7 kyu
Hide password from jdbc url
466 of 943Javatlacati
Loading description...
Strings
Regular Expressions
Fundamentals
This comment has been reported as {{ abuseKindText }}.
Show
This comment has been hidden. You can view it now .
This comment can not be viewed.
- |
- Reply
- Edit
- View Solution
- Expand 1 Reply Expand {{ comments?.length }} replies
- Collapse
- Spoiler
- Remove
- Remove comment & replies
- Report
{{ fetchSolutionsError }}
-
-
Your rendered github-flavored markdown will appear here.
-
Label this discussion...
-
No Label
Keep the comment unlabeled if none of the below applies.
-
Issue
Use the issue label when reporting problems with the kata.
Be sure to explain the problem clearly and include the steps to reproduce. -
Suggestion
Use the suggestion label if you have feedback on how this kata can be improved.
-
Question
Use the question label if you have questions and/or need help solving the kata.
Don't forget to mention the language you're using, and mark as having spoiler if you include your solution.
-
No Label
- Cancel
Commenting is not allowed on this discussion
You cannot view this solution
There is no solution to show
Please sign in or sign up to leave a comment.
Python translation 🐍
Please review and approve.
I think this kata is more difficult than 7 kyu. It should be rate 6 or better.
If the password in the URL looks like so:
user=sys&password=[MyP4$$W0rD!]
Should we be masking the square brackets as well as the characters inside them?
Yes, in this case the square brackets would be considered part of the password.
to go on, in this example anything after password= and before a possible & would be considered part of the password, just like a real world API call.
Hi. I don't anderstand one test result: expected:<...tabase:us?password=*[********************]&user=sys> but was:<...tabase:us?password=*[qazxsw23?edcvfr45tgb]&user=sys> Whay this string qazxsw23...tgb is repleace by asteriks?
That means that you only added an asterisk to the begin of the password instead of replacinmg the password by asterisks. Why is it repleacable? Because it's a password!.
This comment has been hidden.
well since it works even for random tests it's acceptable. You can create a harder version that has perhaps some limit to the minimum time it should take.
Timing is kinda ok and isn't an issue here. The bug in my solution happens when substring in url before word
passwordused as password ;)jdbc:mysql://sdasdasdasd:szdasdasd:dfsdfsdfsdf/sdfsdfsdf?user=root&password=msqlwill produce'jdbc:*****://sdasdasdasd:szdasdasd:dfsdfsdfsdf/sdfsdfsdf?user=root&password=mysql'for example — chances are very low though, so do not bother, the point is — even random tests can fail to catch everything.pretty interesting case I have added a test for it thank you.
This comment has been hidden.
you are handling only alphanumeric ascii passwords that are actually not very secure.
Ah sure! Thx.
Really enjoyed the Kata. Needed to refresh on basic js methods and this helped a lot.
Needs more random test cases, at least for JS.
Duplicated the number of random tests for JS
...Can't you just use a for loop like a normal person does?
same in java
Sorry I'm not a "normal" person
I'd rather put in the description an example with
...passsword=...&user=...than the current one. But that's not a problem, of course.What if the password is empty? What if the URL has
password=in it twice, possibly before the??It's worth testing. My solution will fail the second case; ZED's won't ( nice one! ).
Pretty rare case the one you are thinking. If you have defined password twice in your connection string to databse certainly is a problem with your connection string so.. for simplicity let's assume that you already know that you should provide user and password in your connection string while using JDBC.
I tought the case for empty password in my solution but tought that many purist will complain about unnecessary boundary case, and that it will be perhaps more time consuming. Please let me know your opinion if you think it should be included or that it should be part of a sequel kata or perhaps stated in the description.
I don't know JDBC connection strings, so for me specifying in the description that "password=" will only occur once, in the appropriate position, would be useful. ( Actually, I only thought of the possibility when I saw Zed's solution. It's a corner case, but it seemed somewhat reasonable. )
Allowing empty passwords, or not, is entirely your choice, but I'd specify it either way. ( I'd say include the possibility. It seems fair game to me. )
Updated description. Thank you for your suggestions.