scootstah
-
Posts
3,858 -
Joined
-
Last visited
-
Days Won
29
Posts posted by scootstah
-
-
Either of these:
https://github.com/mailhog/MailHog
Super easy to install and configure, and it provides a web interface on an alternate HTTP port for viewing mail. You can send mail to any email address and they will be captured in one big list in the web interface.
I've used a couple different solutions over the years, including Postfix setups with Squirrelmail or some other web client, but this is far, far better.
-
OpenSUSE has a graphical installer - just follow the on-screen instructions and click next a bunch of times. You don't need to make it more complicated than it is.
-
Why are you zero'ing your disk to install Linux? That's really not necessary... just delete any existing partitions that you want, and create a new one. As for what partition table to use, just stick with the defaults for that stuff unless you have a reason not to.
-
I was following through this article here
Well I was going to quote that site but it seems to be down? odd...
If I search opensource xss filters online, many come up, this was suggested by the article
So you're probably talking about sanitizing output to include some safe HTML, yeah? Allowing any HTML at all should really be avoided. There are better alternatives such as markdown or bbcode.
- 1
-
Looks fine to me.
-
Yes you can use SMART. That's the whole point of SMART.
-
You need to use SNI. Are you doing that?
-
No it wasn't. They're two separate things.
iptables-persistent is an iptables plugin that implements netfilter-persistent.
-
However, storing a key in a file does protect in the case of only the db being compromised, not if they can write to php files or execute arbitrary code (or shell).
Of course not. If your physical box or codebase is compromised then all bets are off. If your app can encrypt/decrypt, then attackers can encrypt/decrypt too (if they have access to your box). There's not really any way to get around that, except to not let attackers compromise your box.
You have to take a step back and assess your realistic threat model here. What exactly are you protecting your data from? If you just want to protect data in your database and over-the-wire, then basic encryption as I've described should be sufficient. If you want to protect your server from NSA scrutiny, then no, you're in way over your head.
-
Does the price increase linearly with each size? Like, is 2,red == $500? And is 3,red == $750?
If that's the case you can just define what each color's base price is and then multiply it by size.
Otherwise you'll need to map out what each color costs for each given size.
-
You'd want to use a class on links that should have the confirm dialog, and then use Javascript click events to show it.
See here:
https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener
-
Linux distributions maintain their own packages in their own repositories. You will never have the latest version when using default repositories. When the distro maintainers decide that a package version is stable enough and fit for distribution, it will be updated in the repository.
You don't need to bother trying to achieve the latest hot-off-the-press version of software on Linux. If that's what you wanted, you would probably have to compile from source at that point, and then continue doing that every single day for any new releases. Usually you can find newer major versions maintained in third-party repositories, such as for PHP7, which is very easy to install.
But if you just want Apache 2.4, use whatever the distro gives you. If you just want PHP 5.6, use whatever the distro gives you.
-
Anyway, I can't do this command to save
#/etc/init.d/iptables-persistent save
The command should be:
sudo invoke-rc.d iptables-persistent save
-
Here I'm encrypting (not hashing) actual data which will require to be decrypted, for this a password is required, the question is about how / where to store the user / site encryption password(s). (Personally I'd prefer passwords for each user.)
You could just store it in the database. But, you'll need to add the user's key to a static, secret site key in some way. If you simply use the user's key from the database to encrypt/decrypt, then the encryption is effectively useless because if there was a database breach, the attackers could just decrypt the data with the stored user key. If you add the user's key to a static site key, they would also have to compromise that key in order to decrypt.
-
You can install Apache on Linux with a single command.
apt (Debian, Ubuntu)
sudo apt-get install -y apache2
yum (CentOS, Fedora, RHEL)sudo yum install -y httpd
There's no need to compile it yourself unless you know what you're doing. -
Then you would have to publish your code for people to pay, download and install on their website; Then someone could do the same and make changes to your extension's code and make it look different and upload to the marketplace to compete against your own product in which it was originally your own.
Then use proper licensing. If that is too much risk for you then you might as well not bother writing any extensions.
- 1
-
However what is stopping a developer from taking an entire piece of code and editing every aspect of the file to make it his own?
Nothing is stopping anyone from doing that. If you can show that code is sufficiently different to the original works, then you legally didn't copy it. Who's to say you didn't both come up with the same idea and just implement it slightly differently? That's why you can't patent code.
-
In addition, if you try to pull your BS terms of service I'd like to point out the contradiction in it.
"The Company, and agents hereof, will at any given time be allowed to modify, move, or delete your content (including any accounts you may have) and that they in general have full control over your content."
Then you later state.
"By no means will any staff member change a user's account name or delete a user account. So do not ask."
Just because we can doesn't mean we will.
- 1
-
Doesn't websockets by default use 80 and 443? I don't claim to know, and base this on https://en.wikipedia.org/wiki/WebSocket.
No, websockets do not default to anything. The protocol does not mention implementation details such as port numbers.
If so, could a server that responds to websockets not act as a webserver?
Sure, you could bind your socket daemon to listen on port 80 or 443. But then you can't run a webserver like Apache.
-
Can Constant scalar expressions improve the codings in any way?
You could argue readability in some places, but eh, it's just syntactic sugar.
-
But websockets uses port 80/443 by default, no? How does it accomplish it?
No, they use whatever port the daemon is listening on.
It's not possible to use sockets without an open port to listen on.
-
You can't use ports 80 or 443 if you have a webserver installed. You can't bind to the same port.
If you can't open ports then you can't use sockets.
-
This is possible with PHP, yes. You don't need to use WebSockets though unless you plan on having a web browser client. You could just use a regular TCP/UDP socket instead.
The firewall would need to allow communication on the selected port.
Start with the manual.
-
The whole point of hashing properly is if your database is stolen it's not worth it to try and work out the passwords. If you have a salt per password and use something like bcrypt with a decent strength (unlike something like MD5 or SHA1) you're going to be pretty safe.
Yes, you are correct. Unfortunately, lots of the distributed applications written in PHP make poor decisions such as this.
SMTP for dev. Is there something awesome I don't know about?
in Linux
Posted
It's not "fake SMTP", it is a real SMTP server. It's just not designed to deliver mail to real recipients.
I'm not sure what you mean by SMTP related errors. If you mean logging errors via email, then yeah it'll work for that, as long as the error handler uses the correct address/port for mailhog/mailcatcher.