Navigation

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Popular
    • Tags
    • Users
    • Groups
    1. Home
    2. dwn
    D
    • Profile
    • Following 0
    • Followers 0
    • Topics 5
    • Posts 23
    • Best 1
    • Groups 0

    dwn

    @dwn

    2
    Reputation
    684
    Profile views
    23
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    Website keybase.io/dwn

    dwn Follow

    Best posts made by dwn

    • RE: General talk about the security off NodeBB

      @xCausxn There aren't any very good websocket mapping webscanners/tools, the only real option is intercepting each websocket transmission in burp and testing each one. From this I'd assume nobody has really bothered testing all the routes for security purposes.

      The NodeBB team will patch security issues reported in the middle of the night in like 15 minutes, so they've got a great security posture.

      From a permissions and logging standpoint NodeBB doesn't really step up to the plate. It's likely that if someone compromised your forum you'd have absolutely no helpful logs to detect the attacker or how they got in. This is probably the biggest security concern at the moment I'd say. The permissions system is a little haphazard right now, and I'd wager it is the most likely place you'd find security vulns(but more than likely it'd just be viewing information you shouldn't).

      Luckily, if your forum was compromised, user passwords wouldn't really be too at risk. They use a secure hashing algorithm with automatic salts(you'll notice logging in takes a second!). This is because generating that hash is computationally expensive, a good thing.

      posted in General Discussion
      D
      dwn

    Latest posts made by dwn

    • RE: Adding a button to each post

      The loop to add buttons was merged into persona. A similar addition should probably be added to vanilla.

      I now add buttons in my plugin via hook filter:post.getPosts and in the hook:

        Plugin.postsBuild = function(params, cb) {
          var histButton = {action: 'posts/edithistory', icon: 'fa-file-text', html: 'Edit History'};
      
          async.map(params.posts, function(post, next) {
            if(!post) return next();
      
            if(!!post.tools) {
              post.tools = [];
            }
            post.tools.push(histButton);
      
          });
      
          cb(null, params);
        };
      
      posted in Plugin Development
      D
      dwn
    • RE: Adding a button to each post

      here's a PR to take care of it--

      https://github.com/NodeBB/nodebb-theme-persona/pull/158
      https://github.com/NodeBB/NodeBB/pull/3604

      dwendt created this issue in NodeBB/nodebb-theme-persona

      closed Added post tools loop for plugins. #158

      dwendt created this issue in NodeBB/NodeBB

      closed Added filter:posts.build and postData.tools array for adding buttons #3604

      posted in Plugin Development
      D
      dwn
    • Adding a button to each post

      Hey, I feel like I'm missing something but is there currently no method to have a plugin add a button to a post?

      partials/topic/post-menu.tpl pulls data from a posts object defined here -- so that's where I guess a filter:posts.build would go, and then we'd add something similar to regFormEntry to the partial.

      It feels sorta inefficient to do that for every single post but I guess that's what needs to be done? Am I missing something somewhere?

      posted in Plugin Development
      D
      dwn
    • RE: Installation: recommendations from NodeBB team

      Redis is just as reliable as mongo and can be backed up to a different server just as easily, above.

      posted in General Discussion
      D
      dwn
    • RE: npm ERR! extraneous: redis@0.10.3

      No, redis is only installed if you set it to use redis in setup.

      posted in NodeBB Development
      D
      dwn
    • RE: General talk about the security off NodeBB

      @xCausxn There aren't any very good websocket mapping webscanners/tools, the only real option is intercepting each websocket transmission in burp and testing each one. From this I'd assume nobody has really bothered testing all the routes for security purposes.

      The NodeBB team will patch security issues reported in the middle of the night in like 15 minutes, so they've got a great security posture.

      From a permissions and logging standpoint NodeBB doesn't really step up to the plate. It's likely that if someone compromised your forum you'd have absolutely no helpful logs to detect the attacker or how they got in. This is probably the biggest security concern at the moment I'd say. The permissions system is a little haphazard right now, and I'd wager it is the most likely place you'd find security vulns(but more than likely it'd just be viewing information you shouldn't).

      Luckily, if your forum was compromised, user passwords wouldn't really be too at risk. They use a secure hashing algorithm with automatic salts(you'll notice logging in takes a second!). This is because generating that hash is computationally expensive, a good thing.

      posted in General Discussion
      D
      dwn
    • RE: New from-scratch theme

      That's great, I am actually working on pretty much the same thing (semantic-ui, but with everything designed to be more friendly to old-style forum users).

      I add semantic-ui as a submodule git submodule add and have a script to handle compilation / then copy the results to the lib and less (even though it is CSS) folders.

      I didn't encounter your LESS issue because I'm not throwing everything out just yet, but try running grep -r "state-info-text" ./* to find the culprit.

      posted in Technical Support
      D
      dwn
    • [idea] Edit History

      I was thinking of making this plugin if nobody's already done so. Would just need to observe filter:post.save and purge to remove the history entries. It'd be nice to store just the diffs to save space, if there's already a library to handle diff->json and json back to applying a diff.

      One concern I'd have is being able to display an edit history gui for a post that is theme agnostic. Not sure there's a way to do that? A modal with custom styling might be the best option in that case.

      posted in NodeBB Plugins
      D
      dwn
    • Vanilla's fade-in

      So when a page loads, vanilla will fade the contents in. I've looked pretty hard -- does anyone know where this is at? A loading bar/popin is way better, so I was going to fork and pull that out of lavender.

      posted in Technical Support
      D
      dwn
    • RE: IP banning

      "IP Blacklist" as in a spam/malware blacklist. These are lists that security-conscious owners would naturally block, but occasionally contain innocent infected users.

      posted in Feature Requests
      D
      dwn