- install rpdb through pip
- import rpdb; rpdb.set_trace()
- telnet 127.0.0.1 4444
Оба - атака на пользователя, в отличие от SQL Injection (атака на сервер)
- цель - заставить браузер жертв(ы) исполнить код
Serhii Khoma srghma
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # connect | |
| ssh centos@pubip_or_dns | |
| ssh -i ~/.ssh/amazon/us-east-1 centos@pubip_or_dns | |
| # add local key | |
| paste ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys | |
| # filezilla | |
| https://forums.aws.amazon.com/thread.jspa?messageID=741338 but interactive |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function doAsyncOnSubmit(form, asyncFn) { | |
| const onSubmitFunction = async function(e) { | |
| e.preventDefault() | |
| form.off('submit', onSubmitFunction) | |
| const doSubmit = await asyncFn() | |
| if (doSubmit) { | |
| form.submit() |
srghma
/ 1.what I have learned, while doing XXX1.md
Last active
August 2, 2018 14:08
what I have learned, while doing XXX
ecommerce + news
- plain rails + jquery
- rectify for frontend (similar to https://github.com/BjornMelgaard/rails-bookstore)
- cocoon for rapid admin panel development
- stripe for payments
- gitlab ci for continuous integration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Solved questions: | |
| - how to send email after calling function? - postgres listen, notify | |
| Unsolved questions: | |
| - postgresql multidispatch functions? | |
| - how to upload image and save it in db? (maybe schema stitching) | |
| - rails like polymorphic relations? | |
| - how to make vdare like role permissions? |
make 2 example apps using mtl and effects that asks password:
- State - number of wrong passwords
- Reader - right password from file
- MonadLog - just log, enterleaving monad (should I implement liftLog? https://www.youtube.com/watch?v=8t8fjkISjus, https://hackage.haskell.org/package/transformers-base-0.4.4/docs/Control-Monad-Base.html)
- MonadThrow - throw on wrong
- MonadIO or MonadMock - tests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export DB_NAME= | |
| export DB_USER= | |
| mysqldump -p -u "$DB_USER" "$DB_NAME" | gzip > "$HOME/$DB_NAME-backup-$(date +%F).sql.gz" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bcrypt examples in ruby and php |
srghma
/ 0-ELFINDER TOKEN AUTHENTICATION, rails, tinymce, elfinder, nginx.md
Last active
February 18, 2022 22:06
ELFINDER TOKEN AUTHENTICATION, rails, tinymce, elfinder, nginx
This is an example of using elfinder with bcrypt tokens.
It works like this:
- backend and elfinder knows about secret token
- user can access elfinder on localhost:8000/elFinder/elfinder.html, but cant write without token
- backend adds hashed token to url only on some pages (admin panel for example)
- tinymce opens elfinder.html in iframe with hashed token, elfinder.html iframe pass this token to connector, connector validates token
- I use nginx to bypass cors issue
Sorry can provide more elaborate exmaple (proprietary software)
OlderNewer