webweaving: some SQL sites for Xianzhi

Introduction to SQL

Teach Yourself SQL in 21 Days

SQLCourse 1 and SQLCourse 2

SQL Injection Attack at SQLZoo.net

Database eLearning

Enjoy 'em, dai dai.

webweaving: yet another crypto related nonsense idea

Now, if we're doing a standard DHM style public key-private key kinda thing, then the session key, then the whole pseudo-Feistel network of randomly chosen ciphers/modes/IVs, and sticking the whole thing back together, it'll have defined headers like PGP. Which isn't necessarily what's needed, here.

So what if there's a separate pair of public/private keys used for additional obfuscation? Generate the second shared key, and expand it to the proper length with a given function. Then XOR all the data with the second expanded key. Blam, no more header.

webweaving: more precipitation-induced brain mush.

So if the basic DHM asymmetric arrangement where a sends b a message is (((g to the a)mod p)to the b) mod p , and out pops the shared key, couldn't we try something like:

a picks (some group of keys) as a key group.
b picks (some other group of keys).
All key group values are > 1 and < p. Otherwise, they're unrelated.

Meh. Had something in mind here. This is what happens when I don't write this down exactly when it goes flyin' by.

I think it had something to do with using a separate key for signing, and a third key for additional nonsense. Bleh.

webweaving: scrap and redo planning

The bot (ingame) will be used to a)record/change user passwords and b)relay infowindows to users. Additionally, admins should be able to add/drop members. The bot is also responsible for relaying queries to other bots for database replication. Bots should maintain a copy of all username, messages, news reports, department listings, whatever that could be stored in the database.

The client app should be able to a)send/receive gridmail messages, b)access the bulletin boards, c)access/submit netlog posts and comments. The client app should store the user's gridmail messages and netlog posts locally. Could store bulletin boards/other netlogs/departmental listings locally, too. Just not other users' gridmail messages. Possible direct connect chat?

Ideas: utilizing (poorly thought out replica asymmetric key encryption) to prevent storing cleartext, and so that only the proper user (or at least the one with the key) can decrypt. This doesn't necessarily preclude further obfuscation of text, but should provide a minimum level of security. Could try doing the one-time key->symmetrically encrypt text / public key encrypt->one-time key (send recipient bundled encrypted one-time key and symmetrically encrypted ciphertext).

Passwords need to be set by sending an ingame tell to one of the bots- can't be set outside of the game, so authentication is handled by the game, and the username associated with the password will be stored in the db by the bot. Won't be able to use the app to decrypt without signing in, so storing the private key with the app (outside the db) should be less of an issue.

The website should really just be a variation of the client application. Will record queries made to its own database, cache the queries made, and relay the cached queries to other client apps/ingame bots. Should display bulletin boards, gridmail, and netlogs, along with departmental directories. Password creation should only be done via ingame bot, and lost password requests should only be sent by ingame tell.

Data replication- perhaps instead of relaying IRC->tells, each app could have a script called that would add the particulars to the local queue. Have 'em listen on whatever port for requests, ignore any that don't follow whatever accepted format ends up being. This would still require resolving username to IP address, which opens up a whole 'nother can of headaches, but that's part of the fun. Could store the username/IP information in a table on the website, mirrored to other websites. Then check each one down the line if things time out.