user data system for a web-based e-mail service
-
As a home project, you'd expect "many" users (not quantifiable). He or she might be exploring, but that doesn't show in the question, does it? It asks specifically about "a web based email service". Do enlighten me, what kind of number of users would you assign to that question, besides my vague answer of "many"? Do explain? I give no shit about your bool DB engine. This is the Design and Architecture Cat, and the headline speak volumes that you missed. My assumption is based on the subject line and one does not build a webbased email for five users. I'm sorry I had to explain that. How much "many" is, is not relevant to you either. It is not like Google is that different from ProtonMail. 10k users or 100M users is the same project, with more servers. It does not require a special command line compiler directive if that changes, it just requires good design. Which start by NOT WRITING A DAL. Not by inquiring to quantify what "much" is. I never assume. Now, get off my lawn.
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
Remember Morrissey's lyrics in The Smiths: "It's so easy to laugh. It's so easy to hate. It takes guts to be gentle and kind."
The difficult we do right away... ...the impossible takes slightly longer.
-
As a home project, you'd expect "many" users (not quantifiable). He or she might be exploring, but that doesn't show in the question, does it? It asks specifically about "a web based email service". Do enlighten me, what kind of number of users would you assign to that question, besides my vague answer of "many"? Do explain? I give no shit about your bool DB engine. This is the Design and Architecture Cat, and the headline speak volumes that you missed. My assumption is based on the subject line and one does not build a webbased email for five users. I'm sorry I had to explain that. How much "many" is, is not relevant to you either. It is not like Google is that different from ProtonMail. 10k users or 100M users is the same project, with more servers. It does not require a special command line compiler directive if that changes, it just requires good design. Which start by NOT WRITING A DAL. Not by inquiring to quantify what "much" is. I never assume. Now, get off my lawn.
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
I've been following his other posts; and my answer was based on his pattern. You have a pattern too.
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
-
As a home project, you'd expect "many" users (not quantifiable). He or she might be exploring, but that doesn't show in the question, does it? It asks specifically about "a web based email service". Do enlighten me, what kind of number of users would you assign to that question, besides my vague answer of "many"? Do explain? I give no shit about your bool DB engine. This is the Design and Architecture Cat, and the headline speak volumes that you missed. My assumption is based on the subject line and one does not build a webbased email for five users. I'm sorry I had to explain that. How much "many" is, is not relevant to you either. It is not like Google is that different from ProtonMail. 10k users or 100M users is the same project, with more servers. It does not require a special command line compiler directive if that changes, it just requires good design. Which start by NOT WRITING A DAL. Not by inquiring to quantify what "much" is. I never assume. Now, get off my lawn.
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
Let's say you don't want to use a SQL database, but you want to create a user data system for a web-based e-mail service. You want to store the following data about each user: username password address alternate email address phone number What kind of data structure should you use? Thank you.
mike7411 wrote:
You want to store the following data about each user: ... password
If that's the user's password for your application, then you most definitely don't want to store it! Instead, store a salted hash of the password, using multiple iterations of a cryptographically-secure one-way hashing algorithm: Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^] If it's the user's password for a third-party system, then you've got a much bigger problem to deal with. The data will need to be encrypted at rest, with appropriate controls in place to ensure that nobody other than the user who owns the record can access their plaintext password. You'll need a robust strategy for storing and rotating your encryption keys. You'll need comprehensive auditing of access to those keys. And probably a million other things I haven't thought of.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
I suggest that whenever your message includes the words "get off my lawn", you rather drop the the entire message.
Religious freedom is the freedom to say that two plus two make five.
-
mike7411 wrote:
You want to store the following data about each user: ... password
If that's the user's password for your application, then you most definitely don't want to store it! Instead, store a salted hash of the password, using multiple iterations of a cryptographically-secure one-way hashing algorithm: Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^] If it's the user's password for a third-party system, then you've got a much bigger problem to deal with. The data will need to be encrypted at rest, with appropriate controls in place to ensure that nobody other than the user who owns the record can access their plaintext password. You'll need a robust strategy for storing and rotating your encryption keys. You'll need comprehensive auditing of access to those keys. And probably a million other things I haven't thought of.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
I already stated that he should store a hash value. Nice to hear that you picked that up :thumbsup:
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
