jmealo

SET search_path = 'mta-staging';

CREATE OR REPLACE FUNCTION ssas_guard_double_completion()
RETURNS trigger AS
$$
BEGIN
  -- Do not create a new active sparkpoint record if the sparkpoint has already been completed in another section
  PERFORM 1 FROM student_sparkpoint
           WHERE sparkpoint_id = NEW.sparkpoint_id
             AND student_id = NEW.student_id

jmealo

const MS_IN_DAY = 86400000;

// Pretend this is the start/end time for a phase
var startDate = new Date("01/24/1989 08:30:23"),
    endDate = new Date("01/31/1989 16:32:23"),

    // This will be provided by the API -- extracted from a Google Calendar/iCal feed
    daysOff = [
		new Date("01/26/1989"),
		new Date("01/27/1989")

jmealo

Folders

• A folder is a file with the MIME type application/vnd.google-apps.folder and with no extension.
• You can use the alias root to refer to the root folder anywhere a file ID is provided
• To insert a file in a particular folder, specify the correct ID in the parents property of the file.
• The parents property can be used when creating a folder as well to create a subfolder.
• To add or remove parents for an exiting file, use the addParents and removeParents query parameters by calling PATCH https://www.googleapis.com/drive/v3/files/${fileId}

Files

• When creating a batch of files, you can preallocate up to 1,000 UUIDs for use in create requests by calling GET https://www.googleapis.com/drive/v3/files/generateIds?count=${count}&space=drive This does not work when copying files.
• All you need is the fileId to copy a file. It does not matter whether or not the document was created by a user of the destination Google Apps domain.

jmealo

Can we use PostrgreSQL's row-level-security to enable arbitrary query execution security in secure multi-tenant web applications?

Can we break out and access another tenants information?

No, this is handled using schemas, ownership and roles (users). Using RLS does not impact leaking data between tenants. This allows us to give out SQL accounts that can run arbitrary queries without leaking data between tenants.

How can we protect against role or privileges escalation within a tenant?

Consider an application that has 3 user types (roles):

jmealo

CREATE OR REPLACE FUNCTION refresh_materialized_views() RETURNS VOID
AS
$body$
DECLARE
  result integer;
BEGIN
  EXECUTE (SELECT string_agg('REFRESH MATERIALIZED VIEW ' || oid::regclass::text, ';')
             FROM   pg_class
            WHERE  relkind = 'm');
  RETURN;

jmealo

{
  "endPoints": {
    "Sites": {
      "description": "Returns a list of District and School sites.",
      "method": "GET",
      "urls": [
        "https://<subdomain>.illuminateed.com/<root_dir>/rest_server.php/Api/Sites/"
      ],
      "responseExample": [
        {

jmealo

#!/bin/bash
cd /usr/share/postgresql/9.4/tsearch_data

wget https://stop-words.googlecode.com/files/stop-words-collection-2011.11.21.zip
unzip stop-words-collection-2011.11.21.zip
wget http://src.chromium.org/svn/trunk/deps/third_party/hunspell_dictionaries/en_US.dic
wget http://src.chromium.org/svn/trunk/deps/third_party/hunspell_dictionaries/en_US.dic_delta
wget http://src.chromium.org/svn/trunk/deps/third_party/hunspell_dictionaries/en_US.aff -O en_us.affix

# Remove first line

jmealo

[user]
name = Jeffrey Mealo
email = [email protected]

[credential]
helper = osxkeychain

[core]
autocrlf = input
excludesfile = /Users/jmealo/.gitignore_global

jmealo

#!/usr/bin/env node

var stdin = process.openStdin();

var data = "";

stdin.on('data', function(chunk) {
  data += chunk;
});

jmealo

// Insert this just after:         if (/move/i.test(verb)) { @ line 115
if (file.indexOf('___jb_bak___') !== -1) {
  verb = 'PUT';
  destination = destination.replace('___jb_bak___', '');
  file = destination;
  fileStream = fs.createReadStream(file);
  headers['Content-Length'] = fs.statSync(file).size;
}

/* Add the following entries to your config.json global ignore: