Messages

76

Français / Re: Problème avec Google Nest

« on: July 01, 2020, 05:53:28 PM »

non ca ne repond pas à ma question

 tu es sous quel systeme windows?

sur ton pc dans les propriétés réseaux il faut regarder l'état de la carte pour y trouver son ip locale sur le reseau

j'ai omis de poser une question importante:
quand ton pc est connecté sur le hub as tu un acces normal à internet avec le navigateur?

77

Français / Re: Problème avec Google Nest

« on: July 01, 2020, 04:14:54 PM »

enfin un peu de travail avec un compatriote 

j'ai regardé ce qu'était ce NEST HUB pour pas poser des questions idiotes 

tu pourrais faire un schéma du cablage avec tes différents appareils connectés box, cpl, nest, et ordi  (pas les autres) en les liant avec des lignes en indiquant aussi  les ip à chaque point de jonctions

ton reseau  box est en dhcp 192.198.1.x  donc  le NEST prend aussi  une ip similaire lorsque qu'il es connecté à la box ( le mieux est de lui affecter une ip statique ou un bail statique avec son adresse mac dans la config de la box,

  mais est-ce que le hub fournit aussi un dhcp pour les appareils qui se connectents dessus?? il ne faut pas dans ce cas que l'ip soit du meme type que la box mais par exemple en 192.168.2.x

voir la configuration du hub en mode pont
https://support.google.com/googlenest/answer/6240987?hl=fr


ensuite sur la config du nest établir des routages avec les mêmes ports en entrée et sortie du NEST
https://support.google.com/googlenest/answer/6274503?hl=fr

je conseille toujours de mettre le PC sur lequel est le serveur avec une ip fixe V4

desactiver l'utilisation de l'IP V6 pour maitriser la chaine de test

dans la situation précédente  le pc sera en  192.168.2.x masque 255.255.255.0 , les dns 192.168.2.1 et 192.168.1.1 dans cet ordre

en cas de pc equipé à la fois en rj45 et wifi , il est possible de tester en wifi direct sur la box ou en rj45 par le hub en choisissant bien sur l'ip en fonction du point de connexion

pour tester l'acces à hfs il faut utiliser une tablette ou pc relié direct à la box et utiliser l'url  http://pc-HFS:port/ pour controler que la regle nat du hub est bonne

tu dis que t'utilise le cable du pc pour alimenter le hub, le cable va du hub direct à la box ou branché sur le cpl, s'il reste un port rj45 de libre sur la box te manque-til simplement un cable pour y brancher ton pc?

autre solution , l'utilisation d'un petit switch 10/100/1000 sur  le cable venant de la box et y brancher le hub et le pc  en rj45
 d'ou la necessité d'un bon shéma explicatif 

à lire aussi https://support.google.com/googlenest/thread/23987591?hl=fr

78

Programmers corner / Re: Encrypt password between client and server

« on: June 18, 2020, 01:19:22 AM »

Currently when we change our password, the password sent to client is not encrypted.
When we login, the password is dealt with sha256. But if hacker hijacked the result, he can still do things with correct ajax method.

So beside https, how to get the best effect of encryption between client and server?
I think, The message sent between client and server should be hard to deal.
And we should find a way, to send password/encryption-related message without/cannot fully seen by hacker.

Scripting command: Data manipulation maybe useful as there are some mathematical things.
Additionally, {.get account||password.} can get original password, {.sha256|A.} can make it undiscoverable, {.time|yyyymmddhhMMss.} can get a timestamp...

