Petr Dvořák
Petr Dvořák
Application data, such as master server keypair, are very static and generally do not change over time. Yet, we always fetch the data from the database. Maybe it is worth...
Currently, there is a collection of MASTER_KEY_PAIRs associated with every application. For the purpose of activation, the one that is the newest (ordered by `timestamp_created`) is used. We should add...
From performance testing under a very heavy load, we obtained the following stack trace indicating that our password hashing might have larger memory impact then desired: ``` 2022-01-04 10:26:14,048 [default...
We will put the new and shiny API alongside the original one to maintain the backward compatibility.
Currently, we have one large controller class. Since everything is externalized to the service, it is not a big issue but maybe we should split the controller anyway into multiple...
Since we are injecting application roles and activation flags into the authentication object, we should be able to declare expected roles and flags beforehand, as a part of the annotation,...
Since we prioritize REST over SOAP in recent releases, we do not need to limit ourselves to the constraints that were enforced by the SOAP Fault approach. We should review...
I think that we should clean up the services a bit: - Services should be annotated by `@Service` annotation instead of a more generic `@Component`. - We should probably consider...
As an option specific to a particular `pa_application`, we could introduce a new flag that would reset the authentication counter only when a user enters a correct PIN. Successful biometric...
The service behavior sometimes assumes it receives correct attribute values from our integration libraries. We should implement more bulletproof parameter checking. This issue does not have a large impact, since...