Copy the structure but not the data.

Posted by vertis in uncategorized on Feb 9th, 2010 | No Comments
I’m working on a prototype at the moment that requires me to insert data into offline tables (offline as far as Documentum is concerned). The examples that I’ve found all resort to specifying the exact structure of the table. create table DMI_OBJECT_TYPEx ( R_OBJECT_ID VARCHAR2(16) NOT NULL, I_TYPE NUMBER(10,0) NOT NULL, I_PARTITION NUMBER(10,0) NULL); The example above is smaller than most of the tables I have to create. The weakness with this is that you have to look up the table structure. The writers probably chose this method because the much simpler syntax shown below also brings any data that is in the table. CREATE TABLE DMI_OBJECT_TYPEx AS SELECT * FROM DMI_OBJECT_TYPE; My initial thought was why not copy the table and then just truncate it, but after a bit of searching I stumbled upon the solution. Essentially adding a WHERE clause to the end of the query that never evaluates to TRUE enables us to take the structure without the data. CREATE TABLE DMI_OBJECT_TYPEx AS SELECT * FROM DMI_OBJECT_TYPE WHERE 1=2;

RockYou gets rocked by hackers

Posted by vertis in security, technology on Dec 17th, 2009 | No Comments

(And I’m hilarious)

Seems that simple lessons don’t get learned. Don’t get get me wrong, its very hard to protect every aspect against hackers who try to pry they’re way into your site. Storing passwords in plain-text is just dumb though. Even if the passwords for your own site are hashed, the proliferation of storing third party login details (which you could still encrypt with a symmetrical key) is a time bomb.

RockYou is just the latest site on the internet to learn this hard lesson. Supposedly the hacker is one of the good guys, but there is no guarantee that someone else didn’t get the information as well. It’s an argument for doing away with passwords altogether, how long will it be until we can use public/private key authentication with websites. It is now accepted best practice with SSH, since the advent of widespread SSH bruteforcing.

Private key authentication solves a lot of the problems with websites storing password information, the hacker would have gained nothing besides the ability to verify users were who they claimed to be.