What I’ll do this week (February 19)

This week I’ll work in creating relationships in both relationships, relations that go from a to b and from b to a at the same time. This will be useful to find users that participate in a pool and the pools in which a user participates. I will also work in getting all the relationship entities in a single callback. I will end the pool model and its relationship with users.

And from the frontend, they say they will have the login, register (email, facebook and google), and the users and pools list views ready for the end of this week, in both the browser and android app.

Update: It seems like neo4j relations are expressed only in one direction, like (a)->(b) or (a)<-(b), however, they can be traversed in any direction with the same speed of traversal. Anyway, when querying for a relation that we don’t know or care about the direction (like the participates relationship between users and pools), we can ignore it just by don’t specifying the direction (i.e.: `MATCH (neo)-[:PARTNER]-(partner)`).

From: https://dzone.com/articles/modelling-data-neo4j

Advertisements

What I did this week (February 12)

So I accomplished what I promised in the last premortem post. We have Neo4j relationships working with properties that are contained in the edge, just that it only works in one direction, a relation of the form (a)–[relation {props}]–>(b). I want to be able to create relations in both directions, so that for example, we can get the pools that a user participates in but also I want to be able to get the users that participate in a pool. From that we need to be able to get these nodes from an endpoint in the api, and so I need to create methods to find the nodes in a relationship. That will be enough work for this week. As well as defining the complete pool endpoints and model.

This will be useful: https://neo4j.com/docs/developer-manual/current/cypher/clauses/match/#relationship-basics

Quantum Computing

Here’s a really good video that explains (vaguely) quantum computing.

 

 

 

 

 

The fact that quantum compures have much more computational power than modern computers and are capable of factorazing very large numbers is a big threat to today’s cryptgraphic algorithms that rely on the assumption that factorizing really large numbers is a a so expensive operation that is nearly impossible to do so, but quantum computers will be able to complete the factorization in a short enough amount of time, and when cryptigraphic algorithms collapses so does network security.

But sure enough, quantum computers are not just a threat to network security, they are too the solution. Quantum cryptography relies on the Heisenberg Unsertainty Principle, which states that an observer cannot fully measure a moving object’s position and path without affecting one or the other.

And here’s a TED video explaining The Heisenberg Unsertainty Principle:

 

 

 

Koley (CTO of Juniper Networks) explains: “Typically, photons are used over a fiber-optic channel to achieve this [transmit information in quantum state], any attempt to measure one of the entangled photons leads to changes in the quantum state of the other, and therefore is detected. Thus, QKD offers a key distribution mechanism where any attempt to intercept the key by eavesdropping is revealed and the keys are discarded. QKD is not vulnerable to cracking attempts by quantum computers the same way that traditional cryptographic techniques are because any interception attempts in the QKD paradigm are readily detected. This is one of the reasons QKD is considered to be a good candidate for post-quantum security.”

And here’s a video explaining the QKD algorithm:

 

 

More resources on the subject:

https://www.techrepublic.com/article/how-quantum-computing-could-create-unbreakable-encryption-and-save-the-future-of-cybersecurity/

http://www.bbc.com/news/technology-36203043

https://www.britannica.com/science/uncertainty-principle

https://research.google.com/pubs/QuantumAI.html

SQL Injection Attack

Sometimes web developers don’t realize that their SQL queries are able to circumvent access control and sometimes they allow access to host operating system level commands.

An SQL Injection is a method of creating or altering existing SQL commands to expose hidden data, override existing data or even delete it. This is usually accomplished by taking advantage of existing static parameters in appliction to build SQL queries

used to combine it with user input. This way, malicious users can paste extra SQL queries into the application, and, depending on the privileges given to the app’s user (usually admin privileges), they are able to perform different actions.

A worked example of the issues regarding SQL Injection

What is the solution? Just sanitize the user input. It’s basically validating that the user input is what you expect it to be, check that it’s an integer, check that it has certaing format, check that it does not contain weird characters or even sql sentences. Also, mutate the original user input to convert special character to its html equivalent, remove line breaks and extra space and strip octets.

References:

https://secure.php.net/manual/en/security.database.sql-injection.php

https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data

What I’ll do this week (February 4)

This week I’ll translate what we had in the backend to use the new database. I think that should be my first priority. Then I’ll work in the implementation for the relations between the nodes. I’m a bit worried about the fact that I’m not testing the api for the database. Maybe later. Marco is now working on the frontend web application too. He defined the roles for everyone, since we are a big team.