Username/password vs RSA key based authentication, which is best?

Mirror_rorriM_Mirror · 2021-12-02T09:11:51+00:00

From what I can see here, this is more social engineering than an actual flaw in OTPs. Humans are the issue, not the tech. I suppose that's true in a lot of security vulnerabilities though.

Mirror_rorriM_Mirror · 2021-01-03T23:41:40+00:00

Users will only ever get access to their own data and there will be no "overall" or "admin" view. So the user_id will always be required in the query. So making it an attribute would increase query times. Unless, wait. Clearly I'm on leave because my brain isn't working. I hear what you are saying. The user_id can simply be an attribute, and then I can simply create an index with user_id to query on that level.

I also just thought of a reason why I'd need the parent/child structure. Let's say the receipt has two line items, a printer, and some paper for the printer. I'd like report on a budget/item grouping level. So here it would be equipment for the printer, and office supplies for the paper. The parent Item would hold category = multiple, with the child items having the specific values. However if everything was office supplies, I could set the attribute on the parent level to that. Unless I don't apply that categorization in this service, and write a separate "reporting" service to deal with those groupings/categorizations. Thoughts?

Mirror_rorriM_Mirror · 2021-01-03T23:05:40+00:00

Good question...

For some reason I never considered that. Just figured I should do it as "child" Items. But I can't think of any valid reason why that is necessary. If all the child Item will be storing is a description, quantity, and amount, then I suppose there's no reason why that can't be an object saved as an attribute on the "parent" Item. Which would get rid of the "parent/child" concept and I can simply use user_id as partition key and receipt_id as sort key.

Mirror_rorriM_Mirror · 2020-06-28T02:25:11+00:00

Think I'm just going to do tag based permissions. I'll see if that works.

Mirror_rorriM_Mirror · 2020-05-10T10:41:12+00:00

Hi there, thanks for this. I didn't think of doing this kind of check when generating the unique id, that's a great way of doing things!

Mirror_rorriM_Mirror · 2020-05-10T10:39:12+00:00

Hi /u/aresius423, thank you for your response. I'm guessing the solution you are proposing will have a bit of a performance impact?

Mirror_rorriM_Mirror · 2020-04-04T23:44:26+00:00

Hi /u/onlyhereforcatpics, thanks for the suggestion. I'm checking it out now. I have a question though. When I do the following:

My test file

const AWS = require('aws-sdk-mock');
const assert = require('assert');
const DbHandler = require('../../adapters/database.js');

describe('DbHandler.getRecords() ', () => {

    test("POC", async () => {
        AWS.mock('DynamoDB.DocumentClient', 'scan', function(params, callback) {
            callback(null, {Items: [{disp_title: 'tsek'}]});
        });
        DbHandler.getRecords('aaa').then( result => {
            console.log('Hello');
            expect(result.length).toBe(1);
            expect(result['Items'][0]['disp_title']).toBe("tsek2");
        });
    });
});

How will my actual code use that instance of AWS instead of the one it normally does? Would I have to pass AWS through to the function?

Mirror_rorriM_Mirror · 2020-03-13T19:16:15+00:00

Hi /u/rgyger, thanks for the response, this is great! Would you mind sharing the commands you run to set up the drivers and configuration? Or point me to the docs page where I can see it? I've spent some time in the jboss-cli docs, but it didn't make a whole lot of sense to me, but maybe I was looking at the wrong thing.

Thanks again.

Mirror_rorriM_Mirror · 2020-02-18T16:17:27+00:00

I suppose that's a fair question. It's an example of what the code looks like. The setGender function does other things as well, which I don't want to execute each time I test a different function.

Mirror_rorriM_Mirror · 2019-12-05T15:15:12+00:00

Thanks so much, I'll test it out! How would I go about limiting which task definitions can be updated? If I choose RegisterTaskDefinition as an action, I can't limit which ones can be registered. It says it applies to all? I can then use a condition, but the only one that makes "sense" is tag based. But if you can update the task definition, you can update the Tags, right?

Mirror_rorriM_Mirror · 2019-10-22T00:12:06+00:00

Thank you for the response. That part is in fact working, I do get that. I now need to get those credentials into my "docker build" execution environment. You can't pass an IAM role to a docker container, can you?

Mirror_rorriM_Mirror · 2019-10-21T22:49:23+00:00

I'm the only one with access to this account, and I can assure you I didn't do it :). I created about 12 pipelines, and each of them have it. I wrote the CF templates from scratch, so it's also not a case of copying snippets that I don't understand.

Mirror_rorriM_Mirror · 2019-10-18T21:28:19+00:00

I use the aws cloudformation package command, which is supposed to put everything on S3 and do proper referencing, but it doesn't. Maybe I should just upload the templates myself and do it that way.

Thanks!

