- Don't run as root.
- For sessions, set
httpOnly(andsecuretotrueif running over SSL) when setting cookies. - Use the Helmet for secure headers: https://github.com/evilpacket/helmet
- Enable
csrffor preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf - Don't use the deprecated
bodyParser()and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use thedeferproperty andpipe()the multipart upload stream to the intended destination.
Brian Detering DubFriend
eyston
/ graphql.js
Created
November 6, 2015 16:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let rootValue = { | |
| response: { | |
| timing: { | |
| fields: [] | |
| } | |
| } | |
| } | |
| const start = new Date().getTime(); | |
| return graphql(schema, query, rootValue, variables).then(response => { |
xcommerce-gists
/ How To Process Instant Payment Notification (IPN) Messages.php
Last active
January 4, 2023 19:37
PayPal IPN How To guide
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // STEP 1: read POST data | |
| // Reading POSTed data directly from $_POST causes serialization issues with array data in the POST. | |
| // Instead, read raw POST data from the input stream. | |
| $raw_post_data = file_get_contents('php://input'); | |
| $raw_post_array = explode('&', $raw_post_data); | |
| $myPost = array(); | |
| foreach ($raw_post_array as $keyval) { |
mrtorrent
/ mysql2sqlite.sh
Created
October 14, 2011 13:11
— forked from esperlu/mysql2sqlite.sh
MySQL to Sqlite converter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Converts a mysqldump file into a Sqlite 3 compatible file. It also extracts the MySQL `KEY xxxxx` from the | |
| # CREATE block and create them in separate commands _after_ all the INSERTs. | |
| # Awk is chosen because it's fast and portable. You can use gawk, original awk or even the lightning fast mawk. | |
| # The mysqldump file is traversed only once. | |
| # Usage: $ ./mysql2sqlite mysqldump-opts db-name | sqlite3 database.sqlite | |
| # Example: $ ./mysql2sqlite --no-data -u root -pMySecretPassWord myDbase | sqlite3 database.sqlite |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Converts a mysqldump file into a Sqlite 3 compatible file. It also extracts the MySQL `KEY xxxxx` from the | |
| # CREATE block and create them in separate commands _after_ all the INSERTs. | |
| # Awk is choosen because it's fast and portable. You can use gawk, original awk or even the lightning fast mawk. | |
| # The mysqldump file is traversed only once. | |
| # Usage: $ ./mysql2sqlite mysqldump-opts db-name | sqlite3 database.sqlite | |
| # Example: $ ./mysql2sqlite --no-data -u root -pMySecretPassWord myDbase | sqlite3 database.sqlite |