Interesting Questions of Software Engineering

1) REST ful API

Source: https://www.smashingmagazine.com/2018/01/understanding-using-rest-api/

Short: REST determines how the API looks like. It stands for “Representational State Transfer”. It is a set of rules that developers follow when they create their API. One of these rules states that you should be able to get a piece of data (called a resource) when you link to a specific URL.

2) How passwords are stored in the Database?

Source: https://www.geeksforgeeks.org/store-password-database/#:~:text=The%20password%20entered%20by%20user,is%20different%20for%20different%20users.

Short: You can generate a Random Salt for every user to secure the user's password. BUT

If the database is compromised the hacker will not only get your password hashes but also the dynamic salt used. You might be wondering then what is the advantage of dynamic salt over static salt if the attacker has dynamic salt? Even if the attacker has dynamic salt he needs to create a new hash-table (or rainbow table) for each and every user present in the database (as per dynamic salt). This is a lot more expensive operation than creating just one table for all the users.

The above approach is quite good to slow down a hacker. However, it is recommended to use algorithms like bcrypt and scrypt instead of MD5/SHA1. Bcrypt is a hashing algorithm based on Blowfish. It requires you to specify a cost/work factor. The work factor makes the overall process slower and hence time taken to generate hash-table would increase multiple times.

Read More