| # |
Sep 13th 2019, 10:46 |
 spriz |
Put all the sensitive stuff in env vars and move on :ok_hand: |
| # |
Sep 13th 2019, 10:46 |
spriz |
or just add `cp config/app.default.php config/app.php` to your deploy script :slightly_smiling_face: |
| # |
Sep 13th 2019, 10:42 |
dereuromark |
Easy enough to solve on project level though :) |
| # |
Sep 13th 2019, 10:41 |
dereuromark |
Bottom line: current approach with one big file is bad |
| # |
Sep 13th 2019, 10:41 |
dereuromark |
Fair enough |
| # |
Sep 13th 2019, 10:41 |
lilhermit |
Maybe I will do a PR |
| # |
Sep 13th 2019, 10:41 |
lilhermit |
@dereuromark The only problem I have with your blog post is add `Configure::load('app_local');` should be wrapped in a `file_exists` Personally I think `Configure::load` should support the second param being a config array so you could add a `only_if_exists` flag and then pass the merge and config key into the config array |
| # |
Sep 13th 2019, 10:34 |
dereuromark |
Someone could PR a more logical approach as I outlined. It also helps with core vs custom vs private data. |
| # |
Sep 13th 2019, 10:32 |
lilhermit |
@conehead Thanks yeah just wondered why it was default if it would instantly break on any checkout of the repo. Yeah I normally add `app.php` to repos just thought I'd review it on this new project |
| # |
Sep 13th 2019, 10:14 |
conehead |
But additionally: Noone is preventing you from actually adding the `app.php` to your repo if you really want to |
| # |
Sep 13th 2019, 10:13 |
conehead |
@lilhermit Maybe have a look at this: https://sandbox.dereuromark.de/pages/best-practices#config |
| # |
Sep 13th 2019, 09:54 |
lilhermit |
It feels like `app.default.php` should be included in the bootstrap.php |
| # |
Sep 13th 2019, 09:50 |
lilhermit |
I've never understood why `config/app.php` is gitignore'ed. obviously I understand why you don't want sensitive info in the repo but when you deploy to another environment the app auto fails because there is no app.php |
| # |
Sep 13th 2019, 09:28 |
spriz |
here maybe @info315 https://my.cakephp.org/join? |
| # |
Sep 13th 2019, 09:18 |
info315 |
Or better, how do i create the user for it? |
| # |
Sep 13th 2019, 09:16 |
info315 |
@admad Who can i access the admin area of https://github.com/cakephp/cakephp.org ? |
| # |
Sep 13th 2019, 08:54 |
conehead |
@info315 but thanks for your help. I am pretty sure I will need an API-Key shortly after |
| # |
Sep 13th 2019, 08:47 |
info315 |
@admad was a try to not spam this off topic stuff between real questions |
| # |
Sep 13th 2019, 08:43 |
admad |
@info315 if you use the silly threads i will just ignore your response :slightly_smiling_face: |
| # |
Sep 13th 2019, 08:43 |
info315 |
This code is from an Cake2 app that I'm migration to cake4 at the moment... |
| # |
Sep 13th 2019, 08:42 |
conehead |
So I call my script via http://myurl/myscript.php which `exec()`s my cake shell |
| # |
Sep 13th 2019, 08:40 |
admad |
@info315 why are you reinventing Security::randomString() ? https://api.cakephp.org/3.8/class-Cake.Utility.Security.html#_randomString |
| # |
Sep 13th 2019, 08:40 |
conehead |
No but my host allows to use exec. I could create a php script that is only allowed to be called locally. And this php script uses exec to call the cakephp shell |
| # |
Sep 13th 2019, 08:39 |
info315 |
``` public function generateApiKey($len = 80) { $bytes = openssl_random_pseudo_bytes($len, $cstrong); $apikey = bin2hex($bytes); return $apikey; } ``` |
| # |
Sep 13th 2019, 08:39 |
admad |
get your facts straight man :slightly_smiling_face: |
| # |
Sep 13th 2019, 08:38 |
admad |
`exec()` is not for URLS |
| # |
Sep 13th 2019, 08:38 |
conehead |
Well I might create an completely external script that uses exec |
| # |
Sep 13th 2019, 08:37 |
admad |
yeah there are some shitty hosts which required URLs for cron jobs too |
| # |
Sep 13th 2019, 08:35 |
conehead |
Well yes actually I can only call urls for cron jobs |
| # |
Sep 13th 2019, 08:33 |
admad |
@info315 cpanel for e.g. can give access to cron jobs but not shell access :slightly_smiling_face: |
| # |
Sep 13th 2019, 08:33 |
conehead |
I will just double check what I am allowed to do |
| # |
Sep 13th 2019, 08:32 |
conehead |
Probably this wont work lol |
| # |
Sep 13th 2019, 08:32 |
conehead |
ah well yes. |
| # |
Sep 13th 2019, 08:32 |
info315 |
Didn't you say: >I can NOT create a command and call that via console. ^^ |
| # |
Sep 13th 2019, 08:30 |
conehead |
https://book.cakephp.org/3.0/en/console-and-shells/cron-jobs.html#cron-jobs-on-shared-hosting ``` On some shared hostings cd /full/path/to/root andand bin/cake myshell myparam might not work. Instead you can use php /full/path/to/root/bin/cake.php myshell myparam. ``` |
| # |
Sep 13th 2019, 08:30 |
conehead |
thank you but already found the answer |
| # |
Sep 13th 2019, 08:30 |
conehead |
Ah |
| # |
Sep 13th 2019, 08:29 |
info315 |
I guess adding Authentication Middleware and use the `Stateless Authenticators ` like an API key as HTTP Header or in the URL like `apikey=<key>` but this is only secure if HTTPS is used |
| # |
Sep 13th 2019, 08:26 |
conehead |
I am looking for a safe way to realize this |
| # |
Sep 13th 2019, 08:25 |
conehead |
I can NOT create a command and call that via console. Our host only allows to call URLs at given times |
| # |
Sep 13th 2019, 08:25 |
conehead |
I need to send E-Mails daily at 8 am |