• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cookie in data file

 
Anayonkar Shivalkar
Bartender
Posts: 1557
5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

As per the format of data file, first 2 bytes are reserved for cookie value.

So, while validating the data file, I'm reading first 2 bytes of the data file (provided from GUI) and checking its value with cookie in original file. If that value does not match, I'm exiting the application.

Is this approach valid for data file validation? Or anything else can be done?

Thanks in advance.
 
Roel De Nijs
Sheriff
Posts: 10442
136
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I validated against a hard-coded value, no entry in the GUI
 
Sean Keane
Ranch Hand
Posts: 582
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I validated against a hard coded value as well. I also validated the file based on other criteria.

But that is an interesting approach to allow the end user to specify the value.

I can't see anything wrong with your approach. The only thing that I would suggest is to include the value in your documentation.
 
Anayonkar Shivalkar
Bartender
Posts: 1557
5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think my statement
I'm reading first 2 bytes of the data file (provided from GUI)

created some confusion.

By above statement, I meant to say that data file will be provided from GUI (and not the cookie value)

I'm doing the same thing as Roel did (hard-coding the cookie value in code).

Thanks.
 
Roel De Nijs
Sheriff
Posts: 10442
136
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sean Keane wrote:But that is an interesting approach to allow the end user to specify the value.

I don't like it, simply because why would you bother the end user to enter some kind of strange (for him/her) value to be able to work with the application. That would be the same thing if you made some order in an online shop, you first have to enter the location (on their server) where to store the invoice of your order.

Glad to hear he just uses a hard-coded value to validate against
 
Roberto Perillo
Bartender
Posts: 2271
3
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roel De Nijs wrote:I don't like it, simply because why would you bother the end user to enter some kind of strange (for him/her) value to be able to work with the application.


Agreed. Other than that, the cookie value is a kind of mechanism to provide some security, so only known data files are used. If you let the user provide the cookie value, then an unauthorized person could change the data file and use it successfully.
 
Sean Keane
Ranch Hand
Posts: 582
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the view point of the person starting the server, you could view the magic-cookie as a key which allows the admistrator to specify that they only want to start a database containing their known key e.g. "I only want to start databases containing my special key of 23".

But for this assignment I think anything other than the simple approach of validating against a hard coded value would of no benefit.

 
Roberto Perillo
Bartender
Posts: 2271
3
Eclipse IDE Java Spring
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sean Keane wrote:From the view point of the person starting the server, you could view the magic-cookie as a key which allows the admistrator to specify that they only want to start a database containing their known key e.g. "I only want to start databases containing my special key of 23".


Well, I kindda' agree. But I'd say that it would be better to place this kind of information in a .properties file. Because this is more of an infrastructure information.
 
Roel De Nijs
Sheriff
Posts: 10442
136
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roberto Perillo wrote:But I'd say that it would be better to place this kind of information in a .properties file. Because this is more of an infrastructure information.

Agreed!
 
Sean Keane
Ranch Hand
Posts: 582
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roberto Perillo wrote:
Sean Keane wrote:From the view point of the person starting the server, you could view the magic-cookie as a key which allows the admistrator to specify that they only want to start a database containing their known key e.g. "I only want to start databases containing my special key of 23".


Well, I kindda' agree. But I'd say that it would be better to place this kind of information in a .properties file. Because this is more of an infrastructure information.


This is all theoretical as I think we all agree that allowing the user to specify the magic cookie value wouldn't be the way to go for this assignment.

But whether it is infrastructure or not would depend on the requirement. Since each of us probably has our own idea of the non-existent requirement, then we'll have our own opinion .

It's conceivable that an admin user who is starting up the server may want to enter their "special key" through the user interface.

Either way, whether you hide the functionality to specify the magic cookie value in a properties file, or you make it more obvious in the GUI, the end result is the same in both scenarios. The core functionality is that you are allowing a user to pass the magic cookie value into the program.
 
Roel De Nijs
Sheriff
Posts: 10442
136
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sean Keane wrote:It's conceivable that an admin user who is starting up the server may want to enter their "special key" through the user interface.

I can see where you go in the network mode, but what about the standalone mode? It's a simple CSR who starts the application and then has to provide some special key.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic