Anduin

let today = new Beginning();

All Posts


在前端哈希密码是否是个不错的方案?

脑筋急转弯:为了防止运维人员能够直接去数据库里查看密码,Web应用普遍采用将密码哈希一趟后再存入数据库。需要校验时,由前端提供密码值,服务器将密码哈希后再比对,从而判断密码是否正确。这样运维人员即使接触的到数据库,也最多只能重置密码,无法登录一个特定的账号。那么,既然最终需要比对的是密码的哈希,为何不直接在前端哈希完,再直接把哈希后的结果发给服务器,来鉴定密码是否正确呢?答案其实挺简单的。当初我们加一次哈希是为了阻止运维登录。而如果哈希在前端完成,那么对于服务器而言,它其实只是做了一次明文的比较。数据库里的哈希值就相当于密码了。运维完全可以直接拿着哈希去调登录的API来获取一个账号的权限。 这个脑筋急转弯挺有趣的,乍一看仿佛还挺有道理的。但是换句话说,虽然看起来前端加哈希蠢蠢的,其实历史上有很多公司和项目都做过类似的事情。其中比较典型的就是腾讯公司的QQ了。 在十几年前的时候, …

Security Password Hash

软件定制行业为何应当发展软件订阅制?

凡是涉及到事业单位的项目,涉及到知识产权外包的,通俗来说,就是自己写完就卖出去的代码,普遍软件的质量都相当差劲,漏洞百出,功能欠缺。开发商(乙方)在验收完成后,等付款方(甲方)完成验收,安装完成后,往往拿钱走人就去拓展下一个项目。这种低质量的软件严重影响企业的扩展和用户体验,甚至能够影响整个行业的健康度和。对于我们普通人的认知,就是非互联网企业的线上服务体验往往都很遭。 表面来看可能是因为构建软件的程序员水平较弱。但是如果它形成了一个现象,那么问题一定是在规则上。在于软件本身质量而引发的责任在多次承包后足够弱化,导致真正构建软件的人根本不在乎代码的质量。这是由于现在普遍的商业采购模式导致的。而要想解决这个问题,发展软件订阅制是个非常不错的方案。 对于甲方来说,采用订阅制来采购软件,就是按时间和用量付费,而不购买整个软件源码的知识产权。换句话说,就是买软件的使用权和一种服务,这个服务就是 …

DevOps China Software Development SaaS Subscription

Get unique random numbers in C#

The source code this blog mentioned is here: https://github.com/Anduin2017/SuperRandom The traditional methods for obtaining `n` non-repeating random numbers are: The random number is generated by the linear congruence method, and each random number is generated and compared in the database. If it already exists, the number is discarded. Randomly generate a linear sequence, and then …

C# .NET Core Algorithm Random Numbers Unique random Non-repeat Random


Tips for Azure CLI script programming on bash

Ask the user to select the Azure cloud under which he runs the Azure CLI: login_azure() { no_cloud=true while $no_cloud; do echo 'Select your cloud:' az cloud list --output table read -p 'Enter the name:' cloudName az cloud set --name $cloudName && no_cloud=false done az account show || az login echo 'To logout, please press ` …

bash Azure DevOps Azure CLI

Bootstrap dark theme minimum style

Now Apple is forcing all apps in its app store to support dark mode. Also, most native Android apps already support the dark theme. Viewing a screen which white background when you enabled dark mode on your device will greatly harm the viewer's eyes. Like lots of websites are made by bootstrap. So how can we get a solution with minimum changes and allows the website to support automatically …

Web CSS Bootstrap Media Query Style Dark theme

Install Azure CLI on Windows 10 and use it in bash

The Azure command-line interface (CLI) is Microsoft's cross-platform command-line experience for managing Azure resources. The Azure CLI is designed to be easy to learn and get started with, but powerful enough to be a great tool for building custom automation to use Azure resources. The Azure CLI is available to install in Windows, macOS and Linux environments. It can also be run in a Docker …

bash Azure Azure CLI PowerShell

Ubuntu bash experience for Windows Terminal without Linux subsystem

Bash is the major shell client I use. On Windows 10 I really enjoy git-bash. But how to set bash to the default terminal in the new Windows terminal? Brief steps: Install a Linux style shell like git-bash. Install the Windows Terminal Make git-bash the default terminal in Windows Terminal Make the theme looks like Ubuntu style. Allow Ctrl + V to paste Allow starting WT in the directory …

bash Ubuntu Windows 10 Windows Terminal

Microsoft account integrated sign in via C#

This code example indicates how to build an app that supports Microsoft account OAuth authentication. Before coding, we gonna create an app in your Azure portal first. https://portal.azure.com The name is your app's display name. Select your app can access accounts in any organization and personal Microsoft account. As for the redirect URI, it must be your server redirect back address. For …

ASP.NET Core Azure Microsoft OAuth Login Authentication

Publish app from Azure DevOps to non-global Azure like Azure CN

如何使用Azure DevOps将编译完的应用发布到非Azure Global环境,例如Azure CN。 Publishing an app from Azure DevOps to Azure global is super easy. Simply a few clicks and you can find your azure subscription and publish it in a minute. Like this: But in some cases, our customers might be using other Azure environments, like Azure Arc, Azure for government and Azure CN. And we can't find our subscriptions easily via …

Azure App Service Azure Azure DevOps DevOps Azure CN China

Linux Cheatsheet for Windows Users

A notebook for Windows folks like me who struggle to remember Linux commands Before starting Control options Operation Command Example Execute command one by one command1; command2 Execute command1 background command1 & command2 Execute command2 if 1 success command1 && command2 Execute command2 if 1 fail command1 || command2 Reverse the command result !command1 Pipeline options …

bash Linux Ubuntu

How to write a bot for Kahla

Kahla.SDK Kahla.SDK is a library for writting bots and extends for Kahla. Tutorial - How to create a bot with Kahla.SDK This will introduce how to write a bot for Kahla. Before starting, make sure you have .NET Core SDK installed. Download .NET Core SDK here. 1. Create a new console .NET Core app Open your terminal and type the following command to create a new console app. $ mkdir …

C# .NET Core Aiursoft Kahla Bot Kahla.SDK Kahla App Console App