As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I'm changing my app to allow vanity user url:
http://domain.com/username
I am trying to find out what are the common names that should be prevented from the user to register, such as: phpmyadmin, password, username, about, contact, support, etc.
Best if there is a list available, but I haven't been able to find one.
Thanks.
I think you could allow any name as long as it doesn't conflict with another page on your site. You may want to consider the following just to prevent such conflicts:
http://domain.com/user/username
That way you could still use
http://domain.com/about
http://domain.com/contact
for your own URLs.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
Need to implement user/group management in node.js. Any good frameworks out there? Looked a little into passport.js, which seems to have authentication down down. Just not sure user/group stuff is built in. I can build my own users/groups and do auth with passport.js. Just wondering if there is something out there that I don't know about. Thanks!
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Several sites (I remember Yahoo did this too, back when I used my Yahoo account) such as Bank of America show a SiteKey or similar image the user chooses after they enter their username, but before they enter their password. Ostensibly, this ensures the login page is unique to each user, and therefore a phisher can't just show a static login page that looks like the bank's site, but what's stopping them from simply hitting the bank's site in the background and forwarding the image (or other security challenge) right to the user? I'll grant, it makes the phisher's job slightly harder, but it really doesn't seem that valuable to me. What's the rationale for this behavior?
If a single server keeps hitting their site requesting the images for different userids (especially one where the users haven't logged in from before), it will be pretty suspicious, so it's harder for a Phisher to hide.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I have a production web service built with Node JS(HTTP Server) on a Linux box with a HAProxy Load Balancer and wanted some kind of graphical tool to do live reporting on the server. I specially wanted to look at requests/min, request failures, etc. Anything out there people would suggest. I need something non-intrusive b/c I will be handling 20mil+ requests a day.
Have you looked at cube (https://github.com/square/cube), graphite/carbon (http://graphite.wikidot.com/) or opentsdb for such data monitoring/display?
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I have a Zend framework site running and somebody actually managed to upload 2 php scripts in the ZF public folder.
I've changed the password to cpanel including ftp, database etc.
But how can I prevent this from happening again?
If it is possible to access pgrfilemanager without a login then users can easily upload whatever files they want to your site. You'll need to find a way to secure that script, either by including your ZF login check inside of it somehow, or by securing it with a htaccess style login instead (probably easier).
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Is JSF being used in the enterprise, or at least growing in use?
We're using it at my company in an 'Enterprise' way, I know the previous two companies I've worked at have used it in various projects. The only other framework which was more popular was Struts 1.
This page gives some 'real world' JSF links.
Yes, it's being used.
Is the use widespread? I don't think so. It's probably being used more than Wicket but less than Spring MVC, at least from conversations with my own peers.