My webhost, iPage, has not yet made bcrypt available for cgi scripts, and because it's not my server I can't install bcrypt myself using pip or easyinstall etc. My question is, would it be possible to download the bcrypt tarball to my pc and unzip and load the directories and files to my iPage site tree myself? Thanks!
Bcrypt is just a standard that can be implemented in different ways.
I'm not familiar with "iPage" but it sounds like you only have file access.
All you need to do is find a library that implements bcrypt in whatever cgi scripting language you are using, and then include and use it in your code.
For example if you are using php, you will look for a php library that offers bcrypt. You might find this library which implements bcrypt in php. All you need to do is add the password.php under the lib directory to your site, then in your php scripts that need bcrypt simply require the new file and you should be able to use its functions. See the library documentation for information on that.
Related
I want to use avatar in my faker users seeding and I try to use https://github.com/ottaviano/faker-gravatar
But I got error trying to install it :
[InvalidArgumentException]
Package ottaviano/faker-gravatar has a PHP requirement incompatible with your PHP version, PHP extensions and Composer version:
- ottaviano/faker-gravatar 0.1.2 requires php ^7.1 which does not match your installed version 8.1.0.
Looks like it does not support php 8...
Are there similar pluging supporting php 8 ?
Or maybe I can tune this plugin to work under php 8?
Thanks in advance!
You could create an issue on the repo and request that the maintainer update the package to support PHP 8. Alternatively you could fork the repo and either maintain that fork yourself, or create a pull request once you've updated the package.
With the above in mind though, something to note is that package is using an abandoned faker library. There is a new fork that is recommended for use but does not have a gravatar provider.
You could write your own provider for the newer faker library or alternatively go down the very simple route of just implementing a statement to generate a gravatar yourself.
'https://www.gravatar.com/avatar/' . md5(strtolower(trim($faker->email()))) . '?d=identicon';
The above will look for an existing gravatar for the provided email address and return that if it finds one, otherwise will return a default gravatar image which in my example is a geometric pattern based on the email hash.
Whilst this solution might not be as flexible as the package in your question, if all you're after is a gravatar and don't care whether it's isometric or a robot (see default images in the API docs for changing the default image generated) then something simple like this might be all you need.
I need to encrypt a block of data using AES-128-ECB and would like to do so with libsodium and Ruby. I have prototyped a solution in Ruby using OpenSSL APIs as shown below:
aes = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
aes.encrypt
aes.key = key
aes.update(data) + aes.final
This works, but I need other features from libsodium, so I would like to use it instead and get rid of my dependency on OpenSSL. Unfortunately, I don't see any APIs for ECB mode. I am also using the ruby wrapper RbNaCl, but I don't even see any way to do this using the base libsodium APIs. I do see ones for AES-128-CTR.
Is it possible to encrypt AES-128-ECB with libsodium?
libsodium intentionally doesn't support the ECB mode.
In this mode, the same block encrypted twice produces the same ciphertext twice.
A classic illustration of why this is terrible from a security perspective is the ECB penguin.
Instead of providing many primitives, modes and parameters to choose from, with many combinations actually being insecure, libsodium provides a cherry-picked set of secure constructions.
AES-ECB is not one of them, and will never be for the reasons stated above.
You really should switch to a different construction.
Is it possible to use Npm-Modules on client-side?
More specifically:
I want to use node.js built-in crypto-module for encrypting a password the user enters and then send the encrypted password with a signature(/hmac) to my server.
I need to do it that way, because I must be able to retrieve the original password server-side, because afterwards I'm going to send it to a ldap-server, because the user should authenticate with the same username/password he is registered with on that server.
This is what I did:
created in packages/crypto/:
-package.js:
Package.on_use(function(api) { api.add_files('crypto.js',['server','client']);});
-crypto.js:
crypto = Npm.require("crypto");
It works fine on the server, but on the client it says "Reference Error: Npm is not defined".
So, is it possible to use the crypto-module on client-side?
Are there any alternatives for achieving this goal?
Thank you!
Edit:
Is there any good alternative for getting the password to the server in a secure way, so that the server can retrieve the original password?
I think doing the ldap()-request on the client-side (like:
if(checkLdap(usrname,password)){<login>} else{fail}) can be easily bypassed?
You can try to add the js-files you need on client-side from .npm folder under crypto's package directory.
So, your package.js file might look like this:
Package.describe({
summary: 'Description of your crypto package'
});
Npm.depends({
'crypto': '1.0.0'
});
Package.on_use(function (api) {
api.add_files('crypto.js', 'server');
api.add_files('.npm/node_modules/crypto/crypto.js', 'client');
});
You can use https://github.com/elidoran/cosmos-browserify now to archive this. I used wrapped packages before and it was real pain to update them and to create new ones. Now with browserify support I can include library with just several lines of code. See their example how to do it. I don't publish it here as it may be subject of change.
Its not possible to use Npm modules on the client side since Npm modules are extensions via node.js which only runs on the server end.
If you want to use a file like crypto you would have to make a client side only version and put it in /client/lib of your Meteor app
While this may be possible officially, Meteor doesn't support this.
You would have to include requirejs manually using this project: https://github.com/apendua/require
You can use browserify to build a .js bundle with all all the Npm modules you want on the client side. See:
2013 Meteor NPM Packages
I'm using Ruby and the Savon gem to interact with SOAP/WS and would like to auto-generate the client request methods from the WSDL in Ruby.
Before I do this, I'd like to know if there's any other Ruby/SOAP library that does this?
Edit: Please note, I already know this isn't available in Savon out the box, in fact my intention is to add in the feature, I'm in the process checking if this exists somewhere else written in Ruby.
Since it's only few days since you asked this question, and I've run into same problem I've decided to create small script to do that.
Download - save as objects.rb for example and run with _bunde exec objects.rb path_to.wsdl_
https://gist.github.com/4622792
Let me know if it works ^^
Take a look at Savon's spec, it has pretty rich testing environment
I think ads_common by Google is relevant to you.
google-api-ads-ruby/ads_common at master · googleads/google-api-ads-ruby
rake generate can create the client libraries automatically from WSDL.
It is specialized for Google Ads, but this notion would be helpful to create a versatile client library automatically from WSDL in Ruby.
Do you need to have ruby installed on your server to run Sparkle Framework? From what I understand, the framework just looks for the xml RSS feed on the server and that's it. Am I correct?
From the documentation:
Sign your update (unless you’re hosting your update over SSL):
Sparkle includes a script to help you sign your update.
(from the Sparkle distribution root):
ruby "Extras/Signing Tools/sign_update.rb" path_to_your_update.zip path_to_your_dsa_priv.pem
The string outputted is your update’s DSA signature; you’ll add this as an attribute to your enclosure in the next step.
So, the only reason you would need Ruby is to use the included signing script if you are not distributing your update through a secure connection.