Skip to content

Instantly share code, notes, and snippets.

View sarveshseri's full-sized avatar

Sarvesh Kumar Singh sarveshseri

View GitHub Profile

tl;dr

  1. Don't run as root.
  2. For sessions, set httpOnly (and secure to true if running over SSL) when setting cookies.
  3. Use the Helmet for secure headers: https://github.com/evilpacket/helmet
  4. Enable csrf for preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf
  5. Don't use the deprecated bodyParser() and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use the defer property and pipe() the multipart upload stream to the intended destination.
# **************** READ THIS FIRST ******************
#
# This is not a script for you to run. I repeat, do not download and run this!
#
# This is only a guide to show the required steps for successful UEFI + GRUB2 installation
# Many of the choices are examples or assumptions; don't blindly type shit into your machine
# until/unless you at least read the comments around each command
#
# These steps assume you've booted in UEFI mode by preparing your USB stick per these instructions:
# https://wiki.archlinux.org/index.php/UEFI#Archiso