When writing an application, it seems conceptually simpler to make many small queries. On a small scale, this seems to be okay. What about large scale applications? Would the application take a performance hit?
Here's some pseudocode that given a list of employee ids, gives you a list of employee names:
//simple function that returns a name given an employee id
func getName(var id) {
data:= sqlQuery("SELECT employee.name FROM employee WHERE employee.id = " + id + ";")
return data;
}
func Main(){
Int[] ids := [1, 2 3]
Str[] names := []
ids.forEach id => do
names.add(getName(id))
end
}
For me, this seems clean and easy to read. Every time that you want an name, provide the method with an id. Simple. But does this solution scale? What if the list of ids was 50,000 names, or even 50 million? The overhead of the DB parsing and processing each request and potential network traffic make the idea that fewer queries are generally faster, make sense. This does make the application code a bit more complex
func getName(Int[] ids) {
sqlString:= ""
ids.forEach id => do
sqlString += "or employee.id = " + id
end
Str[] names := sqlQuery("SELECT employee.name FROM employee WHERE employee.id =" + sqlString +";")
return names ;
}
This is a RESTful server implementation for my Android app. It is written in PHP, and uses MYSQL. I'm hosting it on WAMP. It accepts GET, POST, PUT, and DELETE requests. It sends and accepts responses in JSON. This was harder than expected to implement, so I hope that this helps somebody out. I launched this on my local Windows Machine for development, and on an EC2 Windows Instance.
How to setup:
Download WAMP onto your local machine.
Modify the httpd.conf which is located in wamp/bin/apache/Apache2.4.4/conf. -Append this line to the end: Alias /users "c:/wamp/www/api/index.php"
Create a folder and file named c/wamp/www/api/index.php
Place this code in index.php. (And obviously modify it to you needs.)
Restart your WAMP server. (Or start it if it's never been started.)
Navigate to the URL http://localhost/quotesNote: You may need to try http://localhost:80/quotes orhttp://localhost:8080/quotes if your server is configured as such. You may need to reconfigure wamp to accept connections on port 8080 because Skype defaults to 80.
Here' s a live demo of my Network Security team project, Music Based Authentication. Here I show authenticating with a MIDI keyboard, and on my PC keyboard.
We're most interested in your thoughts about a music based password, more than a specific implementation. Our current implementation includes but hypothetically isn't limited to taking in input from a physical MIDI keyboard, and a computer program that maps keystrokes to musical notes. (See the first iteration of our interface below!)
Description
I'm working on a team project for my Network Security class at the University of Utah. We are creating a music based authentication system. When creating a password, you not only want something that is strong and secure, but also easy to remember. Many current password methods enforce it's users to create strong passwords that are hard to remember. (e.g. You've seen password generators ask you to choose a password that contains at least one-upper case letter, one lower-case letter, one number, be at least 8 characters, have no repeated values and a special character.) We are arguing that remembering a musical melody is easier to remember than a long password string. I always seem to get songs stuck in my head, but I can never remember long and complex passwords.
Our professor has asked us to conduct a small amount of research, to branch out from our anecdotal evidence, to see if people found the idea of using music based authentication instead of regular password authentication useful.
Please take this quick 3-question survey and let us know if you think a music-based password would be useful or interesting!
Thank you for your time and interest!
Other factors to consider
There's other ways of authenticating, which are worth considering when deciding whether a music based authentication would be useful from a user point of view.
Biometrics, such as fingerprint or eye scanners.
Last Pass: a platform that stores all of your passwords
Using Facebook or Google Account to log in.
My anecdotal evidence
This idea is more of a cool novelty. I got the idea mostly because of the video game, Resident Evil. Parts of the game require you to play musical melodies on a grand piano to advance to the next part of the level.
Also I think that musical melodies, such as "Ode to Joy" are much simpler to remember than long strings. I can picture the melody quite clearly in my head, even though it has been 3 years since I've heard it or played it. I constantly find myself looking for the Forgot Password? button on many of my online accounts, even though I just reset the password a couple weeks ago.
Resident Evil, playing Moonlight Sonata to advance in the level.
Is music based authentication actually secure? How secure?
This section is irrelevant to the question we pose in our survey; I only include this if you're interested, or your decision of it's usefulness depends on whether or not the password is strong or not. There's three aspects to consider when answering this question. The second and third aspects being more interesting, and ultimately the focus of our project:
We are using a TLS 1.2 handshake to set-up a connection between a client and server that will provide key network security features, such as perfect forward secrecy, protection from an eavesdropper, server break-in, person in the middle, and offline dictionary attacks. A shared secret is used to produce session keys that will encrypt correspondence between the server and client.
We are interested in figuring out just how complex a musical password can be, how many bits of entropy does it have? Typing a string password, the only factor is the order of the individual characters. Music not only has to worry about the order of notes, but rhythm, note duration (quarter notes, half notes, eighth notes), note dynamics (ff, f, m, p), etc... We are currently researching and investigating this question.
Some passwords are easy to guess because they are common, or follow patterns. I imagine the melody of "Twinkle Twinkle Little Star" being a common password. We're interested in how to choose a strong non-predictable melody that is also easy to remember.
