| # |
Apr 15th 2019, 15:03 |
 jeremyharris |
cake passes that ini value (or sets it to secure by default) when configuring the PHP sessions so PHP should kick in with the proper security |
| # |
Apr 15th 2019, 15:02 |
jeremyharris |
it’s the session cookie and not a different cookie? |
| # |
Apr 15th 2019, 15:02 |
jeremyharris |
are you sure it |
| # |
Apr 15th 2019, 15:01 |
jeremyharris |
(taking a look at the code) |
| # |
Apr 15th 2019, 14:59 |
unclezoot |
'Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account.' |
| # |
Apr 15th 2019, 14:58 |
unclezoot |
that's what i thought, but in Chrome Dev Tools (Application>Cookies) the Secure tickbox is not ticked, and the penetration testing report flagged this up as a 'medium risk': The cookie does not contain the "secure" attribute. |
| # |
Apr 15th 2019, 14:55 |
jeremyharris |
if you’re on ssl |
| # |
Apr 15th 2019, 14:55 |
jeremyharris |
it is set to `true` by default |
| # |
Apr 15th 2019, 14:49 |
unclezoot |
does anyone know how to set the 'secure' flag on a session cookie in cake3? 'Session.ini.session.cookie_secure' => true isnt doing anything for me |
| # |
Apr 15th 2019, 14:48 |
unclezoot |
yeah i think that's what the guy at work ended up doing, some sort of cronjob to keep the lambda alive |
| # |
Apr 15th 2019, 14:42 |
jeremyharris |
because of the warmup time - which you could ping to keep awake if you needed to |
| # |
Apr 15th 2019, 14:41 |
jeremyharris |
I use s3 and cloudfront - no need for lamda because mine is statically generated. lamda is good for little tasks that get a lot of consistent hits |
| # |
Apr 15th 2019, 14:41 |
ricksaccous |
i hardly remember anything from the course though because i don't really use AWS a lot |
| # |
Apr 15th 2019, 14:41 |
ricksaccous |
you'll still need to pay for the db but yep |
| # |
Apr 15th 2019, 14:40 |
ricksaccous |
removes the need for an ec2 instance |
| # |
Apr 15th 2019, 14:40 |
ricksaccous |
i took an aws training course, the instructor pretty much advocated using nothing but lambdas and s3 buckets to serve websites |
| # |
Apr 15th 2019, 14:36 |
neon1024 |
Wouldn’t that depend on your EC2 and S3 instances |
| # |
Apr 15th 2019, 14:36 |
unclezoot |
there's a problem with wakeing them up i believe, i.e. a cold start takes some time |
| # |
Apr 15th 2019, 14:36 |
unclezoot |
node specifically |
| # |
Apr 15th 2019, 14:35 |
unclezoot |
main guy has, he's very keen on them so will using them shortly |
| # |
Apr 15th 2019, 14:35 |
neon1024 |
Have you tried Lambdas? |
| # |
Apr 15th 2019, 14:35 |
unclezoot |
yup |
| # |
Apr 15th 2019, 14:35 |
neon1024 |
Anyone running stuff in AWS? |
| # |
Apr 15th 2019, 14:35 |
unclezoot |
afternoon, how do you make the session cookie 'secure'? I've tried updating my app.php's 'Session.ini.session.cookie_secure' => true, but doesn't appear to be doing anything on my https site, not sure what else to try? |
| # |
Apr 15th 2019, 14:00 |
jeremyharris |
so you could do `select (getrank(column1, column2) as rank` when you needed ranking |
| # |
Apr 15th 2019, 14:00 |
jeremyharris |
yeah sounds like a special method. you may want to use a custom DB function that holds the logic on how you “rank” your results based on what you wrote above |
| # |
Apr 15th 2019, 13:58 |
ricksaccous |
next relevant would probably be first word matched |
| # |
Apr 15th 2019, 13:58 |
ricksaccous |
most relevant would be a result like both words together |
| # |
Apr 15th 2019, 13:58 |
ricksaccous |
i would prob do an or, with likes in them |
| # |
Apr 15th 2019, 13:57 |
ricksaccous |
basically i want to do a like match on a field but let's say two words are used for the search, i'm thinking i want the most relevant 2 matches |
| # |
Apr 15th 2019, 13:57 |
ricksaccous |
haha |
| # |
Apr 15th 2019, 13:57 |
ricksaccous |
ugh |
| # |
Apr 15th 2019, 13:57 |
ricksaccous |
but on the second query i might still want to order by case :( |
| # |
Apr 15th 2019, 13:56 |
ricksaccous |
haha yep |
| # |
Apr 15th 2019, 13:56 |
jeremyharris |
:+1: always more than one way to solve the problem |
| # |
Apr 15th 2019, 13:55 |
ricksaccous |
so i'll do two queries and conglom the results how i want |
| # |
Apr 15th 2019, 13:55 |
ricksaccous |
I'm thinking I'll just divide what i'm doing in two queries anyway because I want the first where clause to prioritize the second where clause, but i might not want to do the first where clause anyway depending on information given to me from elsewhere |
| # |
Apr 15th 2019, 13:54 |
jeremyharris |
@ricksaccous I’ve put a case statement in an order clause once. in the end the code didn’t stick around but I may be able to help |
| # |
Apr 15th 2019, 13:52 |
jeremyharris |
oh were you using validation rules this whole time? I read it as “rules” as in application rules smh |
| # |
Apr 15th 2019, 13:52 |
jeremyharris |
that is for validators though |
| # |
Apr 15th 2019, 13:52 |
jeremyharris |
(I’m seeing it in the code finally) |