Jeff Mealo jmealo

## gist:a84c4ed8424a50f716498d7e4e8f5f33

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jmealo
                / gist:a84c4ed8424a50f716498d7e4e8f5f33
            
            
              Created
              May 23, 2022 18:34
                — forked from imakewebthings/gist:65c2dc7cddec4f350a56adc2a6e957ed
            
              
                Github Markdown Heading Anchors
              
          
    test.thing

To create an anchor to a heading in github flavored markdown.
Add - characters between each word in the heading and wrap the value in  parens (#some-markdown-heading) so your link should look like so:
[create an anchor](#anchors-in-markdown)

  
## copy-triggers.sql
CREATE OR REPLACE FUNCTION copy_table_triggers(p_source_tablename text, p_dest_tablename text) RETURNS boolean
    LANGUAGE plpgsql
AS
$$
DECLARE
v_sql                   text;
v_trigger_list          record;

BEGIN
-- Triggers

## openresty-nchan-redis-luarocks.sh
#!/bin/sh

apt-get install -y libreadline-dev libncurses5-dev libpcre3-dev \
                   libssl-dev perl make build-essential git curl \
                   unzip

git clone https://github.com/RedisLabsModules/password.git /tmp/password
git clone https://github.com/RedisLabsModules/rebloom.git /tmp/rebloom
git clone https://github.com/RedisLabsModules/redis-graph.git /tmp/redis-graph

## rls-security-multi-tennant.md

      
              1 file
            
          
              0 forks
            
          
              4 comments
            
          
              1 star
            
          
                jmealo
                / rls-security-multi-tennant.md
            
            
              Last active
              June 20, 2019 17:34
            
              
                How to safely allow arbitrary SQL queries in multi-tenant web applications
              
          
    Can we use PostrgreSQL's row-level-security to enable arbitrary query execution security in secure multi-tenant web applications?

Can we break out and access another tenants information?

No, this is handled using schemas, ownership and roles (users). Using RLS does not impact leaking data
between tenants. This allows us to give out SQL accounts that can run arbitrary queries without leaking data between
tenants.
How can we protect against role or privileges escalation within a tenant?

Consider an application that has 3 user types (roles):


## FCM_message_single_device_curl_command.txt
curl -i -H 'Content-type: application/json' -H 'Authorization: key=<your_server_key>' -XPOST https://fcm.googleapis.com/fcm/send -d '{
  "registration_ids":["registration_ids", "of the", "target", "devices as array"],
  "notification": {
      "title":"Title of your notification",
      "body":"content of your notification"
  },
  "data": {
    "key1" : "value1",
    "key2" : "value2",
    "key3" : 23.56565,

## ccd_schools_to_sql.sh
#!/bin/bash -e

apt-get install -y wget unzip recode
wget -nc https://nces.ed.gov/ccd/Data/zip/ccd_sch_029_1516_txt_prel_tab.zip
unzip -o ccd_sch_029_1516_txt_prel_tab.zip
recode ISO-8859-15..UTF8 /tmp/ccd_sch_029_1516_txt_prel.tab

#EXPLAIN ANALYZE select sch_name, lea_name, ncessch, website, updated_status, charter_text, ts_rank(search, to_tsquery('simple', 'Michi:*')) AS rank FROM ccd_schools ORDER BY rank DESC LIMIT 100;
#EXPLAIN ANALYZE WITH results AS (select sch_name, lea_name, ncessch, website, updated_status, charter_text, search FROM ccd_schools WHERE search @@ to_tsquery('simple', 'Michi:*')) SELECT *, ts_rank(search, to_tsquery('simple', 'Michi:*')) AS rank FROM results ORDER BY rank DESC LIMIT 100;

## grade-wired-aq-test.js
// This is an attempt at doing things the most obvious way with an
// emphasis on readability ... It's not clever but it's still not obvious
// what we're doing. It also requires you to know both javascript and
// CSS selectors

var addIfAgreed = [
  2, 4, 5, 6, 7, 9, 12, 13, 16, 18, 19, 20, 21, 22, 23, 26, 33, 35, 39, 41,
  42, 43, 45, 46
]

## openresty-http2-pagespeed-install.sh
#!/bin/bash
set -o errexit
clear

# Set versions. Check http://openresty.org for latest version and bundled version of nginx.
OPENRESTY_VERSION=1.11.2.2
NGINX_VERSION=1.11.2
OPENSSL_VERSION=1.1.0c
NPS_VERSION=1.11.33.4

