@PitaJ Yes, thank you it works 🙂
I found out that it is used for when you entering a topic where you enter it before if it ask if you want to continue reading where you was last time.
My security alert system is telling me that the checksum of a file like node_modules/nodebb-plugin-finder/npm.json has changeed. Can anybody tell me why it will change without me modifying anything?
Judging by @bdharrington7's code, his plugin is checking for new nodebb plugins in npm once a day and saving it locally in that npm.json file:
Thanks. That was what I thought was happening and I don't think it is really a good idea.
@bdharrington7, is this a behavior that can be coded to be configurable, that is, for the admin to enable/disable automatic checking of NodeBB plugins.
Woah sorry I just saw this, been studying for interviews. I can put that in real quick
Updated to allow you the option for auto-update, and some other stuff
@planner Just out of curiosity, what software was telling you that and why would it be a security threat?
@bdharrington7 I imagine it's just monitoring checksums for files in case a rogue script went in and changed it (i.e. to add a malware script into header, etc). Neat
I'm using OSSEC as my Host Intrusion Detection Systems (HIDS) and it's configured to send out alerts by email when it detects any activity on the server. In this case, it detected that the MD5/SHA1 checksum of certain files had changed, so it sent out an alert:
OSSEC HIDS Notification. 2014 Feb 21 03:44:49 Received From: (server-name) xxx.yyy.zzz.000->syscheck Rule: 552 fired (level 7) -> "Integrity checksum changed again (3rd time)." Portion of the log(s): Integrity checksum changed for: 'forum/node_modules/nodebb-plugin-finder/npm.json' Size changed from '34934' to '36289' Old md5sum was: '87b3c6a957af2d8135fb4ea2455f5b36' New md5sum is : '34206f1cbf9602d33e81e72b3b074e61' Old sha1sum was: '08764bf37603c005923f2afd7b215f44e304884b' New sha1sum is : '3995ed7931cdf60ef4c8c65b88afe43013ab5190'
It worried me because I was not expecting the file to change, but that was before @psychobunny posted a reply to my question.
I'm paranoid about these things, but don't blame me. That's just my nature and a consequence of having a security background.
oooh... @planner, do you do pentesting?
In a previous incarnation, I did something like that.
Cool stuff! I'll have to look at that for my server