jonah
Member of DD Central
Posts: 2,031
Likes: 1,113
|
Post by jonah on Mar 13, 2017 20:30:46 GMT
Fiddlesticks. Looks like I need to move that investigation into web hosting to the top of the to do list. I suspect that it will run for a while in the morning until it hits a capacity limit.
|
|
jonah
Member of DD Central
Posts: 2,031
Likes: 1,113
|
Post by jonah on Mar 14, 2017 7:09:31 GMT
Quick kludge in place... hopefully that should keep thing ticking over for a bit.
|
|
|
|
Post by hnwlending on Mar 15, 2017 11:13:30 GMT
Can we be added please?
I've only just been made aware of your forum and it looks great, although I am completely new to forums to please excuse me if I'm not following the right etiquette!
I am the MD of HNW Lending Ltd. We are a fully FCA authorised firm (authorised in January 2017) and also have HMRC permission to offer IF ISAs and have flexible ISAs
We have been going for 3 years, have done over 150 loans, and have never lost a penny of interest or capital to date as all the loans we do are secured loans. Secured loans means first or second charge on property or taking an asset like a high value car or plane into a storage facility under our control
We are basically funded by a collection of wealthy individuals, with the average individual investor having over £100k invested in our loans. We do however allow investors to put a minimum of £5k per loan (or £10k per loan outside of the ISA). Investors choose which loans they wish to invest in and the rate investors earn ranges from about 7% to 15% depending on the risk of the loan - ie a low LTV (loan to value) first charge would pay lower interest than a high LTV second charge
My number is 07958 636 106 and email is ben@hnwlending.co.uk if you wanted to find out any more information so that you can update your post
and put our platform on
Thanks
Ben
|
|
ablender
Member of DD Central
Posts: 2,204 
Likes: 555
|
Post by ablender on Mar 15, 2017 18:04:27 GMT
Hi Ben,
Welcome to this forum. Are you open for smaller investors as well?
Cheers,
|
|
Liz
Member of DD Central
Posts: 2,426
Likes: 1,297
|
Post by Liz on Mar 15, 2017 19:25:54 GMT
Hi Ben, Welcome to this forum. Are you open for smaller investors as well? Cheers, is 4'11" 
|
|
jonah
Member of DD Central
Posts: 2,031
Likes: 1,113
|
Post by jonah on Mar 15, 2017 21:07:59 GMT
hnwlending hello and welcome. Im happy to try to add you to my little tracker. To do that I would need visibility of availability. I've had a look around but can't see it... care to point me in the right direction?
|
|
ablender
Member of DD Central
Posts: 2,204
Likes: 555
|
Post by ablender on Mar 15, 2017 23:00:39 GMT
Hi Ben, Welcome to this forum. Are you open for smaller investors as well? Cheers, is 4'11" Just about. 
|
|
ilmoro
Member of DD Central
'Wondering which of the bu***rs to blame, and watching for pigs on the wing.' - Pink Floyd
Posts: 11,330
Likes: 11,549
|
Post by ilmoro on Mar 16, 2017 1:44:48 GMT
hnwlending hello and welcome. Im happy to try to add you to my little tracker. To do that I would need visibility of availability. I've had a look around but can't see it... care to point me in the right direction? Isnt it the last column on the loans list? (need to have registered) Click on heading to bring to top.
|
|
jonah
Member of DD Central
Posts: 2,031
Likes: 1,113
|
Post by jonah on Mar 16, 2017 19:07:02 GMT
hnwlending hello and welcome. Im happy to try to add you to my little tracker. To do that I would need visibility of availability. I've had a look around but can't see it... care to point me in the right direction? Isnt it the last column on the loans list? (need to have registered) Click on heading to bring to top. That would raise two issues. I don't want to 'publish' details from a logged on portal without clear and explicit permission from that portal. Secondly, as I'm sure someone like isecguy would say, storing my valid credentials in a script is a major security bad idea. The solution if a platform wants to be added but doesn't want to have live numbers on their unauthenticated pages, is to give me a set of read only credentials which I can use to logon to the lender pages for data gathering. hnwlending if you want to do this, please get in touch, pm if you want. On a similar note, I'd be more than happy to look at AC ( chris ) or Abl ( ablrate ) or Fundingsecure ( fundingsecure ) or others if those platforms are interested. I am of course also accepting that they might not be. On my to do list (quite a way down) is to review if any other sites have recently added the relevant data to their unauthenicated pages.
