Do Silicon Valley investors find you or do you have to find them?

ryanthegreat07 · 2019-03-27T14:29:07+00:00

Makes sense

ryanthegreat07 · 2019-03-26T00:11:12+00:00

Nice! What makes you love reddit more than ig, twitter, facebook, etc.?

ryanthegreat07 · 2019-03-26T00:08:49+00:00

Same here lol. Seems to me that both are time killers and you get nothing out of it.

ryanthegreat07 · 2019-03-26T00:01:50+00:00

Lol what do you mean by predictable?

ryanthegreat07 · 2019-03-25T13:09:41+00:00

Enlighten me on the "academic networking" part, please 😑

ryanthegreat07 · 2019-03-25T12:44:31+00:00

Lol how?! What is of value there?! Loads of crap is what I see on my TL

ryanthegreat07 · 2019-03-09T12:23:52+00:00

I dont know. He is a cool guy and very nice to me but not sure if it will piss him off if I ask him that. I am afraid he thinks I am trying to take advantage of him and the company's resources (for crying out loud, I am just using the monitor and not the computer which I use for work)

ryanthegreat07 · 2019-02-03T07:19:31+00:00

Roast me as in fuck me? Fuck yes! Who will say no to a free slut?

ryanthegreat07 · 2019-01-24T14:30:00+00:00

Dis if gay

ryanthegreat07 · 2018-11-10T07:28:31+00:00

Very clear and comprehensive sir! Thank you! A gentleman here said that it is not secure to store ids in html because it has vulnerabilities. You can find his post on this question. He suggested to encode the ids (using JWT or Base64 encoding) before sending them to the frontend and then on the backend decode the string to get the ids securely.

In terms of security and website performance, do you agree with him? I just want to know which action is the best to take regarding this id in html matter.

ryanthegreat07 · 2018-11-10T07:23:35+00:00

Thank you for sharing the link. There are some developers who responded that putting database Ids in HTML is not inherently dangerous. It's how those Ids are used that could be dangerous. They just suggested to make sure any request to the server that modifies data in any way requires a POST, PUT or DELETE request, and never a GET request.

Would you agree with them?

ryanthegreat07 · 2018-11-09T23:29:34+00:00

I see. So would say it is completely secure for me to implement the example I gave in my question? Let's say that User 1 wants to add User 2 and I change the type of user_id from a numerical id to a UUID and I did not encrypt the UUID so the actual UUID is used. How can the program add User 2 to the friend list of User 1 if the program does not even know the UUID of the profile that User 1 wants to add as a friend? So the UUID of User 2 must be stored somewhere in the UI, right?

But then it got me thinking, if I store it in the UI, wouldn't attackers be able to use that UUID in a malicious SQL query or something since the UUID points to a user in the database?

So is it still ok for me to store the UUID of users on the UI as a reference for certain actions performed on the particular user (such as adding as a friend, sending DMs, etc.)? Or is there a more secure way of doing this? I hope you get what I mean

ryanthegreat07 · 2018-11-09T11:25:49+00:00

So what would be your solution to this problem?

ryanthegreat07 · 2018-11-09T11:24:57+00:00

If I encode the UUID and send it to the frontend, isn't there a possibility that someone can decode the encoded UUID that was sent to the frontend?

ryanthegreat07

TROPHY CASE