Security and More Bookmark Manager
Password Security
I mentioned yesterday that we were using ‘bcrypt’ to securely store our passwords, and I wanted to show how that looked and roughly how it works.
When you enter your password in the form, it is run through bcrypt, which then returns back to you a seemingly random load of jibberish which represents the password. This is because the password is being hashed and salted.
Hashing
Hashing the password is basically running an algorithm on it to change it into a string of seemingly random characters. However they are not random, and putting the same password in would produce the same hash, as the same algorithm is being run. This is good in one way because it allows you to verify the password; for example if you enter ‘hello’ as your password, which gets turned into the hash ‘7d8dhfje7f9’, the next time you log in and have to enter your password, assuming you write ‘hello’ again, the hash will match and verify you have the right password.
The problem with this however is that it is very hackable. Because it always produces the same outcome for a password, a hacker could very quickly run through a large list of words to figure out the hashed result of each one and try these as passwords. That is why passwords are then salted. Also if 2 people have the same password, their hash will be the same too, making it less secure.
This is where salting comes in…
Salting
Salting takes the password, adds some random stuff to it, then hashes it. This makes it way harder to crack as now the password has a random string of text added to it, so a hacker cannot simply run through a list of common words to guess it.
The Open Web Application Security Project (OWASP) define a salt as a “fixed-length cryptographically-strong random value”, the length of which is defined by the storage size of the database and function of the password. Here is an example of salting and hashing from wikipedia:
The username, salt, and hash are then stored together in the database so passwords can be verified when the user logs in in the future.
In terms of this being used in the Bookmark Manager, here is how it works:
When I sign up, the password is run through bcrypt before being stored in my user database:
Even when it is stored, my database only has the hash value associated with the username. The salt is stored by bcrypt to make it more secure!
Bookmark Manager
Continuing on with bookmark manager, I have just been trying to add style to it and make it function a bit more like a real user friendly website.
Previously the home page just said Bookmark Manager, and you would have to type /bookmarks in the url to get to the actual bookmark page. I updated the home page to be more of a central hub for the website. Signing in, and signing up are now handled here, and only once you are signed in can you access the bookmarks page. I added a sign out button here too, the one on the bookmark page is still there though. Because of this I wanted to change how the sign out button worked, as before it always returned you to the /bookmarks page, I now wanted it to take you back to wherever you were. I did some googling and found out you can simply type redirect back in your controller and that will take you back to the page you were on. However I decided after that signing out should always return you to the home page, so went with redirect '/'.
Here is what I had this morning:
And here is what I have now, I tried to get through as many of the features as possible but didn’t want the gif to be too long!
EDIT 12/4: Seems the gif was too long! I won’t replace the gif as I have changed the website a lot since then and can’t really recreate it, but I may upload a video of the finished article soon.
I had to put some work into making it possible to delete a bookmark after it had been tagged or commented on. Previously if you tried to delete it it would cause an error as the bookmark_id you were deleting was being called on by another database. To fix this I added methods to tag and comment that run SQL code to clear anything associated with that bookmark_id. In my delete code, I run those two first, then run my delete bookmark, and that works as it should!
Interesting Stuff
Last night I came across the Stack Overflow Developer Survey, as they have recently published their results for 2019. It was an interesting read, and was good to see where I fit in to their demographics. The survey was taken by 88,615 people around the world, with 6.47% being from the UK.
Interestingly, 41% of respondents have less than 5 years professional coding experience, although over 90% had written code before they got to my age! In the UK, the average age for writing that first line of code is 14.3 years old, so I am almost 10 years behind!
Around 21% of respondents said they were in the same age bracket as me, reduced to 18% when looking at professional developers. 25 to 29 years old is the most common, 28% of all respondents, and 31% of professional developers were in that age group. In the UK, average age is 32.8, and average years of experience is 14.9.
Ruby came 21st on the list of most loved languages, barely making it onto the list of 25 that was published! Rust was the most loved, so hopefully I get to try that out at some point!
There is lots more interesting stuff on there, I would recommend a quick read over!
Also last night I discovered a great website to help learn about http codes. I have mentioned a couple on here before, like 200 which means everything is ok, but I think this is the best way to learn them all. Here is the website, https://http.cat/ , you can probably have a guess what it is from the name, although just in case, here is my favourite:
Here is todays song of the day:
Josh's Blog 