|
|
|
|
Post by isecguy on Mar 17, 2017 9:50:08 GMT
Secondly, as I'm sure someone like isecguy would say, storing my valid credentials in a script is a major security bad idea. The solution if a platform wants to be added but doesn't want to have live numbers on their unauthenticated pages, is to give me a set of read only credentials which I can use to logon to the lender pages for data gathering. hnwlending if you want to do this, please get in touch, pm if you want. Hey jonah - thanks for the tag! Yes, you're right, storing unencrypted credentials in your script wouldn't be advisable.... but there are a few alternatives, some of which would require cooperation of the platforms: 1) Platform makes the information you require public on their website, and not behind a login 2) Platform makes the information semi-public - i.e. they make it available via a specific URL that whilst is publicly accessible, isn't publicised (i.e. not linked to via from their website, and excluded from indexing by search engines, etc) 3) Platform develops an API (I very long shot, I know!) However, if a platform doesn't want to do any of those things, but they are still happy for you to scrape information from behind their login gateway, then depending upon how they're going about their "session cookies", you may be able to go down this avenue... Ordinarily, when you successfully login to a site, the site returns a unique & random session "token", which is stored in your browser as a "session cookie" (which persists until you either logout or close your browser). Then instead of then having to re-send your username/password with each subsequent http request, your browser instead sends this unique session "token" along with the request, which the server then uses to identify your "authenticated" logged in session. Therefore, you could potentially manually login to a platform from the server where your script is running, grab the returned session cookie, and then insert this token into your script, and send it with each http request your script makes. As long as you're making fairly regular calls from your script (i.e. more frequently than the "idle timeout" that the site employs), you may theoretically be able to remain logged in indefinitely. Now, there is a caveat to that; some platforms may also employ an absolute session timeout (i.e. regardless of whether you're "idle" or not, the server will automatically expire your session token after X hours/days/weeks), but I know that many platforms don't! Assuming an absolute session timeout isn't in play; then all your script would contain would be a unique session token, and not your login credentials. If a platform is doing its session tokens correctly, then they should only be valid for the specific IP address (and in some instances also only for the specific browser) they were initially assigned to. This would mean that even if the source code for your "script" was revealed in some way, exposing the session token you'd been using, it would be of no use to anything outside of your server. (i.e. if someone knew your session token and tried to make a request from their own server/browser using it (known as "session hijacking"), the site would simply reject it) Of course, the above is quite a long-winded & tedious work-around; its reliability would very much depend on whether the platform allows users to remain logged in "indefinitely" or not, and its security would very much depend on whether the platform prevents "session hijacking" ("session hijacking" wasn't one of the factors I covered in my recent research, primarily because I don't have accounts with ALL 39 platforms I looked at in order to be able to fairly analyze this) The best solution - if a platform really wants to appear in your tracker - would be for them to just make the necessary information "publicly" available for you to scrape. Hope that helps!
|
|
jonah
Member of DD Central
Posts: 2,031
Likes: 1,113
|
Post by jonah on Mar 17, 2017 17:16:24 GMT
Whilst I've used a cached cookie for another 'project' the benefits of not having my password explicitly included hadn't occurred, so thanks for that. I still want to ensure I'm not taking private data without explicit agreement from the platform, so I agree the data being public in the or agreeing an alternative approach is needed, but as a technique I appreciate the simplicity.
|
|
jonah
Member of DD Central
Posts: 2,031
Likes: 1,113
|
Post by jonah on Mar 19, 2017 11:22:21 GMT
I was thinking about if there is a better way to display this information, hence the demo below.
Please note this is a single snapshot for each time period, which is taken once an hour, just after the hour. If you are looking at a fast moving secondary market, it is possible that this snapshot could be unrepresentative of the time just before or just afterwards. It is however the value provided by the site at the time my script downloaded it.
|
|
cooling_dude
Bye Bye's for the PPI
Posts: 2,853
Likes: 4,298
|
Post by cooling_dude on Mar 19, 2017 11:33:05 GMT
Right |
|
elliotn
Member of DD Central
Posts: 3,064
Likes: 2,681
|
Post by elliotn on Mar 19, 2017 11:40:40 GMT
Yeah, right.
|
|
|
|
Post by wiseclerk on Mar 19, 2017 11:48:20 GMT
Right
|
|