## prevent-double-credit-trigger.sql
SET search_path = 'mta-staging';

CREATE OR REPLACE FUNCTION ssas_guard_double_completion()
RETURNS trigger AS
$$
BEGIN
  -- Do not create a new active sparkpoint record if the sparkpoint has already been completed in another section
  PERFORM 1 FROM student_sparkpoint
           WHERE sparkpoint_id = NEW.sparkpoint_id
             AND student_id = NEW.student_id

## date-functions.js
const MS_IN_DAY = 86400000;

// Pretend this is the start/end time for a phase
var startDate = new Date("01/24/1989 08:30:23"),
    endDate = new Date("01/31/1989 16:32:23"),

    // This will be provided by the API -- extracted from a Google Calendar/iCal feed
    daysOff = [
		new Date("01/26/1989"),
		new Date("01/27/1989")
	CREATE OR REPLACE FUNCTION copy_table_triggers(p_source_tablename text, p_dest_tablename text) RETURNS boolean
	LANGUAGE plpgsql
	AS
	$$
	DECLARE
	v_sql text;
	v_trigger_list record;

	BEGIN
	-- Triggers
	#!/bin/sh

	apt-get install -y libreadline-dev libncurses5-dev libpcre3-dev \
	libssl-dev perl make build-essential git curl \
	unzip

	git clone https://github.com/RedisLabsModules/password.git /tmp/password
	git clone https://github.com/RedisLabsModules/rebloom.git /tmp/rebloom
	git clone https://github.com/RedisLabsModules/redis-graph.git /tmp/redis-graph
	curl -i -H 'Content-type: application/json' -H 'Authorization: key=<your_server_key>' -XPOST https://fcm.googleapis.com/fcm/send -d '{
	"registration_ids":["registration_ids", "of the", "target", "devices as array"],
	"notification": {
	"title":"Title of your notification",
	"body":"content of your notification"
	},
	"data": {
	"key1" : "value1",
	"key2" : "value2",
	"key3" : 23.56565,
	#!/bin/bash -e

	apt-get install -y wget unzip recode
	wget -nc https://nces.ed.gov/ccd/Data/zip/ccd_sch_029_1516_txt_prel_tab.zip
	unzip -o ccd_sch_029_1516_txt_prel_tab.zip
	recode ISO-8859-15..UTF8 /tmp/ccd_sch_029_1516_txt_prel.tab

	#EXPLAIN ANALYZE select sch_name, lea_name, ncessch, website, updated_status, charter_text, ts_rank(search, to_tsquery('simple', 'Michi:*')) AS rank FROM ccd_schools ORDER BY rank DESC LIMIT 100;
	#EXPLAIN ANALYZE WITH results AS (select sch_name, lea_name, ncessch, website, updated_status, charter_text, search FROM ccd_schools WHERE search @@ to_tsquery('simple', 'Michi:')) SELECT , ts_rank(search, to_tsquery('simple', 'Michi:*')) AS rank FROM results ORDER BY rank DESC LIMIT 100;
	// This is an attempt at doing things the most obvious way with an
	// emphasis on readability ... It's not clever but it's still not obvious
	// what we're doing. It also requires you to know both javascript and
	// CSS selectors

	var addIfAgreed = [
	2, 4, 5, 6, 7, 9, 12, 13, 16, 18, 19, 20, 21, 22, 23, 26, 33, 35, 39, 41,
	42, 43, 45, 46
	]
	#!/bin/bash
	set -o errexit
	clear

	# Set versions. Check http://openresty.org for latest version and bundled version of nginx.
	OPENRESTY_VERSION=1.11.2.2
	NGINX_VERSION=1.11.2
	OPENSSL_VERSION=1.1.0c
	NPS_VERSION=1.11.33.4
	SET search_path = 'mta-staging';

	CREATE OR REPLACE FUNCTION ssas_guard_double_completion()
	RETURNS trigger AS
	$$
	BEGIN
	-- Do not create a new active sparkpoint record if the sparkpoint has already been completed in another section
	PERFORM 1 FROM student_sparkpoint
	WHERE sparkpoint_id = NEW.sparkpoint_id
	AND student_id = NEW.student_id
	const MS_IN_DAY = 86400000;

	// Pretend this is the start/end time for a phase
	var startDate = new Date("01/24/1989 08:30:23"),
	endDate = new Date("01/31/1989 16:32:23"),

	// This will be provided by the API -- extracted from a Google Calendar/iCal feed
	daysOff = [
	new Date("01/26/1989"),
	new Date("01/27/1989")