|
Now the Docker container builds, didn't have to change the images
Had to do some adjustments on the startup.cs, and move some things around.
So far so good.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Good evening everyone, I want to know the best way to generate unique user ID even when number of registered users are more than two million.
The current way am using to achieve this is by initiating an ID i.e 2083928937 for instance, then checking Database if this ID exists. If it does, then I will increment it by 1 then make a search again for the incremented value until no match is found and the unfound ID will be used.
But am having the feeling that this will cause database issue or even slow down the site as the code have to iterate several times when the site start to have more users.
So, please what is the best way to achieve this?
www.emmason247.com.ng
|
|
|
|
|
Use a Guid / UUID. That way, you'll also mitigate any IDOR[^] issues at the same time.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Ok thanks. But is the method am using a good technique?
www.emmason247.com.ng
|
|
|
|
|
It depends on how you're generating the initial ID to check.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
No it is not a good method. You could take advantage of the identity/autoincrement field in the database or use the GUID/UUID method recommended.
Currently you create the ID and then check the DB, the above methods would eliminate the check requirement. You should also have a unique index on the id field in the database.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
Consider implementing a Sequence table like:
SequenceName, NextID
The table will consist of a single row such as UserID, 2083928937
This way you immediately know what the next UserID is.
Within a transaction, create the User, then update the sequence table by 1.
|
|
|
|
|
I up vote this method
I do it this way, in which I generate order numbers, where I have a sequence table.
In MongoDB, it can generate a unique Id, based on the server, date and time which is pretty cool.
In the past, I used SQL servers Unique ID with auto increments, but that backfired on me several times.
I forget, but auto increment forgot the last number it was on and added a 1000 to the next number.
I suppose if there was a GUID generator app that worked like Mongo's ObjectId, I would move towards that.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Sorry, but I downvoted this - for a number of reasons:
* It requires an additional two physical i/o calls - to get the latest value, and to update it afterwards
* It requires that you have a READ lock on the sequence table; to avoid duplicates, you must read the value, insert the new record, and update it all within a transaction and without allowing any other process to read the value. At best this requires an additional lock, but at worst - if poorly coded - can leave that lock in place for a prolonged period and cause a major performance bottleneck
* It creates sequential user ids; presumably you have secure password / two-factor authentication, but by using sequential numeric ids you're making it very easy for hackers as they can just generate sequential hacks on the id
If sequential IDs isn't an issue (and it may not be in all cases) the simplest thing is to use an auto-increment field and return the new ID from the insert statement. Any decent DBMS will keep track without issue. In the event of a transaction rollback there may be a "missing" ID but that shouldn't (be allowed) to cause your application a problem.
A method I use when generating IDs is to use a GUID value (or sometimes a truncated portion of a GUID) and simply INSERT into the table. With a unique key on the ID, then in the vanishingly small likelihood of a duplicate, the INSERT will fail. Catch the "duplicate record" exception, replace the ID with a new GUID and insert again. The performance hit from that is miniscule as it will probably never ever happen.
|
|
|
|
|
Message Removed
modified 16-Jul-20 8:55am.
|
|
|
|
|
Message Removed
modified 16-Jul-20 8:55am.
|
|
|
|
|
Server Error in '/' Application.
Runtime Error
Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.
|
|
|
|
|
If you want help then you need to provide proper detailed information. No one here can guess what your code is doing.
|
|
|
|
|
Richard MacCutchan wrote: No one here can guess what your code is doing. To be fair, I could guess.
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
If you run your application on the WebServer where it is hosted, you may get more detail about the error without having to do anything else.
Try to RDC (Remote Desktop Connection) to that server.
|
|
|
|
|
No problem; there's a simple and guaranteed solution to this.
Step 1: Turn your computer off.
That's it. You will not see this error message again.
You're welcome.
|
|
|
|
|
I spent all day on this. It just started happening recently.
So I package a model in Angular, and create a body of JSON using JSON.stringify(model)
Then package it all up and send it as a promise. I just noticed that the JSON quotes are escaped out with a slash, and it crashes the API. If I take the slashes out, the API accepts the JSON.
I'm not sure what to make of this, and if I should fix the client side or work on the server side with this.
I put the replace(/\/g, "") in below to test the theory that it's the slashes crashing the API. Now the API works, but I can't see this as a permanent fix.
validateTokenAsPromise(signIn: SignIn): Promise<SignIn> {
const authUrl = this.baseUrl + "api/auth/AuthenticateAccount";
const toSignIn = JSON.stringify(signIn).replace(/\\/g, "");
const httpOptions = {
headers: new HttpHeaders({
"Content-Type": "application/json",
"Accept": "application/json"
})
};
return this.http.post<SignIn>(authUrl, toSignIn, httpOptions).toPromise();
}
I send it to a .Net Core controller api, and the api rejects the call, because of the data in the body.
The data has the quotes escaped out.
[Produces("application/json")]
[Route("api/[controller]")]
[ApiController]
[HttpPost("AuthenticateAccount")]
public async Task<SignIn> AuthenticateAccount([FromBody] SignIn authParam)
{
Sending this data to the API, normally it just sends raw, but I wrote a special service to handle Google SignIn and Googles gapi and gapi.auth2. I can't see how this special API" would encode the JSON.
