rejetto forum

version 2.4

rejetto · 474 · 417445

0 Members and 2 Guests are viewing this topic.

Offline NaitLee

  • Tireless poster
  • ****
    • Posts: 203
  • Computer-brain boy
    • View Profile
Seems simple (or complex, depending on our math skills) encryption can be done in just a template (client/page: javascript, server/template: math macros in changepwd ajax)
"Computation is not forbidden magic."
Takeback Template | PHFS


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
Small note regarding the representation of IPv6 in address lines and logs. As you know, IPv6 uses colons as separators, unless IPv4, which uses dots. In order to solve the ambiguity that arises with appended ports (which, stupidly, also use a colon as separator), literal IPv6 addresses are written inside of square brackets "[" and "]".


suggestion accepted.
Apparently apache log don't require changes instead.



Quote
Edit: Btw, does the Boru_V1 theme have a few image errors or is it my browser?
https://rejetto.com/forum/Themes/Boru_v1/images/useron.gif
The image above will only display an error message.


yes, it's broken. I may fix it someday.

I have loaded beta 9 and I found Windows 10 Defender said it had a virus and took it off my system. I have seen this on earlier versions.


here it comes again -_-


i have less free time now guys, so be patient
« Last Edit: June 06, 2020, 06:20:59 PM by rejetto »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
Files with commas in its name cannot be downloaded in Google Chrome, with the error ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION.

thanks for reporting. Fixed in next release.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
How about having a encryption when we change our password?
(This can be put off, since HFS is open source, and the method we use should be careful.)

i overlooked this problem, and it's not as easy as the login.
The link posted by mars should be technically ok but requires generation of keys using another program (openssl), and it takes several seconds so it should be done before.
I will postpone this problem for a later version (2.5 or later), and for the time being i'm just adding a warning  about the low security of the action.
« Last Edit: June 07, 2020, 09:17:29 AM by rejetto »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
as an alternative method, we can just use the old password to encrypt the new one (no openssl required).


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
this is what I tried to do last night but I have a problem of transferring values by using a form to process the data

for now I explore the way to use ask () by inserting three input fields instead of one, which would simplify the transfer problem that I am facing



an attempt with the attached template, but I am faced with the processing of the form to send it to the section as with ASK, it follows that the data is found in the url



« Last Edit: June 07, 2020, 03:46:35 PM by Mars »


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
the exchange of data between the form and the section is now under control, it only remains to implement the encryption protocols...


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
https://github.com/rejetto/hfs2/releases/tag/v2.4-rc01

(again) first release candidate :)

mars, i appreciate your effort, but the encryption was the only problem


Offline dj

  • Tireless poster
  • ****
    • Posts: 291
  • 👣 🐾
    • View Profile
    • PWAs
a bug in rc1:
not all requests are loaded (I've no limits set, 4 requests, 1 request denied with HTTP 429 Too Many Requests)

beta08 works fine
« Last Edit: June 08, 2020, 04:16:29 AM by dj »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile

Offline dj

  • Tireless poster
  • ****
    • Posts: 291
  • 👣 🐾
    • View Profile
    • PWAs
it happens with my template

it doesn't happen with beta08. beta9 and 10 I haven't tested.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
templates like yours are a quite special case, with the main section not requiring the file list, because it does it later with a further request.
What happens now is that you actually cause the listing to be done twice on the server, with the first one just discarded without being used.
To support cases like this (btw, same method used by hfs3 project) I will see to introduce a section-flag to let you specify that you don't need the %list%.
I considered having this automatic without flag, but it would require the server to execute the template to know if the %list% is used or not, because you can include other sections at run-time. I want it to be done before execution.

p.s. TBH, before this post i had tested your tpl, but by accident i ran an older hfs, so i saw no problems
« Last Edit: June 08, 2020, 09:09:31 AM by rejetto »


Offline MarkV

  • Tireless poster
  • ****
    • Posts: 764
    • View Profile
as an alternative method, we can just use the old password to encrypt the new one (no openssl required).
You can also use the current wall clock time string from the system, as a source of randomness. Could also be used to salt the password if necessary.
http://worldipv6launch.org - The world is different now.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
ok dj, RC2 should make your template work without changes in a non-very-busy server.
To have perfect support also on busy servers you should  apply these changes
1. add this text to the very top: [|no list]
2. support error 429 when you fetch, and retry the fetch.
« Last Edit: June 08, 2020, 10:56:59 AM by rejetto »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
You can also use the current wall clock time string from the system, as a source of randomness. Could also be used to salt the password if necessary.

thanks mark but it's not randomness we need for this (salt excluded)