As a future CreaTe student at the University of Twente, I wanted to get in touch with a particular professor. Their website, PeoplePages, uses a RESTful API for AJAX requests to search for university staff, so I decided to add everyone to my contacts. (Also makes sending LinkedIn requests to everyone much easier.) See how I did it and how they could improve their security, so others can’t.
Just a little bit of background about my college “situation”: I graduated from highschool in April 2016 and joined the Unitedworld Institute of Design (UID) in Ahmedabad, Gujarat, after working at the Government of Delhi for a month. UID was an excellent college for people who want to study design using the fundamentals of art. I’ll push in an update if I decide to join a program.
A few days ago, I tried to reset my password on PR.com, the press releases website. I entered my email, and they sent me the username and password in plain text. That’s right, in plain text.
The problem with this method of password storage is that if anyone gets access to your database, they can literally just see the passwords. This is why hashing is used, which converts the plain text password to an encrypted “hashed” version that is, in an ideal world, undecryptable. The problem with this hashing is really about how hashing fundamentally works: collisions are not uncommon, i.e., multiple strings could have the same hashed string.
This is usually how the process works: A user logs in, and a token is generated. The token is stored on the client (usually in a session, lately also as a local storage object). Then, to call an API, the view also sends the token. The server checks the integrity of the token and returns the relevant response. Each token contains a “private key” of sorts that only the server could’ve created. JWT does this really well. My way includes a hashed username and timestamp.
I made a small URL shortener for Oswald at osw.li in an hour using PHP and MySQL, but I want to learn the MEAN stack, so I thought that this could be a fun starter project. One interesting decision was to decide how many characters the shortened URL’s slug be.
I’ve only very recently started experimenting with Machine Learning, but Python has made is super simple. First, set up an scikit-learn environment (I used Anaconda) and import the decision tree classifier and import tree from sklearn. Compile this python script, and, if there are no errors, we have our environment set up. Now let’s get some data. In the following, we’re using two one-dimensional arrays for features and labels. Consider a phone app where we save the names of contacts I called, corresponding to the time when I called them.