Skip to content

Instantly share code, notes, and snippets.

Rson the0ther

Block or report user

Report or block the0ther

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View security-checklist.md

Back to Contents

The Security Checklist

AUTHENTICATION SYSTEMS (Signup/Signin/2 Factor/Password reset)
  • Use HTTPS everywhere.
  • Store password hashes using Bcrypt (no salt necessary - Bcrypt does it for you).
  • Destroy the session identifier after logout.
  • Destroy all active sessions on reset password (or offer to).
@the0ther
the0ther / debug-curl-exec-slim.php
Created Oct 30, 2016
Debugging PHP Curl curl_exec() in Slim Framework
View debug-curl-exec-slim.php
<?php
// Routes
$app->post('/v1/entry', function ($request, $response) {
try {
// setup some sample php curl stuff
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://salsa4.salsalabs.com/save?json");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // in response to seeing 303 "See Other" status codes
$fields = array(
View getjson-and-eval-explained.js
function: getJSON(url, callback) {
var req = XMLHttpRequest();
var res = req.getData(url);
if (res.statusCode == 200) {
var dataBack = res.getData();
apply(callback, dataBack, a, b, c);
call(callback, []);
View gist:c2540a5dda74edb5575e29e7c1bf46e4
find /home/previewj/public_html -type f -printf "%p \t\t\t\t\t\t\t\t%s\n"
# this gives nice output of md5 and full file path
find /home/previewj/public_html -type f -exec md5sum "{}" + -printf "%p \t\t\t\t\t\t\t\t%s\n"
# does not give quite what we want
find /home/previewj/public_html -type f -printf "%p \t\t\t\t\t\t\t\t%s\n" -exec md5sum "{}" +
View remove-media-queries-and-add-back.js
var deletedRules = [];
function removeRule() {
if (typeof window.CSSMediaRule !== 'function') {
return false;
}
var styleSheets = document.styleSheets;
var number = 0;
if (!styleSheets) {
@the0ther
the0ther / remove-media-queries.js
Last active Sep 28, 2016
strip media queries
View remove-media-queries.js
var deletedRules = [];
function removeRule() {
if (typeof window.CSSMediaRule !== 'function') {
return false;
}
var styleSheets = document.styleSheets;
var number = 0;
if (!styleSheets) {
@the0ther
the0ther / README.md
Created Sep 15, 2016
Putting a Server Up and Installing Certificates Using Certbot (Let's Encrypt)
View README.md

Putting a Server Up and Installing Certificates Using Certbot (Let's Encrypt)

TL;DR

  1. Bring up a box on DO and setup DNS for www and non-www domains
  2. Install non-SSL Nginx config file on server
  3. Run Certbot to get 2 certificates (www and non-www)
  4. Install SSL Nginx config file
  5. Done
@the0ther
the0ther / non-ssl-conf
Created Sep 15, 2016
non-ssl nginx conf
View non-ssl-conf
server {
listen 80;
server_name PLACEHOLDER www.PLACEHOLDER;
root /srv/PLACEHOLDER;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
View first-conf.conf
server {
listen 80;
server_name bar-dev.joystickinteractive.com www.bar-dev.joystickinteractive.com;
root /srv/bar-dev.joystickinteractive.com;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
View ssl-conf
###############################################################################
#
# Before using this, find-and-replace through the file for "PLACEHOLDER" and
# replace it with your actual domain name you'd like to use.
#
###############################################################################
server {
listen 80;
server_name PLACEHOLDER www.PLACEHOLDER;
return 301 https://PLACEHOLDER$request_uri;
You can’t perform that action at this time.