go to post David Crawford · Mar 22, 2020 I was very interested in this question! Looking at this really great post here, there was some documentation I wanted to look at but it's giving me access errors :( hoping to read up on the security package documentation soon!
go to post David Crawford · Nov 7, 2019 Depending on how your column is set up, you may have a couple options. If what you're returning is pretty simple, you could embed javascript into the layout editor code view to access the dom of the other columns values you want to check. Another option which is easier to maintain and control, and is closer to what you mentioned is adding a transformation which calls out to an ObjectScript class function. From there you can access the context of whatever data you're pulling and check the values right there, and return whatever you want in your column.
go to post David Crawford · Sep 18, 2019 It's the zero point for MUMPS based languages. It shows that way if your session has no timeout. From James Poitras on why:"When I decided on specifications for the date routine, I remembered reading of the oldest (one of the oldest?) U.S. citizen, a Civil War veteran, who was 121 years old at the time. Since I wanted to be able to represent dates in a Julian-type form so that age could be easily calculated and to be able to represent any birth date in the numeric range selected, I decided that a starting date in the early 1840s would be ‘safe.’ Since my algorithm worked most logically when every fourth year was a leap year, the first year was taken as 1841. The zero point was then December 31, 1840."Taken from http://www.faqs.org/faqs/m-technology-faq/part1/
go to post David Crawford · Aug 1, 2019 Checking for the existence of a custom header, as I mentioned, is a good baseline because a browser cannot be coerced into setting one in these requests. But you're right that this isn't the OWASP recommendation, because it isn't proactive like the token method and is restricted to rest calls. The example I have is definitely not comprehensive, but due to the lack of support for these vulnerabilities I was wanting to discuss this.
go to post David Crawford · Aug 1, 2019 Not technically. CORS exists to prevent certain responses from being read by another origin, and while a CSRF attack comes from another origin, there is a percentage of cases where the origin/referer is not included or is complex to identify correctly (the server is being indirectly accessed via proxy or some type of F5 config). See "Identifying the Target Origin" here which mentions how token based is preferred due to the work required in the long run, and how using origin/referer isn't 100% reliable:https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.htmlA good CORS policy helps considerably though and I'd say is necessary. Just like how https doesn't directly stop CSRF, but it certainly assists in other areas that help mitigate these vulnerabilities.
go to post David Crawford · Jul 31, 2019 I got it working, just needed some dumb troubleshooting and a terminal restart. Cut me some slack! I've never done a code golf before
go to post David Crawford · Jul 31, 2019 This is really cool! But the output from this has the integers next to the strings. For example shouldn't:FizzBuzz90Instead be:FizzBuzz
go to post David Crawford · Jul 31, 2019 67 bytes rawf i=1:1:100 w $s(i#15=0:"FizzBuzz",i#3=0:"Fizz",i#5=0:"Buzz",1:i),!
go to post David Crawford · Jul 29, 2019 Fantastic! Thank you for looking at the speed, those changes do help. I guess I thought metadata was retrieved on a row basis, but no!
go to post David Crawford · Jul 29, 2019 Yes, as much as I'd like to use that method, my queries can get very complicated and it never worked the way I needed it to, and I didn't want to spend the majority of my time working on query syntax. There's a lot of people who write normal queries that I work with as well, who would need to update a ton of sql!
go to post David Crawford · Jul 23, 2019 Something to note, if you delete the repo, the pull request will show up as "unknown repository"and any history attached to that repo will be lost. Also any references to it will of course be broken. But deleting the branch is encouraged by github and won't break any references. For me, I don't like broken links and references, but of course there's the argument of wanting a clean profile instead of 1000 old forked repos :)
go to post David Crawford · Jul 15, 2019 It's serving static files. I like that it's easy to manipulate how the server sends CSP, such as manipulating custom headers or session information right out the gate. But I also have a lot of non-csp resources that are served that I'd like to know more about how the server handles them. Do they go through the CSP logic? How are they served from server to client?
go to post David Crawford · Jun 24, 2019 Are these automated in any way? Wondering if mine is bugged because I've certainly posted questions and comments before but those badges were never unlocked. Their descriptions below say "first" question/comment and I don't know if mine are being detected:https://community.intersystems.com/post/changes-global-masters-program-new-level-new-badges-new-possibilities
go to post David Crawford · May 8, 2019 Thanks for the insight, there must be some nuance with this table's integer fields. I linked another table and I can query an integer field with a large number, not just id, and they all have the same property definitions. This must be a problem specifically with the one table, although I wonder why id works fine on another linked table if it's projected through xDBC as integer.
go to post David Crawford · May 7, 2019 Forgot to mention, that doesn't affect it. Int or string will fail.
go to post David Crawford · May 2, 2019 I prefer objects as well especially when the amount of optionals are getting too large. I think when you start adding more and more optionals then it's time for a rethinking of what the function is really trying to accomplish.
