advance.
 
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I validated against a hard-coded value, no entry in the GUI
 
Ranch Hand
Posts: 590
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I validated against a hard coded value as well. I also validated the file based on other criteria.

But that is an interesting approach to allow the end user to specify the value.

I can't see anything wrong with your approach. The only thing that I would suggest is to include the value in your documentation.
 
Anayonkar Shivalkar
Bartender
Posts: 1558
5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think my statement

I'm reading first 2 bytes of the data file (provided from GUI)


created some confusion.

By above statement, I meant to say that data file will be provided from GUI (and not the cookie value)

I'm doing the same thing as Roel did (hard-coding the cookie value in code).

Thanks.
 
Roel De Nijs
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sean Keane wrote:But that is an interesting approach to allow the end user to specify the value.


I don't like it, simply because why would you bother the end user to enter some kind of strange (for him/her) value to be able to work with the application. That would be the same thing if you made some order in an online shop, you first have to enter the location (on their server) where to store the invoice of your order.

Glad to hear he just uses a hard-coded value to validate against
 
Bartender
Posts: 2292
3
Eclipse IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Roel De Nijs wrote:I don't like it, simply because why would you bother the end user to enter some kind of strange (for him/her) value to be able to work with the application.



Agreed. Other than that, the cookie value is a kind of mechanism to provide some security, so only known data files are used. If you let the user provide the cookie value, then an unauthorized person could change the data file and use it successfully.
 
Sean Keane
Ranch Hand
Posts: 590
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
From the view point of the person starting the server, you could view the magic-cookie as a key which allows the admistrator to specify that they only want to start a database containing their known key e.g. "I only want to start databases containing my special key of 23".

But for this assignment I think anything other than the simple approach of validating against a hard coded value would of no benefit.

 
Roberto Perillo
Bartender
Posts: 2292
3
Eclipse IDE Spring Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sean Keane wrote:From the view point of the person starting the server, you could view the magic-cookie as a key which allows the admistrator to specify that they only want to start a database containing their known key e.g. "I only want to start databases containing my special key of 23".



Well, I kindda' agree. But I'd say that it would be better to place this kind of information in a .properties file. Because this is more of an infrastructure information.
 
Roel De Nijs
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Roberto Perillo wrote:But I'd say that it would be better to place this kind of information in a .properties file. Because this is more of an infrastructure information.


Agreed!
 
Sean Keane
Ranch Hand
Posts: 590
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Roberto Perillo wrote:

Sean Keane wrote:From the view point of the person starting the server, you could view the magic-cookie as a key which allows the admistrator to specify that they only want to start a database containing their known key e.g. "I only want to start databases containing my special key of 23".



Well, I kindda' agree. But I'd say that it would be better to place this kind of information in a .properties file. Because this is more of an infrastructure information.



This is all theoretical as I think we all agree that allowing the user to specify the magic cookie value wouldn't be the way to go for this assignment.

But whether it is infrastructure or not would depend on the requirement. Since each of us probably has our own idea of the non-existent requirement, then we'll have our own opinion .

It's conceivable that an admin user who is starting up the server may want to enter their "special key" through the user interface.

Either way, whether you hide the functionality to specify the magic cookie value in a properties file, or you make it more obvious in the GUI, the end result is the same in both scenarios. The core functionality is that you are allowing a user to pass the magic cookie value into the program.
 
Roel De Nijs
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sean Keane wrote:It's conceivable that an admin user who is starting up the server may want to enter their "special key" through the user interface.


I can see where you go in the network mode, but what about the standalone mode? It's a simple CSR who starts the application and then has to provide some special key.
 
Tomorrow is the first day of the new metric calendar. Comfort me tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic