accounts – Handling multiple email addresses from same user during registration

I have a system that offers content on a quarterly basis. Users can register once, then use the same credentials to log in for subsequent quarters. Our system currently uses email address to know whether they’ve previously registered.

The problem is that a handful of users change email accounts. When this happens, it creates a duplicate account for the same person. There isn’t a benefit (in our system) for someone to use a different email address, it just creates more work for us on the back end. We have users who, over time, have used 4-5 different email addresses resulting in many duplicate accounts.

What is the best way to curb or manage this?

I thought of having the user enter their first name, last name, and email address – then using this to check for an existing account. The problem is that I don’t want to show a list of possible matches (including name and email address) to random internet users/bots.

What’s the best and easiest/friendliest way to check for and manage a potential duplicate account when registering – checking both name and email address? Could I show a partial email address, like “…der@example.com” or “acoder@………”? What about matching against common last names such as Smith or Jones, where there could be a dozen or more possible matches?

sensitive data exposure – listing email addresses of customers in the admin section of a web application

I am working on a web application. We have customers. The information of the customers are stored in the database. It is first name, last name and email address. It is stored as plain text. Under the data classification system it is DCL2 i guess. The web application do not list this information anywhere in it except the first name and last name of the customer which is displayed in the customers dashboard/homepage only after authentication.

For troubleshooting customer issues the application need to list the first name, last name and email address. This can be done in the admin section where only the administrator who just a few in numbers can inspect. The admin section is a separate module in the web application where only a few can login into it to see the customer information.

For the admin section the user info are fetched from the database as raw text by the server side script(the web app) and the info is composed as html/text information and is sent to the client(browser) for the admins to see.

Is there any vulnerability? What are the practices to prevent vulnerabilities?

public key – How did they generate these vanity addresses with 27 predetermined characters?

A while ago, I read some news about a huge transaction on the Bitcoin blockchain. The first few addresses used were apparently created with some kind of vanity address generator. One example is 1Lets1xxxxxx1use1xxxxxxxxxxxy2EaMkJ.

However I recalled, when reading up on the topic a couple of years ago, that this process is very computation hungry, since it entails a brute force search for private/public keypairs. Finding a keypair with only a few predetermined public key characters would take a long time. And indeed, the Vanitygen article on the Bitcoin wiki seems to agree – finding a keypair with 12 determined public key characters would take 11,700,000 years…

So, how did they manage to generate the public key above with 27 non-random characters?

(They say that the task of finding a private key for a specific public key is futile, but extrapolating here makes you kind of wonder…)

[Help] Best way to provide VM's with limited IP addresses.

So, I have my own project I’m working on (not going to link it here, not the place and not the time) which includes limited spec VM’s in two… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1827888&goto=newpost

Adding multiple outgoing IP addresses in Squid with different ports

I have a Squid proxy server running on CentOS 8, the server itself was supplied with an additional /27 subnet. The problem I’m having at the… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1827319&goto=newpost

address – Can a single wallet generate (and use) both SegWit and non-SegWit addresses?

Is a Segwit wallet able to generate and use non-Segwit addresses?

I’m using Bitpay’s Bitcore to create wallets and generate new addresses for the users of my platform. I’m also using Bitcore-wallet-client to sign transactions.

My users have legacy wallets right now. I intend to migrate their wallets to native Segwit, but they will also need legacy addresses so that they can receive coins from anywhere. (right?)

Is it possible to have only one wallet per user, generating both types of addresses, or will I have to manage two wallets per user?

And if I have to manage two wallets per user, utxos from one wallet won’t be available to the other, obviously. What’s the best way to deal with their ‘split balance’? Should I orient users to send all their coins to the bc1 address of the new Segwit wallet? But then, whenever they receive funds in their legacy addresses, they’d have to transfer again to the bc1 address in order to make Segwit transactions. It makes no sense – or does it? What am I missing?

bitcoin core – Is it possible to query a node for all addresses containing value?

Bitcoin-core (the full node implementation that makes up the majority of the network) does not keep an index of all addresses and balances, so without writing additional code to do the job, it is not possible. Bitcoin-core keeps track of coins via the UTXO model– the idea of ‘an address with a balance’ is just an abstraction of this that makes for a more user-friendly interface.

Of course, you could write some code to create an index of addresses and their respective balances, or perhaps find an already-existing open-source block explorer project that accomplishes this.

Is it possible to query a node for all addresses?

For instance, can I run a query on a bitcoin node, that returns all addresses with more than 1 bitcoin on them?

ubuntu – Docker Compose Outgoing IP Address on Machine with Multiple IP Addresses Assigned

Docker Compose is used to run a container on an Ubuntu 20.04 machine with multiple IP addresses assigned to its network interface (e.g. 192.168.1.100, 192.168.1.101, 192.168.1.102).

The docker containerr is currently configured to only listen on one of the IP addresses, by having the following port mapping in the docker-compose.yml file

    ports:
      - "192.168.1.101:80:80"
      - "192.168.1.101:8080:8080"

Is it posssible to configure the Docker container to use a specific IP address (e.g. 192.168.1.101) when sending outgoing traffic?

Using

  • docker 19.03.13
  • docker-compose 1.27.4
  • compose file version 3.4
  • Ubuntu 20.04

address – Compatibility questions regarding Native Segwit addresses

Sending bitcoins means to lock funds to a specific output script. The output script determines how the funds can later be spent. E.g. if funds were sent to a P2WPKH (Pay to Witness Public Key Hash) address, they can later be spent using a P2WPKH input script. If funds were sent to a P2PKH (Pay to Public Key Hash) address, they have to be spent using a P2PKH input script instead.

The (native segwit) P2WPKH input script has less weight than the P2PKH input script, so receiving funds to P2WPKH addresses will save you fees when you later spend those funds. The output scripts for both are similar in size.

enter image description here

Funds of any type of input can be assigned to outputs of any type in a transaction. You can even mix: spending a native segwit and a non-segwit input, and sending to a non-segwit and a native segwit output in one transaction works fine.
However, as you say, some wallets may not support sending to native segwit addresses. In that case, the receiver should fall back to providing a backwards compatible P2SH-wrapped segwit address which is still cheaper than non-segwit but can be sent to by almost all wallets. You can track native segwit adoption on Bitcoin Optech’s Compatibility Matrix or whensegwit.com.

My understanding is that such wallets cannot properly validate Native Segwit addresses and cannot create Native Segwit outputs. Does it also mean that such wallets cannot properly spend the outputs generated by Native Segwit addresses?

Correct. A wallet that does not know how to interpret native segwit addresses would not be able to spend funds received from a native segwit address. This is not a problem in practice, because the receiver provides the spender with the invoice address they want to receive the funds to. The receivers wallet will not generate a native segwit address, when it is unaware of native segwit.