| Cross-site request forgery attacks (CSRF or XSRF for short) works by an attacker gaining access to a victim’s browser – typically through a malicious link. An attack targets Web applications failing to differentiate between valid requests and forged(maliciously crafted, unauthorized) requests controlled by the attacker. Successful CSRF attacks can have serious consequences. Such as initiating bank transactions, purchasing an online good, Reset a password etc,. | |
| How does a CSRF attack work? | |
| On their own (phishing site), an attacker could create an button or form that creates a request against your bank site: | |
| <form action="https://vulnerable-website.com/password/change" method="POST"> | |
| <button type="submit">Click here for free Pizza!</button> | |
| </form> |
| stages: | |
| - build | |
| - deploy | |
| # Job One for making build | |
| build: | |
| image: node:14.15 | |
| stage: build | |
| script: | |
| - npm i @angular/compiler-cli@13.2 |
When hosting our web applications, we often have one public IP
address (i.e., an IP address visible to the outside world)
using which we want to host multiple web apps. For example, one
may wants to host three different web apps respectively for
example1.com, example2.com, and example1.com/images on
the same machine using a single IP address.
How can we do that? Well, the good news is Internet browsers
| In my case, the problem I had was that I registered a mail subdomain (e.g., mail.company.com) with Mailgun but was creating the records for company.com (not mail.company.com). Instead of creating a mail.company.com domain I entered the records as follows (taking from your example): | |
| company.com | |
| RECORD TYPE NAME VALUE | |
| TXT mail “v=spf1 include:mailgun.org ~all” | |
| TXT pic._domainkey.mail “k=rsa; p=165CHARACTERPASSWORDSTRING” | |
| CNAME email.mail mailgun.org. | |
| # Proxy configuration | |
| proxy_http_version 1.1; | |
| proxy_ignore_headers 'Set-Cookie'; | |
| proxy_buffering off; | |
| proxy_intercept_errors on; | |
| proxy_method GET; | |
| proxy_set_header Host 'bucket.s3-website-sa-east-1.amazonaws.com'; | |
| proxy_set_header Authorization ''; | |
| proxy_hide_header x-amz-id-2; | |
| proxy_hide_header x-amz-request-id; |
| #!/bin/sh | |
| # Make sure to: | |
| # 1) Name this file `backup.sh` and place it in /home/ubuntu | |
| # 2) Run sudo apt-get install awscli to install the AWSCLI | |
| # 3) Run aws configure (enter s3-authorized IAM user and specify region) | |
| # 4) Fill in DB host + name | |
| # 5) Create S3 bucket for the backups and fill it in below (set a lifecycle rule to expire files older than X days in the bucket) | |
| # 6) Run chmod +x backup.sh | |
| # 7) Test it out via ./backup.sh |
| var admin = require("firebase-admin"); | |
| var serviceAccount = require("../controllers/updated_key_iot.json"); | |
| admin.initializeApp({credential: admin.credential.cert(serviceAccount), | |
| databaseURL: "https://your-domain.firebaseio.com"}); | |
| var registrationToken = "deviceRegisterationToken-generates-from-ios-application"; | |
| var payload={ notification:{ | |
| title: "Have a great weekend",} }; | |
| var options = { priority: "high", | |
| timeTolive: 60*60*24 | |
| }; |
| Hello world |
| [Unit] | |
| Description=supervisord - Supervisor process control system for UNIX | |
| Documentation=http://supervisord.org | |
| After=network.target | |
| [Service] | |
| Type=forking | |
| ExecStart=/bin/supervisord -c /etc/supervisord/supervisord.conf | |
| ExecReload=/bin/supervisorctl reload | |
| ExecStop=/bin/supervisorctl shutdown |