90 Matching Annotations
  1. May 2024
  2. Jan 2024
    1. Instance methods Instances of Models are documents. Documents have many of their own built-in instance methods. We may also define our own custom document instance methods. // define a schema const animalSchema = new Schema({ name: String, type: String }, { // Assign a function to the "methods" object of our animalSchema through schema options. // By following this approach, there is no need to create a separate TS type to define the type of the instance functions. methods: { findSimilarTypes(cb) { return mongoose.model('Animal').find({ type: this.type }, cb); } } }); // Or, assign a function to the "methods" object of our animalSchema animalSchema.methods.findSimilarTypes = function(cb) { return mongoose.model('Animal').find({ type: this.type }, cb); }; Now all of our animal instances have a findSimilarTypes method available to them. const Animal = mongoose.model('Animal', animalSchema); const dog = new Animal({ type: 'dog' }); dog.findSimilarTypes((err, dogs) => { console.log(dogs); // woof }); Overwriting a default mongoose document method may lead to unpredictable results. See this for more details. The example above uses the Schema.methods object directly to save an instance method. You can also use the Schema.method() helper as described here. Do not declare methods using ES6 arrow functions (=>). Arrow functions explicitly prevent binding this, so your method will not have access to the document and the above examples will not work.

      Certainly! Let's break down the provided code snippets:

      1. What is it and why is it used?

      In Mongoose, a schema is a blueprint for defining the structure of documents within a collection. When you define a schema, you can also attach methods to it. These methods become instance methods, meaning they are available on the individual documents (instances) created from that schema.

      Instance methods are useful for encapsulating functionality related to a specific document or model instance. They allow you to define custom behavior that can be executed on a specific document. In the given example, the findSimilarTypes method is added to instances of the Animal model, making it easy to find other animals of the same type.

      2. Syntax:

      Using methods object directly in the schema options:

      javascript const animalSchema = new Schema( { name: String, type: String }, { methods: { findSimilarTypes(cb) { return mongoose.model('Animal').find({ type: this.type }, cb); } } } );

      Using methods object directly in the schema:

      javascript animalSchema.methods.findSimilarTypes = function(cb) { return mongoose.model('Animal').find({ type: this.type }, cb); };

      Using Schema.method() helper:

      javascript animalSchema.method('findSimilarTypes', function(cb) { return mongoose.model('Animal').find({ type: this.type }, cb); });

      3. Explanation in Simple Words with Examples:

      Why it's Used:

      Imagine you have a collection of animals in your database, and you want to find other animals of the same type. Instead of writing the same logic repeatedly, you can define a method that can be called on each animal instance to find similar types. This helps in keeping your code DRY (Don't Repeat Yourself) and makes it easier to maintain.

      Example:

      ```javascript const mongoose = require('mongoose'); const { Schema } = mongoose;

      // Define a schema with a custom instance method const animalSchema = new Schema({ name: String, type: String });

      // Add a custom instance method to find similar types animalSchema.methods.findSimilarTypes = function(cb) { return mongoose.model('Animal').find({ type: this.type }, cb); };

      // Create the Animal model using the schema const Animal = mongoose.model('Animal', animalSchema);

      // Create an instance of Animal const dog = new Animal({ type: 'dog', name: 'Buddy' });

      // Use the custom method to find similar types dog.findSimilarTypes((err, similarAnimals) => { console.log(similarAnimals); }); ```

      In this example, findSimilarTypes is a custom instance method added to the Animal schema. When you create an instance of the Animal model (e.g., a dog), you can then call findSimilarTypes on that instance to find other animals with the same type. The method uses the this.type property, which refers to the type of the current animal instance. This allows you to easily reuse the logic for finding similar types across different instances of the Animal model.

