Log message #4019758

# At Username Text
# Apr 24th 2017, 11:02 aavrug I need to fetch all the row including one previous row in CakePHP3 so I want to add "BETWEEN parent.idstack-1 AND parent.idstack" Where I can add this in query builder?
# Apr 24th 2017, 10:46 NeoThermic|Work using UUIDs is simple because no one is going to brute-force a 128-bit int
# Apr 24th 2017, 10:45 NeoThermic|Work obfuscation strategies fall apart if enough samples are collected or the method of generation is known.
# Apr 24th 2017, 10:34 Neon1024 There are layers inbetween those things
# Apr 24th 2017, 10:34 Neon1024 Plus you should not be letting your url structure, and output of your api determine your internal data structure
# Apr 24th 2017, 10:34 bravo-kernel I might have remember incorrectly though ;)
# Apr 24th 2017, 10:33 bravo-kernel Obfuscating numeric id using one of the strategies would make it near impossible to harvest using url guesses
# Apr 24th 2017, 10:33 bravo-kernel I do recall firm statements about not using uuid to not kill performance
# Apr 24th 2017, 10:32 bravo-kernel Check
# Apr 24th 2017, 10:31 dereuromark bravo: no its not :slightly_smiling_face: it appears to be - which sometimes can be enough
# Apr 24th 2017, 10:31 bravo-kernel Imo
# Apr 24th 2017, 10:31 bravo-kernel Obfuscation is as secure as it gets
# Apr 24th 2017, 10:31 dereuromark if you do, use uuid16 :slightly_smiling_face:
# Apr 24th 2017, 10:30 bravo-kernel Ask @dereuromark, do not use uiid for primary ids
# Apr 24th 2017, 10:27 spriz Sneaky :)
# Apr 24th 2017, 10:24 NeoThermic|Work e.g (sorry for the function chain, but to get one line): $base36uuid = gmp_strval(gmp_init(str_replace('-', '', CakeText::uuid()), 16) , 36);
# Apr 24th 2017, 10:22 NeoThermic|Work doubly so since you can express them as base 36 (once you remove the dashes) for shorter strings in URIs
# Apr 24th 2017, 10:21 NeoThermic|Work UUIDs are a great choice
# Apr 24th 2017, 10:21 spriz UUID for primary keys <3
# Apr 24th 2017, 10:20 NeoThermic|Work I don't suggest muffin/obfuscate if you want any degree of actual secrecy, mind
# Apr 24th 2017, 10:20 NeoThermic|Work hmm
# Apr 24th 2017, 10:19 birdy247 ah I read as optimal :slightly_smiling_face:
# Apr 24th 2017, 10:19 bravo-kernel Gotta go, gl guys and girls
# Apr 24th 2017, 10:18 bravo-kernel Simply put: a must IMHO
# Apr 24th 2017, 10:18 bravo-kernel :face_with_rolling_eyes:
# Apr 24th 2017, 10:18 bravo-kernel Not optional
# Apr 24th 2017, 10:18 birdy247 Not optimal?
# Apr 24th 2017, 10:17 bravo-kernel No problem
# Apr 24th 2017, 10:17 bravo-kernel Using JsonApiListener is not even optional anymore IMO
# Apr 24th 2017, 10:16 birdy247 big thanks for writing that
# Apr 24th 2017, 10:16 birdy247 @bravo-kernel great API blog post
# Apr 24th 2017, 10:16 birdy247 :)
# Apr 24th 2017, 10:16 bravo-kernel s/use/you might want to use/
# Apr 24th 2017, 10:15 bravo-kernel @birdy use muffin/obfuscate if you want to hide your (auto incremental) ids
# Apr 24th 2017, 10:14 Neon1024 You can thanks bravo-kernel
# Apr 24th 2017, 10:14 birdy247 the JsonApi is also sweet as
# Apr 24th 2017, 10:14 birdy247 Man, CRUD + API + Search = happy
# Apr 24th 2017, 10:05 Neon1024 https://youtu.be/3Neq2ey3mgE?t=18
# Apr 24th 2017, 10:05 Neon1024 But you’ve got a CMS so you’ve already got SSL
# Apr 24th 2017, 10:04 Neon1024 So worth some SSL at an absolute minimum
# Apr 24th 2017, 10:04 Neon1024 Will just get session hijacked, or man-in-the-middle’d etc etc