Anyways, as this is shared here on a developer oriented forum, it would be fitting to speak of the actual implementation too. Taking quick look at the source, it seems to have some security issues ranging from XSS to potential CE. These seem to arise from common bad practices.
I would advice going through the source code and making sure all values you echo as JSON are properly encoded and that you don't use anything as-is in a shell command.
You are absolutely on point. I am currently cleaning up the code base and trying to instill a better directory/file structure. Since the last post, it has added more widgets, changes to existing widgets, and been put up on a new domain. Seeking feedback to help it mature a bit.
I deployed it on apache with a .htaccess limited to my domain to limit security issues. Pretty trivial. Perhaps you could expand your documentation on this note. Just include a few lines on how to stick a file in the root folder with something like this
RewriteEngine on
Order Deny,Allow
Deny from all
Allow from IP or partial IP
Allow from domain
Also make sure the overall apache config has a directory tag with allowoverride all. Debain defaults to allowing none.
The most important widgets for me are general info, load average, ram, disk usage (actually, I would mostly like a widget that highlights when a disk is below 90% free space, so maybe that is a new widget) and processes. I changed it so these are sorted at the top by default, also I changed the sorting when clicking on cpu/memory etc to display the highest values instead of the reverse which is the default. I dont know how much of this is something you would like to implement, and all of it is trivial, but if you want my changes reach out.
Why are they even storing phone numbers in plain text. According to their Privacy Policy, the numbers are only used for finding friends; i.e. they look up your contacts from their database.
In which case, to do that they do not need the plain phone number, but only a hash derived from it. This is like storing passwords in plain-text.
Amazon's web services and their control panels support multi-factor authentication methods and customisable permissions models. For details see: http://aws.amazon.com/iam/
The data is collected from users that visit the site and take part in the test. Keep in mind that the data isn't conclusive as the end-users location, and his hardware, effects the providers offerings and the statistics.
Is there something particular you want to specifically mention that has happened since you last shared the app five months ago? - https://news.ycombinator.com/item?id=7125153
Anyways, as this is shared here on a developer oriented forum, it would be fitting to speak of the actual implementation too. Taking quick look at the source, it seems to have some security issues ranging from XSS to potential CE. These seem to arise from common bad practices.
I would advice going through the source code and making sure all values you echo as JSON are properly encoded and that you don't use anything as-is in a shell command.
Few examples:
- https://github.com/afaqurk/linux-dash/blob/7bd5dcb637f815702... - https://github.com/afaqurk/linux-dash/blob/7bd5dcb637f815702... - https://github.com/afaqurk/linux-dash/blob/7bd5dcb637f815702...