Anyone can share a bit suggestions?

look at this post
http://rejetto.com/forum/index.php?topic=13326.msg1066139#msg1066139

79

Beta / Re: 2.4 template-making guide

« on: June 18, 2020, 12:39:28 AM »

you are right, but there's a reason for it: i marked them public in case other templates want to use them by url

~ is a valid character for files, so introducing this feature was a debatable decision, i prefer to not extend it to folders.
it is also not necessary because you can use use ?mode=section with folders.

add attached file ( which contain "this is the file" ) to root of vfs

add this section in the tpl

[test|public]
this is a section

go to this url
127.0.0.1/~test 

pay attention to the result: a recording is proposed, record in any directory and then examine the content

the file has priority over the section  whatever the chosen location.
among others:
"because we must  use use ?mode=section with folders", the name must appear in the url like all names starting with ajax.
but  all ajax sections can be made non-public for the benefit of a single section by using some changes

[ajax|public|no log]
{.check session.}
{.$ajax.{.postvar|method.}.}


[ajax.mkdir|public|no log]

[ajax.rename|public|no log]

[ajax.move|public|no log]

[ajax.comment|public|no log]

[ajax.changepwd|public|no log]

function ajax(method, data, cb) {
    if (!data)
        data = {};
    data.method = method;   
    data.token = HFS.sid; // avoid CSRF attacks
    showLoading()
    // calling this section 'under' the current folder will affect permissions commands like {.get|can delete.}
   return $.post("?mode=section&id=ajax", data).then(function(){
        if (cb)
            showLoading(false)
        ;(cb||getStdAjaxCB()).apply(this,arguments)
    }, ajaxError);
}//ajax



also added an example of a new method for changing the password, including the need for the old password and confirmation of the new one to validate the action, naturally the old password is encrypted when sent and compared by hfs to validate the new one.
it is not possible to use complex encryption for the new one but it does not appear in plain text when sent

the big advantage is that it avoids accidentally changing the current password
moving the mouse over the eyes to the right of the input fields allows you to view their content

80

Beta / Re: 2.4 template-making guide

« on: June 17, 2020, 05:49:27 PM »

some sections do not need to be with public attribute because they are already included by a macro call in a public section ~style.css, ~lib.js

[icons.css|public|no log|cache]  --> {.$icons.css.}
[normalize.css|public|no log|cache]  --> {.$normalize.css.}
[sha256.js|public]  --> {.$sha256.js.}

another thing needs probably to be extended

public sections are called mainly with the reference / ~ sectionname, however in a diff template this type of section may have to be completely redefined.
Due to the inheritance principle this section is available from anywhere in the vfs using the macro {.section | sectionname.} But should also be available by adding ~ sectionname to the url of any folder element vfs as example http://127.0.0.1/New%20folder%20(2)/~test

81

Beta / Re: 2.4 template-making guide

« on: June 14, 2020, 09:46:59 AM »

wouldn't it be simpler to name the accessible sections by url by preceding their name with ~( except for [] ) as [~login]

this would no longer pose a problem of interpretation and unnecessary option writing

the rest of the other sections could have their name coded to access them  url or form requests

82

Beta / Re: version 2.4

« on: June 10, 2020, 11:38:38 PM »

in the version of silentpliz using stunnel, he introduced a tab on the main page to manage the creation of such a certificate,

one solution would be to integrate it as a tab in the options or as an additional module, we could easily create his own certificate, and use it either to configure stunnel.conf or nginx.conf without using an external program.

 for the transmission of change password you should consider a solution like my encryption in the absence of a certificate, and abandon sending it by your old method

I think that with the help of silentpliz we could manage to offer you a module that would be easily integrated into hfs

83

Bug reports / Re: unimportant leaks through to error section

« on: June 10, 2020, 11:24:01 PM »

mars, i didn't know you like regexp. Good job

{.if not|%user%|{:{.if|{.match|^\/([Ff]ile(\/)?)?$|%url%.}|{:{.disconnect.}:}.}:}.}

or

{.if|{.and|{.not|%user%.}|{.match|^\/([Ff]ile(\/)?)?$|%url%.}.}|{:{.disconnect.}:}.}

and for fun i discovered that in this case you can even do like this

{.{.if|{.and|{.not|%user%.}|{.match|^\/([Ff]ile(\/)?)?$|%url%.}.}|disconnect.} .}

thanks for the compliment but the regexp are hard to digest for my mind

your last example can't work, it's a false positive, this example proves it

[test]
start
{.{.if|%user%|stop server.} .}
{.add to log|all is good.}
end


in your second line the expression {.match|^\/([Ff]ile(\/)?)?$|%url%.}  is always evaluated, which can have an influence on the rest of the script (duration or content)

the first one seems the best choice in terms of evaluations

{.if not|%user%   |{:
   {.if|{.match|^\/([Ff]ile(\/)?)?$|%url%.}|{:{.disconnect.}:}.}
:}.}

similar to

if not (%user%) then
   if match('^\/([Ff]ile(\/)?)?$', %url%) then
      disconnect();
 

