Log message #4203065

# At Username Text
# Sep 13th 2019, 10:47 spriz actually when you do `composer install`, exactly that is done by default :slightly_smiling_face:
# Sep 13th 2019, 10:46 spriz Put all the sensitive stuff in env vars and move on :ok_hand:
# Sep 13th 2019, 10:46 spriz or just add `cp config/app.default.php config/app.php` to your deploy script :slightly_smiling_face:
# Sep 13th 2019, 10:42 dereuromark Easy enough to solve on project level though :)
# Sep 13th 2019, 10:41 dereuromark Bottom line: current approach with one big file is bad
# Sep 13th 2019, 10:41 dereuromark Fair enough
# Sep 13th 2019, 10:41 lilhermit Maybe I will do a PR
# Sep 13th 2019, 10:41 lilhermit @dereuromark The only problem I have with your blog post is add `Configure::load('app_local');` should be wrapped in a `file_exists` Personally I think `Configure::load` should support the second param being a config array so you could add a `only_if_exists` flag and then pass the merge and config key into the config array
# Sep 13th 2019, 10:34 dereuromark Someone could PR a more logical approach as I outlined. It also helps with core vs custom vs private data.
# Sep 13th 2019, 10:32 lilhermit @conehead Thanks yeah just wondered why it was default if it would instantly break on any checkout of the repo. Yeah I normally add `app.php` to repos just thought I'd review it on this new project
# Sep 13th 2019, 10:14 conehead But additionally: Noone is preventing you from actually adding the `app.php` to your repo if you really want to
# Sep 13th 2019, 10:13 conehead @lilhermit Maybe have a look at this: https://sandbox.dereuromark.de/pages/best-practices#config
# Sep 13th 2019, 09:54 lilhermit It feels like `app.default.php` should be included in the bootstrap.php
# Sep 13th 2019, 09:50 lilhermit I've never understood why `config/app.php` is gitignore'ed. obviously I understand why you don't want sensitive info in the repo but when you deploy to another environment the app auto fails because there is no app.php
# Sep 13th 2019, 09:28 spriz here maybe @info315 https://my.cakephp.org/join?
# Sep 13th 2019, 09:18 info315 Or better, how do i create the user for it?
# Sep 13th 2019, 09:16 info315 @admad Who can i access the admin area of https://github.com/cakephp/cakephp.org ?
# Sep 13th 2019, 08:54 conehead @info315 but thanks for your help. I am pretty sure I will need an API-Key shortly after
# Sep 13th 2019, 08:47 info315 @admad was a try to not spam this off topic stuff between real questions
# Sep 13th 2019, 08:43 admad @info315 if you use the silly threads i will just ignore your response :slightly_smiling_face:
# Sep 13th 2019, 08:43 info315 This code is from an Cake2 app that I'm migration to cake4 at the moment...
# Sep 13th 2019, 08:42 conehead So I call my script via http://myurl/myscript.php which `exec()`s my cake shell
# Sep 13th 2019, 08:40 admad @info315 why are you reinventing Security::randomString() ? https://api.cakephp.org/3.8/class-Cake.Utility.Security.html#_randomString
# Sep 13th 2019, 08:40 conehead No but my host allows to use exec. I could create a php script that is only allowed to be called locally. And this php script uses exec to call the cakephp shell
# Sep 13th 2019, 08:39 info315 ``` public function generateApiKey($len = 80) { $bytes = openssl_random_pseudo_bytes($len, $cstrong); $apikey = bin2hex($bytes); return $apikey; } ```
# Sep 13th 2019, 08:39 admad get your facts straight man :slightly_smiling_face:
# Sep 13th 2019, 08:38 admad `exec()` is not for URLS
# Sep 13th 2019, 08:38 conehead Well I might create an completely external script that uses exec
# Sep 13th 2019, 08:37 admad yeah there are some shitty hosts which required URLs for cron jobs too
# Sep 13th 2019, 08:35 conehead Well yes actually I can only call urls for cron jobs
# Sep 13th 2019, 08:33 admad @info315 cpanel for e.g. can give access to cron jobs but not shell access :slightly_smiling_face:
# Sep 13th 2019, 08:33 conehead I will just double check what I am allowed to do
# Sep 13th 2019, 08:32 conehead Probably this wont work lol
# Sep 13th 2019, 08:32 conehead ah well yes.
# Sep 13th 2019, 08:32 info315 Didn't you say: >I can NOT create a command and call that via console. ^^
# Sep 13th 2019, 08:30 conehead https://book.cakephp.org/3.0/en/console-and-shells/cron-jobs.html#cron-jobs-on-shared-hosting ``` On some shared hostings cd /full/path/to/root andand bin/cake myshell myparam might not work. Instead you can use php /full/path/to/root/bin/cake.php myshell myparam. ```
# Sep 13th 2019, 08:30 conehead thank you but already found the answer
# Sep 13th 2019, 08:30 conehead Ah
# Sep 13th 2019, 08:29 info315 I guess adding Authentication Middleware and use the `Stateless Authenticators ` like an API key as HTTP Header or in the URL like `apikey=<key>` but this is only secure if HTTPS is used
# Sep 13th 2019, 08:26 conehead I am looking for a safe way to realize this
# Sep 13th 2019, 08:25 conehead I can NOT create a command and call that via console. Our host only allows to call URLs at given times