V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX  ›  DivineRapierH  ›  全部回复第 1 页 / 共 4 页
回复总数  75
1  2  3  4  
摘自 python datetime 的文档 https://docs.python.org/3/library/datetime.html

Date and time objects may be categorized as “aware” or “naive” depending on whether or not they include timezone information.

With sufficient knowledge of applicable algorithmic and political time adjustments, such as time zone and daylight saving time information, an aware object can locate itself relative to other aware objects. An aware object represents a specific moment in time that is not open to interpretation.

A naive object does not contain enough information to unambiguously locate itself relative to other date/time objects. Whether a naive object represents Coordinated Universal Time (UTC), local time, or time in some other timezone is purely up to the program, just like it is up to the program whether a particular number represents metres, miles, or mass. Naive objects are easy to understand and to work with, at the cost of ignoring some aspects of reality.

使用 timestamp with timezone 保存的就是 aware object ,不需要外部依赖就能保证信息的完整性。个人建议均使用 timestamp with timezone 。
276 天前
回复了 s4d 创建的主题 分享发现 开启专注模式引起的误会
显示这个的时候,应该还有个按钮可以强制通知的,感觉没那么容易误解?
以下节选自 https://crackstation.net/hashing-security.htm

In a Web Application, always hash on the server

If you are writing a web application, you might wonder where to hash. Should the password be hashed in the user's browser with JavaScript, or should it be sent to the server "in the clear" and hashed there?

Even if you are hashing the user's passwords in JavaScript, you still have to hash the hashes on the server. Consider a website that hashes users' passwords in the user's browser without hashing the hashes on the server. To authenticate a user, this website will accept a hash from the browser and check if that hash exactly matches the one in the database. This seems more secure than just hashing on the server, since the users' passwords are never sent to the server, but it's not.

The problem is that the client-side hash logically becomes the user's password. All the user needs to do to authenticate is tell the server the hash of their password. If a bad guy got a user's hash they could use it to authenticate to the server, without knowing the user's password! So, if the bad guy somehow steals the database of hashes from this hypothetical website, they'll have immediate access to everyone's accounts without having to guess any passwords.

This isn't to say that you shouldn't hash in the browser, but if you do, you absolutely have to hash on the server too. Hashing in the browser is certainly a good idea, but consider the following points for your implementation:

- Client-side password hashing is not a substitute for HTTPS (SSL/TLS). If the connection between the browser and the server is insecure, a man-in-the-middle can modify the JavaScript code as it is downloaded to remove the hashing functionality and get the user's password.

- Some web browsers don't support JavaScript, and some users disable JavaScript in their browser. So for maximum compatibility, your app should detect whether or not the browser supports JavaScript and emulate the client-side hash on the server if it doesn't.

- You need to salt the client-side hashes too. The obvious solution is to make the client-side script ask the server for the user's salt. Don't do that, because it lets the bad guys check if a username is valid without knowing the password. Since you're hashing and salting (with a good salt) on the server too, it's OK to use the username (or email) concatenated with a site-specific string (e.g. domain name) as the client-side salt.
290 天前
回复了 undertow 创建的主题 生活 求美剧推荐
Apple TV+ 刚出的 hijack 不错
312 天前
回复了 yuhuanxi 创建的主题 分享发现 试用了下 arc 浏览器,感觉真不错
@582217 可以 PIN 在 space 里,用 folder 来管理。可以理解为把收藏夹功能做成了 pinned url 的一个特殊情况。
我看易博通有提供短期的大陆 esim 流量套餐,可以去他们微信公众号上看看
333 天前
回复了 qsnow6 创建的主题 问与答 为什么在高速路上保持车距这么难?
@Vegetable #7 我们楼就是的,停车场出口明明只能右转了,但很多人为了少掉头一次就是要逆行那 20 米,还不是个例,据我观察统计学起码一半的车都那么开。
@xclin163 你用的 Windows 还是 Mac ,如果是 Mac 的话有个 AutoSwitchInput 的软件,可以配置进入特定软件自动切到什么输入法。
2023-03-22 17:37:14 +08:00
回复了 luke8beijing 创建的主题 问与答 HELP!求助一个微型图书馆管理软件!
刚才编辑到一半想换行结果发出去了...
我们公司就是做这个的,是 SaaS 产品,看这个规模可能不要钱。可以通过官网联系一下我们的技术支持。
jiatu.info 顶上选择嘉圕云瀚
2023-03-22 17:35:04 +08:00
回复了 luke8beijing 创建的主题 问与答 HELP!求助一个微型图书馆管理软件!
https://www.jiatu.info/ 顶上选择嘉圕云瀚
2023-01-17 16:53:56 +08:00
回复了 chevalier 创建的主题 Apple 华强北 AirPods 真香
@gw518888 原来有一天我的手机在地铁上疯狂弹窗就是因为这个
2023-01-17 14:55:20 +08:00
回复了 None2 创建的主题 Apple 购买 MacBook Pro,你是选默认中文键盘还是定制美式英语键盘?
只有外观区别,使用没有区别。
2022-12-17 14:32:08 +08:00
回复了 FishGrazier 创建的主题 视频技术 4k 8bit 能被转换为 1080p 10bit 吗?
可以用三维坐标系来类比,分辨率是 x y 轴,色深是 z 轴,两者不在一个维度没有比较的意义。
2022-11-12 13:47:30 +08:00
回复了 tonyjia87 创建的主题 Big Data ETL 方案有哪些
用 Kafka Connect 找对应的 sink connector 可以不写代码直接写入。
2022-10-27 13:36:26 +08:00
回复了 sh0wm4k3r 创建的主题 macOS intel 的 MacBook 更新 macOS 13 表现怎么样?
13-inch, 2020, Four Thunderbolt 3 ports, 32 GB RAM.
Stage manager 疯狂掉帧
好的自行车是从来不锁的
2022-09-29 14:43:49 +08:00
回复了 ikn0wzxc 创建的主题 iOS ios 日历通知
@ikn0wzxc 你看 watch 上日历的通知设置是不是镜像的 iPhone ,我镜像的 iPhone 就是和手机上完全一样的通知逻辑。
2022-09-29 10:54:20 +08:00
回复了 ikn0wzxc 创建的主题 iOS ios 日历通知
日历 APP - 底栏的“日历” - 点想操作的日历边上的 🛈 - 打开 /关闭 “通知 日程提醒”
你说的这个是不是量化?
2022-09-03 21:42:02 +08:00
回复了 magese 创建的主题 程序员 为什么公司的人写代码都无视 IDE 的警告提示?
我觉得 warning 有两种,一种是代码确实有小问题的,一种是 IDE 没理解代码它以为有问题实则没问题的。前者最好改,后者当然可以无视。
我自己不会追求 0 warning (不过确实会追求 0 typo 哈哈),但是我会把所有的 warning 都过一遍,能改则改。大多数 IDE 报的 warning 改一改也就是举手之劳,我是很乐意改的。
1  2  3  4  
关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2403 人在线   最高记录 6679   ·     Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 · 39ms · UTC 14:47 · PVG 22:47 · LAX 07:47 · JFK 10:47
Developed with CodeLauncher
♥ Do have faith in what you're doing.