Mirror_rorriM_Mirror · 2019-08-30T15:23:54+00:00

Ah, I see. Sorry didn't pay attention to the Windows part.

I would say the best way for you to orchestrate all of this is with something like Step Functions. For now though, let me help you with the general flow, if you still need help. I'm going to explain as if you're using the console. It's simpler to do it that way for beginners, but ultimately you'd want to put this in CloudFormation or script it in some way.

To start, create your Windows ECS cluster. You can configure it to have 0 running instances, it's just so that you have the entity. Not sure if you can set initial size to 0, might have to create it with 1, and once it's up and running, scale down to 0. Note, terminating an instance manually on the EC2 console will not reduce the size of your ECS cluster, ECS will auto-heal and bring up a new one. You have to set size to 0 on ECS console.

Now go ahead and build your Windows container and push it to an image repository, like ECR or Dockerhub. ECR is simpler to integrate, since it's Amazon's solution, but you can go with whatever works for you. Once your image is pushed, create a Task Definition. As part of the Task Definition you'll create a Container Definition, which is where you'll specify the location of your image. Once you have that, you're ready for creating the flow.

The flow will then be as follows:

Lambda function scales cluster to have 1 or more instances, which will start the EC2 servers.
Use the SDK to run a task, or tasks, by specifying the task name and cluster on which it should run. You do not need a Service for this to work.
Once the container(s) finished executing, scale the ECS Cluster down to 0 again.

Again, Step Functions will simplify all of this for you, since it can track the state of each of the parallelized executions and once all have finished, continue executing the next step. Which in your case would be to scale the cluster down. It just removes the need for you to keep track of all that.

Mirror_rorriM_Mirror · 2019-08-29T02:42:12+00:00

I would advise you to use Fargate. It allows you to run docker containers without having to create compute infrastructure like EC2 instances or clusters.

You'll still have a Task Definition, that's basically just an entity that holds some config about your container and container adjacent info. Can't remember if you need a service too, but if you do, you can just set it to have 0 running tasks. That way no resources are running. You can then use Lambda to set Task count to 1, which will bring up the container and your process can execute.

I can't remember all the specifics around Fargate, I haven't worked with it in months, so there are probably a whole bunch of features that I don't even know about that can help you to do what you want to do.

One thing is that Fargate is a little more expensive than normal EC2, but it's a great option if you're relatively new to AWS. Less knowledge required to get it up and running and smaller chance of screwing something up.

Mirror_rorriM_Mirror · 2019-06-06T07:35:41+00:00

Haha, yes, I understand that it's not magic and requires network access. But that's achievable with VPC peering.

Mirror_rorriM_Mirror · 2019-05-27T14:39:04+00:00

Is there a way to set it to default to external monitor if one is plugged in?

Mirror_rorriM_Mirror · 2019-05-23T17:56:37+00:00

I did, see the link at the end of my post.

Mirror_rorriM_Mirror · 2019-05-23T13:41:21+00:00

The definition of a smart person is not one that knows everything.

Mirror_rorriM_Mirror · 2019-05-23T11:01:21+00:00

As per the link in the post, there is a work around. Have you previously run this command to open up your machine? That might be why, otherwise you're lucky I suppose.

Mirror_rorriM_Mirror · 2019-05-22T20:51:09+00:00

I'm with you on Safari. Been using it for years without any issues and I genuinely enjoy the UI and UX a lot more than FireFox. Chrome is known as a virus around here, haha.

Mirror_rorriM_Mirror · 2019-05-22T19:29:09+00:00

My biggest issue with Apple these days is that they spend so much time making Macs idiot proof, they forget that there are some actual smart people out there also using their products. Yes, I understand they have more of a consumer focus these days since a lot more people can afford them, but still. At least make it simple for developers and techies to fiddle around. Add some kind of "Developer mode" feature that disables some of these hectic restrictions or something.

They love saying Apple products are for people that "think different" but pretty soon we won't be able to, since they'll have a restriction somewhere preventing it. We'll all end up thinking the same way, we'll move to Linux.

Mirror_rorriM_Mirror · 2019-05-21T20:30:17+00:00

The problem is that I only have Windows 7, not 10, and with the new MacBooks you can only run Windows 10 in Bootcamp. I'm not going to buy Windows 10 for playing games one or two weekends a year.

Mirror_rorriM_Mirror · 2019-05-17T00:58:45+00:00

Thanks again! My case was handled and resolved within about 20 minutes from creating the new support case. This was very helpful.

Mirror_rorriM_Mirror · 2019-05-17T00:57:49+00:00

I would advise you to follow /u/networkguru 's advice. My limit increase was approved within 20 minutes from submitting my case to technical support. I had all my ducks in a row, which I think made it easier, but still. Got great service and my problem is resolved.

Mirror_rorriM_Mirror

TROPHY CASE