      Certainly! Let's go through each part and explain it in simple terms: ### 1. `this` in Mongoose: - **What is `this`?** In JavaScript, `this` refers to the current context or object. In Mongoose, particularly within methods and middleware functions, `this` represents the instance (document) the function is currently operating on. - **Why is it used?** `this` is used to access and modify the properties of the current document. For example, in a Mongoose method, `this` allows you to refer to the fields of the specific document the method is called on. ### 2. Example: Let's use the `userSchema.pre("save", ...)`, which is a Mongoose middleware, as an example: ```javascript userSchema.pre("save", async function (next) { if (!this.isModified("password")) { next(); } else { this.password = await bcrypt.hash(this.password, 10); next(); } }); ``` - **Explanation in Simple Words:** - Imagine you have a system where users can sign up and set their password. - Before saving a new user to the database, you want to ensure that the password is securely encrypted (hashed) using a library like `bcrypt`. - The `userSchema.pre("save", ...)` is a special function that runs automatically before saving a user to the database. - In this function: - `this.isModified("password")`: Checks if the password field of the current user has been changed. - If the password is not modified, it means the user is not updating their password, so it just moves on to the next operation (saving the user). - If the password is modified, it means a new password is set or the existing one is changed. In this case, it uses `bcrypt.hash` to encrypt (hash) the password before saving it to the database. - The use of `this` here is crucial because it allows you to refer to the specific user document that's being saved. It ensures that the correct password is hashed for the current user being processed. In summary, `this` in Mongoose is a way to refer to the current document or instance, and it's commonly used to access and modify the properties of that document, especially in middleware functions like the one demonstrated here for password encryption before saving to the database.

    Tags

    Annotators

    URL

    1. less secure sign-in technology

      What does that mean exactly?

      All of a sudden my Rails app's attempts to send via SMTP started getting rejected until I enabled "Less secure app access". It would be nice if I knew what was necessary to make the access considered "secure".

      Update: Newer information added to this article (as well as elsewhere) leads me to believe that it is specifically sending password directly as authentication mechanism which was/is no longer permitted.

      This is the note that has since been added on this page, which clarifies this point:

      To help keep your account secure, from May 30, 2022, ​​Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.

    2. To help keep your account secure, from May 30, 2022, ​​Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
    1. To keep your account more secure, Gmail no longer supports third-party apps or devices which require you to share your Google username and password. Sharing your account credentials with third-parties makes it easier for hackers to gain access to your account.
  3. Nov 2023
    1. Password fatigue is real, and besides the inherent vulnerability of password logins, the idea of remembering yet another password puts users off registering for additional sites.
  4. Jul 2023
  5. Apr 2023
    1. If you send links with a secret login token with email, then they should be single-use and expire rather quickly.
    2. If the link can only be used once with a short expiry time and no info in the link can be used to derive secrets in the session it creates then you should be fine. Effectively, the link serves as an one-time password.
    3. If so, then how is sending a link for password reset any more secure? Isn't logging-in using a magic link the same thing as sending a magic link for resetting a password?

      In my opinion: It's not any different or less secure.

    1. A given secret from an authenticator SHALL be used successfully only once.
    2. For look-up secrets that have less than 64 bits of entropy, the verifier SHALL implement a rate-limiting mechanism that effectively limits the number of failed authentication attempts that can be made on the subscriber’s account as described in Section 5.2.2.
  6. Mar 2023
    1. We now take an opinionated stance on which second factor you should set up first – you'll no longer be asked to choose between SMS or setting up an authenticator app (known as TOTP), and instead see the TOTP setup screen immediately when first setting up 2FA.
    1. If you use a third party password manager, you might not realize that modern browsers have password management built in with a beautiful UX. Frankly, it’s harder to not use it.
    2. If you’re a security conscious user... You don’t need SMS-2FA. You can use unique passwords, this makes you immune to credential stuffing and reduces the impact of phishing. If you use the password manager built in to modern browsers, it can effectively eliminate phishing as well.

