Skip to content

Instantly share code, notes, and snippets.

View jmealo's full-sized avatar

Jeff Mealo jmealo

49 followers · 165 following
View GitHub Profile
@jmealo
jmealo / rls-security-multi-tennant.md
Last active January 20, 2025 12:25
How to safely allow arbitrary SQL queries in multi-tenant web applications

Can we use PostrgreSQL's row-level-security to enable arbitrary query execution security in secure multi-tenant web applications?

Can we break out and access another tenants information?

No, this is handled using schemas, ownership and roles (users). Using RLS does not impact leaking data between tenants. This allows us to give out SQL accounts that can run arbitrary queries without leaking data between tenants.

How can we protect against role or privileges escalation within a tenant?

Consider an application that has 3 user types (roles):

@wojons
wojons / openresty-luarocks.sh
Last active October 31, 2017 23:34 — forked from yagop/openresty-luarocks.sh
OpenResty + LuaRocks + Nchan
apt-get install -y libreadline-dev libncurses5-dev libpcre3-dev \
libssl-dev perl make build-essential
wget https://github.com/openresty/stream-lua-nginx-module/archive/v0.0.1.tar.gz \
-O /tmp/stream-lua-nginx-module-0.0.1.tar.gz
mkdir /tmp/stream-lua-nginx-module-0.0.1
tar xzvf /tmp/stream-lua-nginx-module-0.0.1.tar.gz -C /tmp/stream-lua-nginx-module-0.0.1
@Aghassi
Aghassi / docker-compose.yml
Last active July 18, 2024 17:29
LinuxServer Docker Compose: Plex, Sonarr, Radarr, NZBGet, Let's Encrypt, Time Machine
version: '2'
services:
plex:
image: linuxserver/plex
container_name: plex
volumes:
- /path/to/plex/config:/config
- /path/to/plex/Movies:/data/movies
- /path/to/plex/Shows:/data/tvshows
- /path/to/plex/transcode:/data/transcode
@saurabhnanda
saurabhnanda / tuning-postgres-zfs.md
Last active August 2, 2023 06:06
Tuning Postgres + ZFS

Tuning ZFS + Postgres to outperform EXT4 + Postgres

Please refer to ZFS 2-3x slower than EXT4 to see how ZFS defaults + Postgres defaults severely underperform EXT4 defaults + Postgres defaults (and also to know more about the system on which these benchmarks were performed). This page documents how to tune ZFS + Postgres to give better performance for the tpcb-like benchmark.

BIG FAT WARNING

Please do not copy these settings blindly because I am myself not clear on why/how these settings had the impact they did. For example, I cannot explain why full_page_writes=off independently did not give that much boost, nor did an optimized PG configuration. However, putting both of them together gave a 2-4x boost compared to baseline numbers.

Benchmark results

@Alby-o
Alby-o / image_converter.dart
Last active February 21, 2025 03:56
// imgLib -> Image package from https://pub.dartlang.org/packages/image
import 'package:image/image.dart' as imglib;
import 'package:camera/camera.dart';
Future<List<int>> convertImagetoPng(CameraImage image) async {
try {
imglib.Image img;
if (image.format.group == ImageFormatGroup.yuv420) {
img = _convertYUV420(image);
} else if (image.format.group == ImageFormatGroup.bgra8888) {
@slykar
slykar / docker-compose-hackintosh.md
Last active May 3, 2025 20:38
Docker and Docker Compose on AMD OSX Hackintosh via Docker Machine

Introduction

Docker.app will complain about incompatible processor, so we will use Docker Machine.

Instalation

Download Docker for Mac (Docker.app). It contains some binaries that are necessary.

brew install virtualbox docker-machine
@davidmankin
davidmankin / README.md
Last active February 27, 2024 03:31
home-assistant/supervisor Issue #4358 workaround
@jmealo
jmealo / install-steps
Last active November 6, 2024 14:02
Workaround for JetBrains and Electron-based Apps not rendering (black, pink or white) screen after waking from sleep on MacOS
brew install sleepwatcher
# write restart_apps.sh to ~/.wakeup
chmod +x ~/.wakeup
brew services start sleepwatcher
# your mileage may vary getting sleepwatcher to run the script, but, the script should work if executed manually