A practice exam question is formulated as such:
"Person A sends an e-mail to person B via. a HTTPS connection. Can an attacker read the e-mail in the clear?"
I haven't encountered the phrasing "in the clear" in the book, and looking it up without context, it means "no longer in danger or under suspicion". Does it just mean "once the e-mail has arrived at person B's computer"?
Related
I am trying to build a question-answer bot that needs at least 2 questions before it gives them an answer. My problem is, the probing questions are exactly the same but require different responses based on the end users answers. I am trying to have the bot suggest products based on the type of animal they have.
For example,
User: "I need help with product recommendations"
Bot: "What products do you need?"
User: "I need shampoo"
Bot: "What type of animal do you have?"
User: "A dog"
Bot: "For a dog, I would recommend {this} shampoo"
However, as I have so many animals and so many products, it often gets confused and will answer the last question with either the wrong animal and the right product, or it will answer with the right animal but the wrong product.
I have been playing around with the contexts and entities, but I have too many animals to create a context for each, as I can only have a max of 5. The entities don't really seem to help, it functions the same regardless of if the animals and products are tagged or not.
I am new to all of this and don't know any coding, but I was hoping there's someone out there a bit more experienced at this than I am and can help!
So I am making a google action in which user can book a table and I completed making it and gave it for review it got rejected and they said my skill have to use the transaction API for non paid booking table so how do I do that?
Good morning, Jigar! If your action doesn't require or accept payment, you could reframe the marketing into a "reservations" app, where your action asks the following:
"What kind of food are you in the mood for?" (User says, "Mexican food")
"Ok, I can make a reservation at a nearby Mexican restaurant. To do that, I'll need to know your approximate location. Is that alright?" (see Permissions for implementation details)
(Hit the Yelp API or Google Maps API to find a list of top rated Mexican restaurants near the user's location.)
"Ok, Yelp's top rated Mexican restaurant nearby is Super Awesome Mexican Food on Sixth Street. Would you like to make a reservation?" (user says yes)
"How many people are in your party?" (User says, "2")
"Ok. A table for two is available at [list like 7 pm, 7:30 pm, 8:00 pm, etc]. Which time would you like to reserve?" (User says, "Seven thirty")
"Ok, I'll need an email to finalize your reservation. Which address should I use?"
"Ok, your table is reserved, and an email has been sent to your inbox and the restaurant. Please show the email to the host when you arrive. Bon appetit!"
Since you said your app in non paid, this seems like it gets across the same features, without dealing with transactions or money. I'm guessing Google's review team had a problem with the term "booking", which implies money exchanges hands.
I would like to know how to protect a contract/email from being altered. The scenario is this:
Me and person X are signing a contract. So first I sign the contract, scan it in and email it to person X. Person X then print, sign, scan and email me the contract back.
My question is, how can prevent person X from altering the contract after I have signed. Is there someway to prevent this? Or a way to prove the altered contract with both our signatures on is not the same as the one I signed.
Keeping the copy I signed is not good enough because person X would simply argue I was the one who altered it. Keeping the email I sent would also not work since altering emails is trivial.
Unfortunately, there's no way to prevent this scenario in the way we currently use technology.
In many countries, there's technology infrastructure in place to securely sign digital documents, but the "print/sign/scan" cycle people have become used to prevents any kind of meaningful technological protection measures against this scenario.
If the people you're doing the contract with insists in using analog technology or the country you live in does not have the technological or legal infrastructure to make this work digitally, you'll have to revert, as Artjom B mentioned, to a trusted third party - a witness or a notary.
From a more legal viewpoint (IANAL and TINLA)
Keeping the copy I signed is not good enough because person X would
simply argue I was the one who altered it. Keeping the email I sent
would also not work since altering emails is trivial
In this last paragraph, the tone of your question indicates that you're more worried about providing technological proof of your claims than the fact that your claims are true. If a contract is ever contested (which may or may not be unlikely), it's not up to you to provide technological proof. It's up to the court to decide using preponderance of evidence.
Yes, from some programmer's viewpoint, altering a local email is technologically trivial - but for most people that's arcane black arts (or impossible).
If it reassures you, the original email is very probably retained in the service provider independently of your local modifications, and will be available on legal request.
Finally, forgery is a serious offense - my guess is that most people won't engage in it without a very strong motivation. Consider carefully if this is the case.
A quick question regarding BAN logic.
Say I have derived that A believes B said {Kr}Ka
I already know that fresh(Ka).
Can I then conclude that as fresh(Ka) then {Kr}Ka is also fresh.
In a nutshell my question is: if I have a message encrypted by a key which is fresh, can I conclude the whole message is fresh?
Thanks for your help.
From How are Value Objects stored in the database? :
Assume that a Company and Person both have the same mail Address.
Which of these statements do consider valid?
1."If I modify Company.Address, I want Person.Address to automatically get those changes"
2."If I modify Company.Address, it must not affect Person.Address"
If 1 is true, Address should be an Entity
If 2 is true, Address should be a Value Object.
Shouldn't in the above model the mail Address be a Value Object, since even if Company and Person have same mail, this mail still doesn't have a conceptual identity?
In other words, if initially Company and Person share initial.address#gmail.com, but then get new mail new.address#gmail.com, then we can argue that mail address initial.address#gmail.com itself didn't changed, instead Company and Person replaced it by new.address#gmail.com ?
Thus to my understanding a mere fact that Address is shared shouldn't be enough to give it personality (ie identity)?!
Thank you
Yes, your understanding is correct. Address should almost always be a value object, since in most domains, the address is indeed just a value.
The fact that a Company and a Person have the same Address today does not mean that if one changes, the other should change too. If such a relationship exists, it should be modeled through an explicit constraint rather than by making Address an entity.
Eric Evans talks about this in his excellent book on Domain-Driven Design and even provides a specific example where Address might be an entity -- the postal service, whose domain revolves around addresses, and where the identity of individual addresses is important.
Actually, the mail has a conceptual identity. The problem is that you aren't really modeling the e-mail address, but the Contact Information of a Person and/or the Contact Information of a Company.
Continuing with the topic, value object vs identity object is more an implementation decision rather than a "absolute truth".
You could use an immutable value object and when you tell the system "change address a for address b" search for all instances of address A in both person and the company, and update them to point to address b now. (or you could just update a single one of them).
Using a non-value Contact Information object is more powerful.
With:
Contact Information
{
string email;
}
You could actually have both person and company pointing to the same Contact Information object, so when you update one, you update the other too. Or you could have each of them point to a different Contact Information object, so when you update one, you don't modify the other...
BTW: e-mail has conceptual identity, since changing the e-mail address is actually what google did to me last week, when they changed my e-mail address from ending in #googlemail.com to #gmail.com... So if someone had my e-mail for both me and my company, just one update just change both instances, since in that ocassion my e-mail address changed itself... If on the other hand, I start using a different e-mail address, what changes is my contact information... My old e-mail address would still exist and be the same.
My advise is to model everything with identity, unless it's an extremely well object of a domain which you want to optimize an use as a value object for whatever reason (such as numbers, strings, etc...). But remember that it's usually a implementation decision, not something of the domain.
This is a classic case of taking something out of context.
The original question (How are Value Objects stored in the database) wasn't questioning the validity of the model, and my example wasn't to highlight these issues either. My answer was about Persistence vs Entity/VO.
I used the example of Customer, Person, and Address purely so that I could share the same Ubiquitous Language with the OP (I didn't have time to think up a better example).
I would follow casablanca's advice on this one (upvoted)