| # |
Jul 12th 2018, 16:47 |
 chris-andre |
When using google dev. tool, it says response content is image, and shows image as expected. So thats why I think image is rendered properly. |
| # |
Jul 12th 2018, 16:46 |
josbeir |
or do i need to set all paths in the cli argument |
| # |
Jul 12th 2018, 16:45 |
josbeir |
can paths be sephpcs phpcs.xml.dist ? |
| # |
Jul 12th 2018, 16:45 |
flavius |
yeah, withFile does set the type and the size internally |
| # |
Jul 12th 2018, 16:45 |
chris-andre |
I will try what you suggested. If it doesn't help, it might be some conflict between cakephp and TCPDF with mb_internal_encoding(). |
| # |
Jul 12th 2018, 16:44 |
flavius |
oh, my image was in the database, not saved on disk |
| # |
Jul 12th 2018, 16:41 |
chris-andre |
I thought `$this->response->withFile()` did that? |
| # |
Jul 12th 2018, 16:41 |
flavius |
thats how i do it, but not with TCPDF |
| # |
Jul 12th 2018, 16:41 |
flavius |
``` // show image return $response ->withType(...mime...) ->withLength(...size...) ->withStringBody(...contents...); ``` |
| # |
Jul 12th 2018, 16:37 |
flavius |
are you sending the correct headers as well? |
| # |
Jul 12th 2018, 16:24 |
chris-andre |
It's probably not cakephp topic, but giving it a shot if someone has solved something like this before. |
| # |
Jul 12th 2018, 16:22 |
chris-andre |
Hi. I'm using TCPDF. When adding `<img src="/img/cake.power.gif" />` it works, but when I use `<img src="/users/img" />`it doesn't show the image. img() action in UsersController has `return $this->response->withFile('{path_to_file}')`. When I navigate to /users/img, the image is shown as expected. Any ideas? |
| # |
Jul 12th 2018, 16:16 |
mdunham_ |
hola amigos |
| # |
Jul 12th 2018, 15:42 |
camdenbassett |
a-password-multiple-times |
| # |
Jul 12th 2018, 15:42 |
camdenbassett |
after doing a little more research, it looks like it might be a better idea to just switch all the passwords to a single stronger hash rather than running them through multiple hashes. Basically the hash might only be as strong as the weakest hash in the chain https://softwareengineering.stackexchange.com/questions/115406/is-it-more-secure-to-hash- |
| # |
Jul 12th 2018, 15:38 |
camdenbassett |
no, as far as I know no-one has gotten the DB. Just wanting to upgrade it before there is trouble. |
| # |
Jul 12th 2018, 15:38 |
ricksaccous |
if you assume someone did already then it's not safe because someone has the unhashed passwords anyway |
| # |
Jul 12th 2018, 15:37 |
ricksaccous |
well if someone already compromised your database, yes, if not it's fine, lol |
| # |
Jul 12th 2018, 15:36 |
camdenbassett |
I was using them as examples. Basically my main question is, is it safe to send a password through multiple hash algorithms if one of them is insecure, like md5, and others are more secure, like sha or Argon. |
| # |
Jul 12th 2018, 15:35 |
neon1024 |
Wasn’t there a shell to populate counter_cache fields? |
| # |
Jul 12th 2018, 15:35 |
camdenbassett |
and I know md5 and sha1 aren't very secure anymore :) |
| # |
Jul 12th 2018, 15:34 |
dereuromark |
That was the old 2.x docs: https://github.com/dereuromark/cakephp-shim/blob/2.x/docs/Auth.md |
| # |
Jul 12th 2018, 15:34 |
camdenbassett |
Thanks, I'll take a look at that. |
| # |
Jul 12th 2018, 15:33 |
ricksaccous |
https://book.cakephp.org/3.0/en/controllers/components/authentication.html#changing-hashing-algorithms |
| # |
Jul 12th 2018, 15:32 |
ricksaccous |
i haven't done it i just know it exists, lel |
| # |
Jul 12th 2018, 15:32 |
ricksaccous |
you can set the old method and set the new one, and it will make it secure for you |
| # |
Jul 12th 2018, 15:32 |
dereuromark |
and use a fallback hasher to upgrade since 3+ years |
| # |
Jul 12th 2018, 15:32 |
dereuromark |
you should use neither of them :slightly_smiling_face: |
| # |
Jul 12th 2018, 15:32 |
ricksaccous |
there's a cakephpway to redo password hashing |
| # |
Jul 12th 2018, 15:30 |
camdenbassett |
I just need to know if there are any advantages/disadvantages to sending a password through md5 then sha vs just through sha. I have an old old old password system that I'm trying to upgrade, and the easiest route would be to just apply one hash on top of another, but I remember reading online somewhere that that might not be very secure. |
| # |
Jul 12th 2018, 15:28 |
dereuromark |
yes |
| # |
Jul 12th 2018, 15:28 |
camdenbassett |
@dereuromark was that question directed at me? |
| # |
Jul 12th 2018, 15:28 |
josbeir |
too much code |
| # |
Jul 12th 2018, 15:27 |
josbeir |
pff i hate writing unit tests for components |
| # |
Jul 12th 2018, 15:26 |
dereuromark |
those are good defaults, and rather safe :slightly_smiling_face: |
| # |
Jul 12th 2018, 15:25 |
dereuromark |
what do you need to know/do besides what CakePHP offers out of the box? |
| # |
Jul 12th 2018, 15:25 |
camdenbassett |
Anyone know of a good irc channel to discuss the cryptographic storage of passwords? |
| # |
Jul 12th 2018, 15:24 |
josbeir |
np |
| # |
Jul 12th 2018, 15:24 |
okelet |
thanks! |
| # |
Jul 12th 2018, 15:24 |
okelet |
i will try with a migration, unmarking every time i run it |
| # |
Jul 12th 2018, 15:24 |
okelet |
yes, i know, i have some migrations |