{\"Id\":\"114251204162343478403\",\"FirstName\":\"John\",\"LastName\":\"Smith\",\"AccountName\":\"jsmith@hackme.com\",\"Password\":\"2H3HY4ZwE8Sb5Ajz\",\"Token\":\"eyJhbGciOiJIUsdadasdasd1lIjoiSmltIiwiZW1haWwiOiJqa2lya2VyeEBnbWFpbC5jb20iLCJuYmYiOjE1OTM0NjkwMDYsImV4cCI6MTU5MzY0MTgwNiwiaWF0IjoxNTkzNDY5MDA2LCJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo1MDAxLyIsImF1ZCI6asdsadasdasdasdwMS9hcGkifQ.WdpYg8qDIUtIT4uobyAWVQ01k9iNYJ6wPpa6FIXm3Yg\",\"Role\":\"Customer\",\"ExpiresAt\":\"2020-06-29T23:26:03.812Z\",\"IdpId\":\"gapi\",\"RememberMe\":true,\"Avatar\":{\"Url\":\"https://lh3.googleusercontent.com/a-/AOasdasdasdGJB_aUO-asdasdasdg-ob=s96-c\"}}
Don't get excited about the data, it's fake.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Try removing the JSON.stringify call. I suspect the post method is encoding it again, so it's sending a string rather than a SignIn object.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Your spot on!
That was the issue. Double stringify.
But after thinking about it last night, and realizing the double stringify, I think I'll keep the replace function. So I put it back to my example. After testing without, seems to be more reliable with it. Weird, I create the model before I send the post. And I'm leaving the .Net side as is.
signIn(): Observable<boolean> {
let subject = new Subject<boolean>();
this.auth2.signIn().then(user => {
const profile = user.getBasicProfile(),
auth = user.getAuthResponse(),
token = localStorage.getItem("authToken");
let gU = new SignIn();
gU.Id = profile.getId();
gU.FirstName = profile.getGivenName();
gU.LastName = profile.getFamilyName();
gU.AccountName = profile.getEmail();
gU.Password = "2LsdFDdsfb5Ejr";
gU.Token = token !== null ? token : "";
gU.Role = "Account";
gU.ExpiresAt = new Date(auth.expires_at);
gU.IdpId = "google";
gU.RememberMe = true;
gU.Avatar = new Avatar();
gU.Avatar.Url = profile.getImageUrl();
this.validateTokenAsPromise(gU)
.then(user => {
this.zone.run(() => {
if (user) {
localStorage.setItem("Account", JSON.stringify(user, null, "\t"));
if (user.Token) {
localStorage.setItem("authToken", user.Token);
}
this.user$.next(user);
this.isLoggedIn$.next(true);
this.auth2SignedIn.emit(true);
subject.next(true);
} else {
this.isLoggedIn$.next(false);
this.auth2SignedIn.emit(false);
subject.next(false);
}
});
},
(err) => {
console.error("GAuth2 Service Error", err);
this.isLoggedIn$.next(false);
this.auth2SignedIn.emit(false);
subject.next(false);
});
});
return subject.asObservable();
}
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
hello! I have a problem when I want to retrieve data in my application I got this error :
erreur du serveur dans l'application '/'. opération non valide. la connexion est fermée
in asp.net MVC
|
|
|
|
|
Something is setup wrong. Not sure what you want us to do.
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
At a guess, you forgot to open your database connection. But it is just a guess, since you haven't shown us any of your code or the details of the error.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
here's the error:
Erreur du serveur dans l'application '/'.
Opération non valide. La connexion est fermée.
Description : Une exception non gérée s'est produite au moment de l'exécution de la requête Web actuelle. Contrôlez la trace de la pile pour plus d'informations sur l'erreur et son origine dans le code.
Détails de l'exception: System.InvalidOperationException: Opération non valide. La connexion est fermée.
Erreur source:
Une exception non gérée s'est produite lors de l'exécution de la requête Web actuelle. Les informations relatives à l'origine et l'emplacement de l'exception peuvent être identifiées en utilisant la trace de la pile d'exception ci-dessous.
Trace de la pile:
[InvalidOperationException: Opération non valide. La connexion est fermée.]
System.Data.ProviderBase.DbConnectionClosed.get_ServerVersion() +80
System.Data.Odbc.OdbcConnection.get_ServerVersion() +12
|
|
|
|
|
this my code:
public DataSet GetLs(string que)
{
DataSet ds1 = new DataSet();
try
{
cn.Open();
cm.Connection = cn;
cm.CommandText = que;
cm.CommandType = CommandType.Text;
OdbcDataAdapter da1 = new OdbcDataAdapter(cm);
da1.Fill(ds1);
return ds1;
}
catch (Exception e)
{
throw e;
}
finally
{
cn.Close();
}
}
my function
public JsonResult LstDepartement()
{
DataSet ds2 =Dt.GetLsts ("select * from Departement");
List<Departement> lstDepart = new List<Departement>();
foreach (DataRow dr1 in ds2.Tables[0].Rows)
{
lstDepart.Add(new Departement
{
ID = dr1["Id_Depart"].ToString(),
Désignation = dr1["Departement"].ToString(),
});
}
return Json(lstDepart, JsonRequestBehavior.AllowGet);
}
|
|
|
|
|
Except ... The first bit of code doesn't call the second:
public DataSet GetLs(string que)
{
...
}
public JsonResult LstDepartement()
{
DataSet ds2 =Dt.GetLsts ("select * from Departement");
...
} GetLs and GetLsts are not the same method ...
And to be honest, doing SQL that way is a very poor idea.
The trouble is that it's prone to SQL Injection. Suppose you want to get departments that all use the same SalesCode - that's easy, add a WHERE clause that specifies the code:
DataSet ds2 =Dt.GetLsts ("SELECT * FROM Departement WHERE SalesCode = " + salescCode);
But ... that's really dangerous!
Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood' The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable; Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x'; A perfectly valid SELECT
DROP TABLE MyTable; A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
And your system has no way to add parameters to a command, because you don't create the command until you have built the command string!
I'd strongly suggest you scrap that code and "do it properly" instead.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|