      not needed: password manager: 3rd-party

    1. Fortunately, we found RingCaptcha (https://ringcaptcha.com), which has a the 'starter plan' that offers free 500 OTP monthly. Just a small plug for them for providing freemium service; they are highly reliable because they are integrated with all major global, and regional providers, e.g., Twilio, Nexmo, Infobip, MessageBird, etc., and send your OTP through the best provider/route based on country/phone carrier, and can auto fallback to alternative paths. This means you just need to integrate with RingCaptcha, without the headache of deciding which SMS/voice OTP provider has best combination of price and reliability, which is a real headache when you are sending OTP world-wide.
    1. One-time passwords are generated on demand by a dedicated OATH OTP authenticator that encapsulates a secret that was previously shared with the verifier. Using the authenticator, the claimant generates an OTP using a cryptographic method. The verifier also generates an OTP using the same cryptographic method. If the two OTP values match, the verifier can conclude that the claimant possesses the shared secret.
  7. May 2020
  8. Apr 2020
    1. Take a moment to consider the alternative. No, not the IT department's fantasy world, that never-gonna-happen scenario where you create a strong, unique password for every account, memorize each one, and refresh them every few months. We both know it's not like that. The reality is that in your attempts to handle all those passwords yourself, you will commit the cardinal sin of reusing some. That is actually far more risky than using a password manager. If a single site that uses this password falls, every account that uses it is compromised.
    2. This cache of passwords is, of course, protected by a super-password of its own—one you obviously need to choose wisely. More from Popular Mechanics Handmade whistles from England Video Player is loading.Play VideoPrevious VideoPlayNext VideoMuteCurrent Time 0:00/Duration 3:52Loaded: 2.59%0:00Stream Type LIVESeek to live, currently playing liveLIVERemaining Time -3:52 1xPlayback RateChaptersChaptersDescriptionsdescriptions off, selectedCaptionscaptions settings, opens captions settings dialogcaptions off, selectedEnglishAudio Trackdefault, selectedQuality1080p540p720p360p270pauto, selectedPicture-in-PictureFullscreenThis is a modal window.Beginning of dialog window. Escape will cancel and close the window.TextColorWhiteBlackRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentBackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentTransparentWindowColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyTransparentSemi-TransparentOpaqueFont Size50%75%100%125%150%175%200%300%400%Text Edge StyleNoneRaisedDepressedUniformDropshadowFont FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall CapsReset restore all settings to the default valuesDoneClose Modal DialogEnd of dialog window. Replay "ACME Whistles | MADE HERE | Popular Mechanics" Up Next 01:29 First Look: 2020 iPhone SE 01:29 04:05 Clean your dishes in seconds 04:05 03:04 Easy Car Roof Access 03:04 Yes, this does pose a risk of its own, as you might already be screaming at your screen.
    1. You already have good reason to treat the password for your Google account as if it’s a state secret. But now the stakes are higher. You’re trusting Google with the passwords that protect the rest of your life – your bank, your shopping, your travel, your private life. If someone learns or guesses your Google account password, you are completely compromised. The password has to be complex and unique. You have to treat your Google account password with the same care as a LastPass user. Perhaps more so, because it’s easier to reset a Google account password. If your passwords are saved in Chrome, you should strongly consider using two-factor authentication to log into your Google account. I’ll talk about that in the next article.
    1. OPVault is an almost perfectly documented format. This makes it highly improbable to come across a file that will fail to be imported. If it ever happens, a bug in the plugin is probably to be blamed.
    1. While KeeFarce is specifically designed to target KeePass password manager, it is possible that developers can create a similar tool that takes advantage of a compromised machine to target virtually every other password manager available today.
    2. KeeFarce obtains passwords by leveraging a technique called DLL (Dynamic Link Library) injection, which allows third-party apps to tamper with the processes of another app by injecting an external DLL code.
    1. As for the syncing: I think BitTorrent Sync should do it. It's p2p, meaning there're no servers inbetween. Maybe there're even open alternatives already. TL;DR: KeePass <-> BitTorrent Sync for database transfer <-> MiniKeePass
    2. And most important: No proprietary encryption software can be fully trusted
    3. If you are concerned about privacy and looking for a bullet-proof solution then the only way to go is open-source software. For example, there was another incident with a proprietary file "encrypter" for Android/iOS which used the simplest possible "encryption" on earth: XORing of data that is as easy to crack a monkey could do that. Would not happen to an open-source software. If you're worried about the mobile app not being as reliable (backdoors etc.) as the desktop app: compile it yourself from sources. https/github.com/MiniKeePass/MiniKeePass You can also compile the desktop version yourself. Honestly, I doubt most people, including you and me, will bother.
    1. By default: no. The Auto-Type method in KeePass 2.x works the same as the one in 1.x and consequently is not keylogger-safe. However, KeePass features an alternative method called Two-Channel Auto-Type Obfuscation (TCATO), which renders keyloggers useless. This is an opt-in feature (because it doesn't work with all windows) and must be enabled for entries manually. See the TCATO documentation for details.
    1. Seriously, the lesson I'm trying to drive home here is that the real risk posed by incidents like this is password reuse and you need to avoid that to the fullest extent possible
    1. Having visibility to the prevalence means, for example, you might outright block every password that's appeared 100 times or more and force the user to choose another one (there are 1,858,690 of those in the data set), strongly recommend they choose a different password where it's appeared between 20 and 99 times (there's a further 9,985,150 of those), and merely flag the record if it's in the source data less than 20 times.
  9. Jan 2020
  10. Dec 2019
  11. Sep 2019
    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected.

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected.

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

  12. Jun 2019
  13. Nov 2017
  14. Nov 2016
    1. Do students recognize the importance of password-protecting their devices and having different passwords across platforms?

      I'm curious to know if the answer to this question would differ from Generation Y to Generation Z.