Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 06 17:17

    hoyosjs on fix-mac-icu

    (compare)

  • May 06 16:50
    azure-pipelines[bot] commented #28147
  • May 06 16:50
    wtgodbe commented #28147
  • May 06 16:46
    jkoritzinsky commented #28147
  • May 06 16:36
    mangod9 commented #28143
  • May 06 16:34
    hoyosjs commented #28147
  • May 06 16:29
    ViktorHofer commented #28147
  • May 06 16:21
    Anipik commented #28147
  • May 06 14:50
    janvorli milestoned #28143
  • May 06 14:50
    janvorli labeled #28143
  • May 06 13:59
    ViktorHofer commented #28147
  • May 06 13:49
    aik-jahoda commented #28143
  • May 06 13:48
    aik-jahoda commented #28147
  • May 05 20:34
    sywhang commented #28165
  • May 05 20:34
    sdmaclea commented #28164
  • May 05 20:31
    sdmaclea synchronize #28164
  • May 05 20:30
    sdmaclea closed #28168
  • May 05 20:30
    sdmaclea opened #28168
  • May 05 20:11
    sdmaclea synchronize #28164
  • May 05 20:11

    agocke on 3.1

    [release/3.1] Port 6.0 fix to A… (compare)

Carlo Kok
@carlokok
But they would require pinning.
Joe4evr
@Joe4evr
hmmmm....
Carlo Kok
@carlokok
This is going to be an interesting project
Joe4evr
@Joe4evr
if you weren't married to 4.X, you could use the new GC APIs to allocate your objects on the Pinned Heap (so there's no need to manually pin)
Carlo Kok
@carlokok
One (other) option would be to use the regular allocation apis (marshal.alloc*) as rust doesn't do interfaces and classes, only structs.
But it would become a c++ level language pretty quickly.
Joe4evr
@Joe4evr
¯\_(ツ)_/¯
Carlo Kok
@carlokok
hahah :) sorry
It's getting a bit off topic
thanks for the help
Joe4evr
@Joe4evr
maybe build your core API in C++/CLI then? :laughing:
Carlo Kok
@carlokok
i have a compiler with vb, c#, pascal, java, go as frontends running on .net
I want to see if it's possible to map rust now
Joe4evr
@Joe4evr
yea.... I sincerely doubt it
Carlo Kok
@carlokok
oh I'll win this battle; the real question is how fast it's going to be
masonwheeler
@masonwheeler
Oh hey @carlokok, haven't seen you in a while!
Carlo Kok
@carlokok
yo @masonwheeler. Been busy yeah
masonwheeler
@masonwheeler
Well, welcome to Dotnet gitter :smile:
John Cullen
@john-cullen
is there a simple way to return an Expression<Func<T>> instead of a Func<T> from an expressiontree or will I need to do something like Expression.Call(Expression, "Lambda", Expression.Lambda(...etc)))
mogo-edenpark
@mogo-edenpark
do you guys know how to get the password from the table as a normal string?
I use .net framework core 3.1
Stephen A. Imhoff
@Clockwork-Muse
@mogo-edenpark - define "normal string". In almost all modern auth systems the string is actually encoded for a specific password handling library (besides salting and hashing), so the "raw" string shouldn't be useful anyways.
mogo-edenpark
@mogo-edenpark
I need to show the actual password to the user. The password is hashed and salted and then saved to the database.
I need to descrypt the hashed and salted password to get as a normal string
Joseph Musser
@jnm2
Being able to show a user a previously-entered password is a sign that the passwords are being mishandled.
Hashes are one-way by design.
masonwheeler
@masonwheeler
Exactly. You can't "decrypt" a hash, because hashing is something different from encryption.
mogo-edenpark
@mogo-edenpark
@jnm2 I understand that, but is there built-in method with userManager to decrypt the password?
Joseph Musser
@jnm2
No, because there is no password stored (unless passwords are being mishandled). Only hashes.
You can let the user reset their password, but if you can retrieve their password, you're endangering them.
Stephen A. Imhoff
@Clockwork-Muse
What problem are you actually trying to solve here? Not as in "show password to user", but what do you think you need the password for? Why do you want the password? Because usually there's a better way to handle that.
mogo-edenpark
@mogo-edenpark
Admin might need to tell the password when the user forgets. The best way for them to do is just changing the password?
Joseph Musser
@jnm2

The best way for them to do is just changing the password?

For sure.

mogo-edenpark
@mogo-edenpark
But is that possible to get the password encrypted with the algorithm entity framework uses
Joseph Musser
@jnm2
You do not want to subvert your users' security.

https://pages.nist.gov/800-63-3/sp800-63b.html:

Verifiers SHALL store memorized secrets in a form that is resistant to offline attacks. Memorized secrets SHALL be salted and hashed using a suitable one-way key derivation function. Key derivation functions take a password, a salt, and a cost factor as inputs then generate a password hash. Their purpose is to make each password guessing trial by an attacker who has obtained a password hash file expensive and therefore the cost of a guessing attack high or prohibitive.

Users often use the same password multiple places, and databases are breached and sold or dumped online all the time. Usually the website owner doesn't find out for weeks, sometimes never finds out.
Don't go against common wisdom on this. Lots of people think they're a special case. They're not.
Stephen A. Imhoff
@Clockwork-Muse
If you're thinking of something like "I need the admin to tell the user what their reset password is" (common for things like corporate accounts), the admin decides the password, changes it (and sets an expiration to "next login"), and tells the user what the new password is. The password is still not recoverable, but is still communicable. Note that there are tools to help with this (up to and including things where the admin never sees even the temporary password).
mogo-edenpark
@mogo-edenpark
Thank you guys!
Joe4evr
@Joe4evr

Users often use the same password multiple places, and databases are breached and sold or dumped online all the time.

see also: haveibeenpwned.com

kelly
@kellyprankin
I'm having a bit of trouble testing a middleware. My middleware has an HttpClient it is using through dependency injection. It seems like I cannot register an HttpClient properly for my middleware.
services.AddHttpClient<MyMiddlewareClass>();
but when I try to run my unit test it cannot resolve the HttpClient
even though the test does invoke the proper service collection to get that HttpClient
I set a debug point and I clearly see the services.AddHttpClient being called
sqbitz
@sqbitz
I'm trying to run dotnet on Android using proot ubuntu. I get everything installed and running but when I try to do anything with dotnet I get ./dotnet --info
Failed to create CoreCLR, HRESULT: 0x80004005
Jan-Willem Spuij
@jspuij
Which version of dotnet?
5.0?
sqbitz
@sqbitz
3.1.10