Published: May 25, 2019
If you read OSSEC’s installation documentation, you’ll learn that there are 4 installation types: server, agent, local and hybrid. While there’s no official documentation explaining this, per this Google Groups thread a local install is equivalent to a standalone install on a single system.
Published: May 24, 2019
Recently I needed to concatenate a string and an int in Go. Googling revealed an overwhelming number of options. I’ve gathered and organized all of them in this post, including full working examples for each.
Published: March 24, 2019
Enabling forced two-factor authentication for the Magento admin panel is a great way to improve security. However, with the current mechanics of Magento’s two-factor authentication module simply flipping the switch in your stores admin panel still leaves a gap in your system’s security.
Published: March 11, 2019
While reviewing a plan to introduce requirepass AUTH to a Redis instance prepared by a co-worker I came across the following note:
Will not set up init scripts, as starting/stopping Redis with AUTH directive enabled requires password
This didn’t smell right to me, so I decided to take a look at the issue with my co-worker.
Published: February 27, 2019
UI components are notoriously one of the most painful aspects of working with Magento 2.
I had some folks ask me about Magento 2's UI Component recently and realized everything I wrote about (now two years ago) has fled my head -- and I'm not sure I want to let it back in. https://t.co/Ubi9KVA1I0https://t.co/jtlTvuKEF9— Alan Storm (@alanstorm) August 28, 2018
One aspect that’s thrown me for a loop is the “magical data providers”. For example, if you look at
vendor/dotdigital/dotmailer-magento2-extension/view/adminhtml/ui_component/dotdigitalgroup_order_grid.xml you’ll see the following…
<dataSource name="order_report_grid_data_source"> <!--The data source--> <argument name="dataProvider" xsi:type="configurableObject"> <argument name="class" xsi:type="string">Magento\Framework\View\Element\UiComponent\DataProvider\DataProvider</argument> ...
But how could the
Magento\Framework\View\Element\UiComponent\DataProvider\DataProvider class be responsible for providing data to the order report grid?
Published: February 7, 2019
The topic of Magento module security has been heating up. Here are just a few things that have happened recently:
- Willem de Groot, the leading researcher tracking malware infections amongst the global Magento install base reported that Magento modules are now the main source of security breaches for Magento sites.
- In collaboration with several security-minded individuals (myself included) Willem also published, magevulndb, a repository tracking vulnerabilities in commonly used Magento modules.
- The topic of Magento module security is slated for discussion at the DevExchange at the upcoming Magento Live AU conference. The effort is being spearheaded by ExtDN
I have some strong thoughts on the matter which I haven’t been shy about sharing in the past…
So I think a requirement that @ext_dn should impose is around proper disclosure of vulnerabilities in modules.— Max Chadwick (@maxpchadwick) November 27, 2018
Here, I want to express them in long form.