James Oakley: Checking for modifications to default.settings.php

Planet Drupal - Sat, 2021/01/30 - 5:45pm

Drupal sites contain a settings.php file with site-specific settings, that is based off default.settings.php at the time the site is installed. As Drupal evolves, default.settings.php will change. Sometimes, it's worth incorporating those changes into the settings.php file for an already-installed site. This post runs through a low-friction way to keep on top of this house-keeping.

Blog Category: Drupal Planet
Categories:

clemens-tolboom commented on issue boku-ilen/geodot-plugin#51

On github - Sat, 2021/01/30 - 4:20pm
clemens-tolboom commented on issue boku-ilen/geodot-plugin#51 Jan 30, 2021 clemens-tolboom commented Jan 30, 2021

geodot.gdnlib Was missing [dependencies] ... OSX.64=[ "res://build/libRasterTileExtractor.dylib", "res://build/libRasterTileExtractor.dylib", "/usr…

clemens-tolboom commented on issue boku-ilen/geodot-plugin#52

On github - Sat, 2021/01/30 - 4:01pm
clemens-tolboom commented on issue boku-ilen/geodot-plugin#52 Jan 30, 2021 clemens-tolboom commented Jan 30, 2021

Export game If I export the game to MaxOS App we get find ./Demo.app ./Demo.app ./Demo.app/Contents ./Demo.app/Contents/MacOS ./Demo.app/Contents/M…

clemens-tolboom commented on issue boku-ilen/geodot-plugin#52

On github - Sat, 2021/01/30 - 3:46pm
clemens-tolboom commented on issue boku-ilen/geodot-plugin#52 Jan 30, 2021 clemens-tolboom commented Jan 30, 2021

Remarks otool -L demo/addons/geodot/osx/libgeodot.dylib demo/addons/geodot/osx/libgeodot.dylib this is the wrong answer as it probably should be r…

clemens-tolboom commented on issue boku-ilen/geodot-plugin#52

On github - Sat, 2021/01/30 - 12:36pm
clemens-tolboom commented on issue boku-ilen/geodot-plugin#52 Jan 30, 2021 clemens-tolboom commented Jan 30, 2021

So in short otool /Applications/Godot_v3.2.4-rc1_osx.universal.app/Contents/MacOS/Godot -L helps a little for understanding and otool demo/addons/…

clemens-tolboom commented on issue boku-ilen/geodot-plugin#52

On github - Sat, 2021/01/30 - 12:32pm
clemens-tolboom commented on issue boku-ilen/geodot-plugin#52 Jan 30, 2021 clemens-tolboom commented Jan 30, 2021

We can run the same on Godot otool /Applications/Godot_v3.2.4-rc1_osx.universal.app/Contents/MacOS/Godot -L /Applications/Godot_v3.2.4-rc1_osx.univ…

clemens-tolboom opened a pull request in boku-ilen/geodot-plugin

On github - Sat, 2021/01/30 - 12:13pm
clemens-tolboom opened a pull request in boku-ilen/geodot-plugin Jan 30, 2021 Add some notes on Mac build #55

Dangling text as VS Code does not auto save :-/

+4 -1

clemens-tolboom pushed to patch-3 in clemens-tolboom/geodot-plugin

On github - Sat, 2021/01/30 - 12:13pm
clemens-tolboom pushed to patch-3 in clemens-tolboom/geodot-plugin Jan 30, 2021 1 commit to patch-3
  • 5551b1a Add some notes on Mac build

clemens-tolboom commented on issue boku-ilen/geodot-plugin#43

On github - Sat, 2021/01/30 - 11:14am
clemens-tolboom commented on issue boku-ilen/geodot-plugin#43 Jan 30, 2021 clemens-tolboom commented Jan 30, 2021

If we align this with how Godot does adding Web, Android and iOS could be easier. What do you think?

clemens-tolboom commented on issue boku-ilen/geodot-plugin#51

On github - Sat, 2021/01/30 - 10:12am
clemens-tolboom commented on issue boku-ilen/geodot-plugin#51 Jan 30, 2021 clemens-tolboom commented Jan 30, 2021

Mono crash ================================================================= Native stacktrace: ===================================================…

clemens-tolboom opened an issue in boku-ilen/geodot-plugin

On github - Fri, 2021/01/29 - 10:36pm
clemens-tolboom opened an issue in boku-ilen/geodot-plugin Jan 29, 2021 Navigating RasterDemo is little weird #53

Right click release makes scene jump back and more weird mouse rotations We should add FPS player instead.

#! code: Drupal 9: Preventing Enumeration Attacks

Planet Drupal - Fri, 2021/01/29 - 9:38pm

A recent Wired article about the Parler data hack talked about how a hacker group was able to steal publicly available information from the Parler website using an Insecure Direct Object Reference (IDOR) or enumeration attack. This type of attack involves a hacker looking at the structure of the site and attempting to guess the next available resource by looking at the URL. Apparently, terabytes of Parler's data was downloaded by simply enumerating through the ID's of their publicly available posts.

Taking an arbitrary example in Drupal, let's say that you had a content type called post that was loaded using the type and ID of the content in the URL. This means that when a user visits the post they might see a URL with the path /post/1. If a user wanted to see the next available post on the site then they could just increase the ID by one and see if the next post loads or not. It becomes almost trivial to build a script to download every post on the site by just looking through the ID of the posts. This is almost what happened in the Parler attack, although that attack was done through their API service rather than through their website, but the principle is the same.

You might not think this is much of a problem, but you can actually leak a lot of information from a site like this without even realising it. Especially problematic is user profiles where improperly controlled user profile pages can mean that a site can leak all of their user data without hackers needing to break into the system. It doesn't have to be user profiles though, many users will post identifiable information in public posts and so any system that allows all of these posts to be enumerated will leak quite a lot of information that can be easily linked back to users.

Categories:

Dries Buytaert: Acquia a Leader in the 2021 Gartner Magic Quadrant for Digital Experience Platforms

Planet Drupal - Fri, 2021/01/29 - 6:39pm

Today, for the second consecutive year, Acquia was named a Leader in Gartner's Magic Quadrant for Digital Experience Platforms (DXPs).

Our leader position improved compared to last year. Acquia is now the number two. Market validation from Gartner on our vision is exciting and encouraging.

In the report, the analysts note the Drupal community as a powerful entity that sets Acquia apart from closed-monoliths. Closed monolithic stacks and martech silos are quickly becoming a thing of the past. Drupal's scale, modularity and openness is a real differentiator.

Mandatory disclaimer from Gartner

Gartner, Magic Quadrant for Digital Experience Platforms, Irina Guseva, Mick MacComascaigh, Mike Lowndes, January 27, 2021.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Acquia.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Categories:

clemens-tolboom commented on issue boku-ilen/geodot-plugin#52

On github - Fri, 2021/01/29 - 4:19pm
clemens-tolboom commented on issue boku-ilen/geodot-plugin#52 Jan 29, 2021 clemens-tolboom commented Jan 29, 2021

Making the link steps explicit we are building into the Godot dir but grab the sub libraries from the src/*/build/ g++ -o demo/addons/geodot/osx/li…

clemens-tolboom opened an issue in boku-ilen/geodot-plugin

On github - Fri, 2021/01/29 - 3:54pm
clemens-tolboom opened an issue in boku-ilen/geodot-plugin Jan 29, 2021 BUG: MacOS support libraries end up into `res://build/*` #52

After #33 lands we still face: The MacOS build process results in the supporting files into res://build/ directory. Fiddling removing /build makes…