84

Beta / Re: version 2.4

« on: June 10, 2020, 09:41:04 PM »

 

here is what to test its use in the password change by "form"

old password
new password
confirm password

Passing over the eyes with the mouse the passwords are displayed in clear


positioning the mouse at eye level the passwords are displayed in clear



the old password is not sent in clear but its sha256 is combined with the new and sha256 of the confirmation to check the validity at the server level by macros

everything takes place in the template and only requires the existence of the macro sha256

it's not the best we can do, but it's better than a clear password, and it allows accidental password change if we don't know the old one, the rest will come later when RSA becomes available jointly using the certificate for HTTPS

85

Beta / Re: version 2.4

« on: June 10, 2020, 07:27:39 PM »

could you add this macro in scriptlib.pas during the new release of hfs
it is to allow an intercation with the function sha256(s) that you placed in the template

sure, next release

because,
first: you promised
secondly: failing  to be able to use rsa client-server encryption, this is useful for validating an exchange of encrypted passwords

I thought of inserting the data to be transmitted in a zip protected by a sha256 based on the connection pass, but it requires too many resources to add in javascript and in hfs

86

Bug reports / Re: unimportant leaks through to error section

« on: June 10, 2020, 05:23:10 PM »

sugestion...

{.if|!%user%|{:{.if|{.%url% = /.}|{:{.disconnect.}:}.}:}.}{.if|!%user%|{:{.if|{.%url% = /file.}|{:{.disconnect.}:}.}:}.}{.if|!%user%|{:{.if|{.%url% = /File.}|{:{.disconnect.}:}.}:}.}

replaced by :

{.if|!%user%|{:{.if|{.match|^\/([Ff]ile(\/)?)?$|%url%.}|{:{.disconnect.}:}.}:}.}

can be tested at  https://regexr.com/ or https://regex101.com/tests

mask = ^\/([Ff]ile(\/)?)?$

working text
/
/file
/file/
/File
/File/

87

Beta / Re: version 2.4

« on: June 10, 2020, 04:48:54 PM »

Me not happy, rejetto forget sugar in coffee 

Missing  macro 'sha256' in rc2

Waiting quickly rc3

88

Beta / Re: version 2.4

« on: June 09, 2020, 10:20:13 AM »

any external connection made through stunnel is seen as a local connection in 127.0.0.1 by hfs, it is impossible to go back to the user and the use of the ban therefore is rendered useless

transparent = yes | no (Unix only)
Transparent proxy mode

Rewrite the addresses so that they appear to come from the SSL client machine
rather than one that runs stunnel. This option is only available in local mode
(exec option) with the LD_PRELOADing env.so shared library shared library and
in remote mode (connect option) on Linux 2.2 kernels compiled with the option
transparent proxy and only in server mode. This option cannot be combined with the mode
proxy (connect) unless the default route from the client to the target goes through
the host running stunnel, which cannot be localhost.

transmission of external ip is only available on UNIX

89

Beta / Re: version 2.4

« on: June 08, 2020, 06:04:56 PM »

@rejetto

could you add this macro in scriptlib.pas during the new release of hfs
    ....

    if name = 'sha1' then
      result:=strSHA1(p);
    if name = 'sha256' then
      result:=strSHA256(p);

it is to allow an intercation with the function sha256(s) that you placed in the template


thank you in advance

90

Beta / Re: version 2.4

« on: June 07, 2020, 06:46:52 PM »

the exchange of data between the form and the section is now under control, it only remains to implement the encryption protocols...