# |
Apr 15th 2019, 15:19 |
neon1024 |
I’m looking to setup one of my CakePHP applications on AWS to try it ou |
# |
Apr 15th 2019, 15:19 |
neon1024 |
unclezoot, What’s the deal with Elastic Beanstalk, is that just a shortcut for setting up the bits you need to run a PHP instance in AWS? |
# |
Apr 15th 2019, 15:19 |
neon1024 |
Are we all trying the Cake 4 alpha? |
# |
Apr 15th 2019, 15:04 |
jeremyharris |
ok |
# |
Apr 15th 2019, 15:04 |
jeremyharris |
are you resetting your session each time you test new settings? |
# |
Apr 15th 2019, 15:04 |
unclezoot |
ill keep looking at it, thanks anyway |
# |
Apr 15th 2019, 15:04 |
unclezoot |
that's the fallback (which doesnt appear to be working) |
# |
Apr 15th 2019, 15:03 |
unclezoot |
it's this line isnt it? Session.php: if (!isset($sessionConfig['ini']['session.cookie_secure']) andand env('HTTPS') andand ini_get('session.cookie_secure') != 1) { |
# |
Apr 15th 2019, 15:03 |
jeremyharris |
cake passes that ini value (or sets it to secure by default) when configuring the PHP sessions so PHP should kick in with the proper security |
# |
Apr 15th 2019, 15:02 |
jeremyharris |
it’s the session cookie and not a different cookie? |
# |
Apr 15th 2019, 15:02 |
jeremyharris |
are you sure it |
# |
Apr 15th 2019, 15:01 |
jeremyharris |
(taking a look at the code) |
# |
Apr 15th 2019, 14:59 |
unclezoot |
'Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account.' |
# |
Apr 15th 2019, 14:58 |
unclezoot |
that's what i thought, but in Chrome Dev Tools (Application>Cookies) the Secure tickbox is not ticked, and the penetration testing report flagged this up as a 'medium risk': The cookie does not contain the "secure" attribute. |
# |
Apr 15th 2019, 14:55 |
jeremyharris |
if you’re on ssl |
# |
Apr 15th 2019, 14:55 |
jeremyharris |
it is set to `true` by default |
# |
Apr 15th 2019, 14:49 |
unclezoot |
does anyone know how to set the 'secure' flag on a session cookie in cake3? 'Session.ini.session.cookie_secure' => true isnt doing anything for me |
# |
Apr 15th 2019, 14:48 |
unclezoot |
yeah i think that's what the guy at work ended up doing, some sort of cronjob to keep the lambda alive |
# |
Apr 15th 2019, 14:42 |
jeremyharris |
because of the warmup time - which you could ping to keep awake if you needed to |
# |
Apr 15th 2019, 14:41 |
jeremyharris |
I use s3 and cloudfront - no need for lamda because mine is statically generated. lamda is good for little tasks that get a lot of consistent hits |
# |
Apr 15th 2019, 14:41 |
ricksaccous |
i hardly remember anything from the course though because i don't really use AWS a lot |
# |
Apr 15th 2019, 14:41 |
ricksaccous |
you'll still need to pay for the db but yep |
# |
Apr 15th 2019, 14:40 |
ricksaccous |
removes the need for an ec2 instance |
# |
Apr 15th 2019, 14:40 |
ricksaccous |
i took an aws training course, the instructor pretty much advocated using nothing but lambdas and s3 buckets to serve websites |
# |
Apr 15th 2019, 14:36 |
neon1024 |
Wouldn’t that depend on your EC2 and S3 instances |
# |
Apr 15th 2019, 14:36 |
unclezoot |
there's a problem with wakeing them up i believe, i.e. a cold start takes some time |
# |
Apr 15th 2019, 14:36 |
unclezoot |
node specifically |
# |
Apr 15th 2019, 14:35 |
unclezoot |
main guy has, he's very keen on them so will using them shortly |
# |
Apr 15th 2019, 14:35 |
neon1024 |
Have you tried Lambdas? |
# |
Apr 15th 2019, 14:35 |
unclezoot |
yup |
# |
Apr 15th 2019, 14:35 |
neon1024 |
Anyone running stuff in AWS? |
# |
Apr 15th 2019, 14:35 |
unclezoot |
afternoon, how do you make the session cookie 'secure'? I've tried updating my app.php's 'Session.ini.session.cookie_secure' => true, but doesn't appear to be doing anything on my https site, not sure what else to try? |
# |
Apr 15th 2019, 14:00 |
jeremyharris |
so you could do `select (getrank(column1, column2) as rank` when you needed ranking |
# |
Apr 15th 2019, 14:00 |
jeremyharris |
yeah sounds like a special method. you may want to use a custom DB function that holds the logic on how you “rank” your results based on what you wrote above |
# |
Apr 15th 2019, 13:58 |
ricksaccous |
next relevant would probably be first word matched |
# |
Apr 15th 2019, 13:58 |
ricksaccous |
most relevant would be a result like both words together |
# |
Apr 15th 2019, 13:58 |
ricksaccous |
i would prob do an or, with likes in them |
# |
Apr 15th 2019, 13:57 |
ricksaccous |
basically i want to do a like match on a field but let's say two words are used for the search, i'm thinking i want the most relevant 2 matches |
# |
Apr 15th 2019, 13:57 |
ricksaccous |
haha |
# |
Apr 15th 2019, 13:57 |
ricksaccous |
ugh |
# |
Apr 15th 2019, 13:57 |
ricksaccous |
but on the second query i might still want to order by case :( |