23
votes
Accepted
Is CRC pointless if I'm doing truncated HMAC?
The CRC32 does not give you any guarantees that the HMAC does not also give you. Put another way, the HMAC gives you all the guarantees the CRC32 gives you and more: the CRC32 protects against ...
- 105k
16
votes
Is CRC pointless if I'm doing truncated HMAC?
If you need secure authentication, use only the untruncated HMAC.
Assuming you don't care about security (which would be the case if you used a 4-byte HMAC), a CRC is actually better for detecting ...
- 414
13
votes
Accepted
Relational integrity without relations
The reasons for such design decisions are often not technical ones, but organizational ones. I have seen this happen in the real world, in situations of the following kind:
At the time when the ...
- 220k
10
votes
Is CRC pointless if I'm doing truncated HMAC?
The purpose of a Message Authentication Code (MAC), of which the HMAC is an example, is to prove both the authenticity and the integrity of the message.
The integrity protection is often framed as a ...
7
votes
Constraint to enforce pairwise distinctness of values in two columns in table
Obviously it's a complicated constraint for which you can't expect there to be a direct, built-in form of expression.
The way I'm reading it, it's that the pairing of X/Y can recur multiple times in ...
- 12.6k
6
votes
Accepted
Is it possible to spoof a recipient in a SMTP transaction? If not how does SMTP prevent this from happening?
This is even possible without a rogue SMTP server. Alice has no access to the SMTP communication, so she cannot possibly know which addresses you sent the email to.
The only thing that Alice has ...
- 105k
4
votes
In data engineering, why is data integrity checked on the DW rather than on the data sources?
The kinds of requirements you need to store data is very different from the kind of requirements you need to run a set of computationally complex calculations on a data set, and while this is not the ...
- 59.5k
4
votes
In data engineering, why is data integrity checked on the DW rather than on the data sources?
In this case, wouldn't it be better to run the assertions against the original data since this would mean the app runs on some invalid data? This is the part that I don't get.
There's several ...
- 12.6k
3
votes
Is CRC pointless if I'm doing truncated HMAC?
CRC in addition to HMAC is pointless if you only verify the checksum at the final recipient, i.e. as a purely end-to-end protocol. However, it can be useful if the checksum is verified at intermediate ...
3
votes
Accepted
When reconstructing file B from file A and a binary difference B-A, given that A and B-A are correct, do we still need to verify the integrity of B?
The key thing to consider is: How will you handle the situation when this unlikely scenario occurs?
If you just get and error and can regenerate b some other way, well the impact is going to be very ...
- 84.4k
3
votes
Accepted
Designing persistence guarantees in an ingestion pipeline with a non-customizable intermediary
VictoriaMetrics ingestion path is built to process data in a streaming fashion for performance reasons. Data is accepted as a stream and re-processed (conversion to internal structs and applying user-...
- 146
2
votes
Designing persistence guarantees in an ingestion pipeline with a non-customizable intermediary
Given that you are verifying a migration of old data rather than live streaming ingesting current data I think you can do it by adding an extra step. Although this might fail your "built in" ...
- 84.4k
2
votes
Relational integrity without relations
This is a trend I'm seeing more and more across many industries - a flatter data structure that is far more sanguine about data redundancy.
Perhaps we shouldn't be too surprised about this ...
- 9,843
1
vote
How to present serious flaws in third-party software to non-technical users
Issue 1: Database with no foreign keys
These days, I grant you, this is unusual.
However, for older applications, where the vendor tried to keep the database "vanilla" just in case they ...
- 13.1k
1
vote
How to present serious flaws in third-party software to non-technical users
You're having technical issues and want to sell those to non-technical (thus business) people.
You're going to have to find a business reason for them approving the changes you seek to make, not ...
- 10.1k
1
vote
How to present serious flaws in third-party software to non-technical users
As mentioned in the thread I linked to, there are database issues. I may have been a little incorrect on my terminology in the original thread, but basically there are no foreign keys. From the ...
- 12.6k
1
vote
When reconstructing file B from file A and a binary difference B-A, given that A and B-A are correct, do we still need to verify the integrity of B?
release process
At a bare minimum,
you must produce b.tar from binary patches in CI/CD
and automatically verify that its hash matched the desired hash.
This mitigates the risk of seldom-triggered bugs ...
- 7,911
1
vote
How to verify that a legitimate (but unknown) remote asset from an unknown source has not been compromised and that its integrity remains intact?
I'm trying to understand how it will be possible (I refuse to believe it isn't possible) to verify the integrity of a new unknown remote asset from a new unknown source, when you cannot say for ...
- 120k
1
vote
Accepted
DDD Best way to preserve integrity of entity
The first level for managing integrity is the aggregate:
AGGREGATE: A cluster of associated objects that are treated as a unit for the purpose of data changes. External references are restricted to ...
- 82.2k
1
vote
Accepted
Design/Process in respect to mission-critical systems (Web Services)
You should use a third-party library or build your own system which immediately writes to a database prior to attempting anything further. Should something go wrong, you still have that information ...
- 22.9k
1
vote
Relational integrity without relations
What's the real problem ?
The real problem here, is not the absence of referential integrity and other critical constraints: it's the fact that the database is used as an interface media without ...
- 82.2k
1
vote
Relational integrity without relations
I often skip referential integrity in the DB i.e. FK constraints
But I always have unique PKs.
So in my case its more like a lack of strict relationships over all. Sure you can have a customer ...
- 84.4k
Only top scored, non community-wiki answers of a minimum length are eligible