In many web sites, passwords are usually stored in a database. I think this is well known to anybody who ever created any web page with user accounts.
Storing passwords in plain text is considered harmful. The only reason that I find is that when someone gets the access to the database, or has the database backup, the passwords are just plain text, so everyone can read them.
Quite nice solution to this problem is hashing the passwords. The database stores no the plain text passwords, but the result of some hash function.
hashed_value = HASH_FUNCTION(password);
The hash function is a one way function, so you can use it for encrypting the password. Decryption is impossible, what’s more, you could probably find many different passwords that have the same hash value. The mostly used hash function is, unfortunately still, md5(). It returns 128 bit hash value. It means that there are only 2^128 possible values… what is a quite huge number: 340,282,366,920,938,463,463,374,607,431,768,211,456. The md5 algorithm contains some flaws and currently is not so secure.
Very interesting keynote from RailsConf 2010 given by Robert Martin. The conference was names RAILSConf but the keynote is not only about Rails or Ruby, it is about the community. About the community and which community I like most, I will write later, now I am just going to watch it once again.
PostgreSQL is a great database, in my opinion much better than Oracle, or the so widely used MySQL. The version 9.0 is going to be out soon. There is the quite huge list of ideas for the future improvements (hopefully in the next 9.1 version).
Depesz wrote his own list of things that he wants to see in the future versions, so I thought I would write my own.
That was to be called naming convention. That obviously is better to have any than none. As I was writing, I noticed that the title doesn’t reflect what I wrote. All turned out to be not about convention but about comparing PHP to Python, but personally none of the languages is my favorite.
After reading the whole post, I realized that Python is not better than PHP, it is messed the same way, so why bother changing from PHP to Python?
In Python blocks have to be indented just because the indentation level defines the logic. In C/C++/Java there are { and } while in Ruby there is begin and end. Of course indenting is helpful. Just like syntax coloring in editor.
In Ruby can do whatever you want with the indentation. That’s not a problem. Every good editor can fix the code layout due to some rules. Normally I use VIM for all those scripting languages, for programming in Ruby and Python too. In VIM after opening any file I can do the magic command:
Well… once again Twitter turns out to be amazing piece of software (is this because it was implemented in Ruby?). Twitter has (had?) a bug where you could force someone to follow you just by
The flaw appears when a user tweets this format: “accept [Twitter Username]”. So, for example “accept TechCrunch”. Magically that user appears as one of your followers.
On my account there are still correct numbers – I wouldn’t use that dirty hack (lovely feature?) just to have more followers. Why someone want’s to have more followers not interested in following? Is there any
Twitter really amazes me – I really couldn’t reproduce that error (feature?) in the soft that I write. Of course I could do that on purpose – but not by accident, no way.
This is really amazed what you’ve done, thank you for inspiring me how to create such hidden features. Good work.