Is there a way to use code actions such as extract method and variable, as a guest while in a live share session?
I couldn't find any way of doing this in the docs.
Related
just as the topic says, i wanted to make a role based system in node-js. I got inspired by the system there is in discord. Can anyone please guide me
You can do that by using multiple tables helpers to make a graph an RBAC (Role Based Access Control) approach. This is an opinionated answer, so take a deep look, try it, and consider it.
Here the dbdiagram URL https://dbdiagram.io/d/5f5f2c007da1ea736e2dbe4c, I explain on the comment there
I am writing a desktop app using PyQt5 which uses the Wordnik API to get word definitions. I do not have server-side access, nor do I wish to invest in acquiring it. Is there any way I can reliably hide my key so I can share my program on GitHub?
At the very least you could store your API key in a separate source file (which you would exclude from the repository via .gitignore) and check for exceptions while importing that file (see this), alerting to provide own API key if that fails.
Storing the API key in a non-source configuration file is another option, but then your worries are in storing that file in a way that is not accessible to the end user of your application.
Unfortunately, no, our Wordnik terms of service don't allow for sharing keys where they are accessible by end-users. If your app is noncommercial you can share instructions for users to help them apply for and add their own Wordnik keys to their copy of the application (and this also helps you, in that your key won't hit our API limits based on your users).
If this is a commercial application, please get in touch with us (apiteam#wordnik) with more details about your use case as we are looking into how to make this easier. As a small nonprofit with limited engineering resources we can't promise a quick solution but since our mission is to find & share every English word we're always interested in learning more about how folks are using our API. :)
Thanks for using Wordnik!
In a nutshell: Shall I share oauth2-credentials in our source code with the scope of full write-access to a google drive from a dedicated single-purpose google-account?
so, I've written a python script which saves some data into either a pre-existing google-sheets file or creates a new google-sheets file into a given google drive folder (both of which are publicly editable for sharing purpose between teams).
For this I followed the steps and tutorials outlined by google and other sources whereafter I have obtained oauth2-credentials needed for my script to be authenticated with the google drive and google sheets API.
Those credentials are derived from a single-purpose google-account which I have created for this script.
Now I would like to share this script with other team-members but am unsure about how to proceed regarding the credentials; either:
A.)
I would incorporate the suggested google workflow which would let the
user of the script authenticate him/herself, i.e. the user starts the
script, then is directed to the google-authentication weblogin,
authenticates the script, and then the script would save and use those
credentials of the user for writing data into a public google-sheets
file (not necessarily a private one owned by the user).
This has the downsides that:
the user would trust my script with credentials which could enable it
to read/write all of the data of the user's drive account. While I do
not mean any harm of course, it still seems rather too much to ask
and be responsible for
it breaks the intended straight-forward workflow of my script.
is not necessary at all technically, because the script shall only
write into public sheets-files / drive folders; so why should it need
write-access to all the user's drive files?.
B.)
hardcode the credentials of our single-purpose account into the
script; which has the only downside that when the script's source code
would be shared, that anyone could obtain those credentials. But these
credentials would only enable an attacker to write/read data into the
account's google drive, but not take control over the whole account
itself due to the limitations of the scope of the oauth2 credentials
(I've used the "https://www.googleapis.com/auth/drive" scope).
Additionally, as said before, we would only use the script to
read/write data into public sheets-files which are owned by real
google-accounts, so never would we use the drive of the single-purpose
account and thus no attacker could destroy our data.
Thus, I am rather opting for option B, but I can't help the anxiety which comes from hardcoding publicly readable credentials...
What would you suggest?
We decided for option A: users need to create client_secret.json and credentials.json files themselves. It is unfortunately not the most straight forward, but the most secure one. Sharing credentials in a public repo is just a big no-go, no matter the details.
Also for the sake of completeness: another alternative would be to have our application running on a server where we could save the client_secret, so then a user would just be presented with a browser-popup where he/she would authorize our service.
But we don't follow that option either since the script shall only contain the core logic and it shall be a base for other to develop upon.
That's our motivation behind the decision.
I am trying to allow ssh users to be defined in Radius, but share a home directory, shell, etc. The idea is that all users share the same home directory and default shell (an application). I would like to avoid creating numerous accounts on the local machine (really a docker container) since their activity is constrained by the application. I think that I just need to replace the user database information, but I don't understand how to just override that part of the login activity. Has anyone else done this or should I be solving this a different way?
Ok, I am going to answer my own question. If you have better information, please contribute. This question might have been better in ServerFault, but as a programmer I spend more time on StackOverflow so I did not think of that.
The PAM library is useful for single sign-on, but it cannot replace the /etc/passwd file and related files. PAM and the other assets it brings in supplement the internal Linux info. So, while you can authenticate with a remote server like Radius, you will still have entries in /etc/passwd. The control flow is a list of rules in pam.conf and the top-level library works its way down the list letting each module (plug-in) do its work. Read 'man pam.conf' and 'man pam_mkhomedir' for good information on how this works.
A module implements 6 functions so it is very approachable to add new modules. See pam_deny.c for the simplest module.
Also, getpwnam is a function you may need in whatever it is you are trying to do. You can read about that using 'man getpwnam', but you probably already knew that.
I am trying to create a complete session managment in nodejs for logins, chat sessions etc.
I googled a lot and every solution that i got was with some framework/module. I don't want to use any module/framework. I would rather like to build my own solution for this:
So this is the plan:
I will set a session cookie on the client machine (yet to figure out how)
For each cookie, i will be maintaining a unique id in the database instead of files as is the case with php (i am using mongodb)
When a user opens the application, a cookie will be set, a entry will be made in database and corresponding information from the db will be fetched.
I am yet to lay a concrete plan for this. I wanted to know whether doing it this way is a good idea? i read somewhere....'Real men don't use any framework. They make everything on their own' :P
Please correct me if i am on a wrong direction. M just starting with these things....
I'm not aware of any node.js frameworks that are closed-source. Just pick one that seems to do what you want to do, download it, and study the source code to see how the developer implemented it. Then come up with your (perceived) improvement on how they did it. You'll probably find that implementing session management involves a whole bunch of nitpicky details that were never obvious to you.
Ignore all the above advice if this is a school assignment where you're not allowed to look at related code. If that's the case, I pity you because you have an incompetent teacher.