This question already has answers here:
Making sphinx documentation private
(3 answers)
Closed 2 years ago.
Is there a way to password protect a website published using GitLab pages?
I tried adding an .htpasswd file to the root of the /pages directory, but that just makes the file available to everyone who goes to https://username.gitlab.io/mysite/.htpasswd.
GitLab now supports access control for pages in case of self managed GitLab instances:
https://docs.gitlab.com/ce/administration/pages/#access-control
Pages access control is currently disabled by default. To enable it, you must:
Enable it in /etc/gitlab/gitlab.rb
gitlab_pages['access_control'] = true
Reconfigure GitLab
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
My app can be installed many times on the same PC. The difference is the network path, from where installer was executed.
So, I generate the AppId dynamically using the hash of the path to the installer. In this way, if you're starting the installer from the same path, it gets the same appId and update will be done. If path is different, new instance will be installed.
I have a little problem also. The network path can be changed. Now user need to completely reinstall the app, otherwise after an update it gets a new AppId and it will be installed like a new app.
So I'm thinking about saving the first generated appId in a some file in the folder, from where installer will be executed and then get it from there.
The question is, if it is the right way to achieve all my needs.
Your users should not be changing the Installed directory (or network path as you say). After installing a Windows application I would not expect to be able to change the folder names and/or path C:/ProgramFiles/MyApp to C:/ProFil/MyAppChangedName and expect that application to still function correctly.
Where does your AppId currently exist (the Registry?) since you say that it is not currently in the Application's installed directory?
Does your current 'setup' work with multiple installations or is that also broken since the AppId only existing once with multiple installations?
It is not very common to have an Installer and expect to be able to install multiple instances on one computer. Normally the Registry changes and AppData directories would not play nice. But some application don't seem to mind (Eclipse, etc).
You could put your application IDs in a file/folder in the AppData folder and have a list of all the application IDs in that file to use for you updates. That way your AppIds are in a folder path (network path) that doesn't change.
Besides that it looks like you using a 3rd party application installation package 'Inno Setup'. I am not familiar, but should it not show the users the options of 'Repair', 'Update', 'Re-Install', 'Uninstall' etc when running the Installer a second time.
I assume the issue is that when you run the Installer you expect it to know whether to update and install 'new' without user interaction.
Usually to update an application is done within the application. Example: From within your application, File -> Update.
You could also add a Task Scheduler (Google adds one with Chrome) task to run the Update automatically every week etc.
I would expect an application to check for updates every time the user opens the application. If an update is needed you could check the folder path at that point (since it should be wherever the exe is currently running) and if it is not found the user could point you to the desired Application instance network path (folder path) to update.
So, I have a client who needs a website. Although he would like to edit the webpage when I put it into the web. So I am wondering how would it be possible for just my client to edit the website, and not any other users. In HTML, CSS, JS of course!
Thanks, Albert
How competent is you client? Here's a few way I can see someone who is decently competent at computers editing a website (I've used them all):
SSH: If the site is running on a server with SSH, your client can directly SSH into the server and edit files. Not highly recommended but this is the "easiest" way (May be able to use their text editor via an SFTP plugin too to edit files on the server).
Git: Attach the web root to a git repository. This way the client can edit whatever they want on a local copy on their machine, test it and then deploy it to production or test by SSHing into the server and updating the repo.
No SSH? Use FTP is download the files, edit them on local machine and then upload new version to server.
All these options assumes the client can use the tools needed (SSH, Git or FTP) and knows webdev.
consider using some CMS, like WordPress or Drupal, so your client can edit almost anything on website without digging into git-flow or other technologies. I guess if he knew how to do it, he wouldn't ask. Another option is to create web site on a platform like Wix (or similar), but in this case customisation will be limited by platform
This question already has answers here:
Subversion Obliterate feature
(4 answers)
Closed 8 years ago.
Short question:
I've been very stupid and accidently commited a file with a password (in plain text) in it that I really do NOT want on the SVN server.
So I panicked, deleted the password and commited again, but it's still in the log...
I permanently want to delete this password from the server, so it can't be retrieved by anyone anymore.
Is this possible?
If I revert to a version before the password and commit again, will it be deleted forever?
Reverting to version before & committing again will not help as log(history) is still maintained.
There is a Question and answer in FAQ of subversion
- http://subversion.apache.org/faq.html#removal
, it describes how you can remove a file from the repository's history. However it requires admin access to the SVN reporsitory.
Personally I suggest "change the password" as suggested in comments by Mitch.
Also another question on stack overflow is useful.
I run FCKEDITOR 6.x-2.3 on a drupal 6 website, a bunch of hacker team worked to see if there is any security issue on website and they found some vulnerabilities with FCKEDITOR, an anonymous user can upload files to the server using some uploader like this one to the server.
for an anonymouse user I can access direcotries such as:
sites/all/modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser.html
sites/all/modules/fckeditor/fckeditor/editor/filemanager/browser/default/frmupload.html
to upload my uploader file. is there a way to fix it? or I should forget about using FCKEDITOR or any other wysiwyg editors?
You can update your FCKEditor module (check: http://drupal.org/node/1482442)
Or,
you can use CKEditor instead of FCKEDITOR. See: http://drupal.org/project/ckeditor
I have faced similar security issue using CKEditor. And I have following the below steps:
Here is the process to update ckeditor and ckfinder:
Update CKeditor version 6.x—1.13
Download CK Finder latest version 2.3
Unzip the ckfinder in sites/all/module/contrib/ckeditor/ckfinder
Open /all/module/contrib/ckeditor/ckfinder/config.php
Comment out the CheckAuthentication() function
Add the below two lines
$baseUrl may differ depends on products.
Open /contrib/ckeditor/ckfinder/config.js
add the below lines:
Note: I would like to request all to prepare a set of allowed and denied extensions
One more additional issue: Add cookie_domain in sites/default/settings.php file.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
what is .htaccess file in php?
As per my research this file is used for Url rewrites.
It allows you to set or modify per-directory configuration settings without having to change configuration files or restart the server.
.htaccess allows you to micromanage permissions. Apache generally discourages its use unless it's overriding a general behavior since it can be slower (if parent folder does not contain .htaccess, it must then check the parent of parent folder for .htaccess on up to the root folder).
However that doesn't mean it can't be useful, simply that you must be tactful in its usage. Where general apache configuration is to a bulldoser, .htaccess would be to a shovel. Just know when to pick a bulldoser over a shovel and you'll be fine.
A decent article can be found here regarding .htaccess.