[TriLUG] Preview of new TriLUG website
William Sutton via TriLUG
trilug at trilug.org
Mon Apr 9 13:52:29 EDT 2018
and while I'm ranting... there is a ticketing system I've used whose name
rhymes with CircusHow. Up until recently (for some version of recently),
you could take advantage of the fact that every single "page" would
interpret any and all variables you passed to it. To the point that you
could create your own alert boxes using its JavaScript API.
variable manipulation, sql injection, and cross site scripting attacks are
far from new, but there are a disturbing number of products (free and
commercial) that still get bit.
William Sutton
On Mon, 9 Apr 2018, William Sutton via TriLUG wrote:
> some years ago I worked on a corporate CMS. For certain pages, it had an
> automatic page generator that would render the content to static pages.
> For all others, it was on-demand (e.g., you request a page. if it is
> there, you get static html. if it is not, the page generator builds the
> static html, and then you get static html).
>
> this isn't a new or even difficult concept. :-(
>
> William Sutton
>
> On Mon, 9 Apr 2018, Ken MacKenzie via TriLUG wrote:
>
>> The irony of it all is not missed.
>>
>> Truly the next thing I do as I tire of dealing with the static site
>> generator is
>> just deal with a "CouchApp" as a CMS. In other words some simple jquery
>> front
>> end consuming a couch DB. Maybe with a simple python app to work with the
>> data
>> in the CouchDB easier than editing directly in Futon.
>>
>> Ken
>>
>> On Mon, Apr 09, 2018 at 01:30:01PM -0400, Brian via TriLUG wrote:
>>> Tired of managing all those ancient static web pages? Try a dynamic CMS!
>>> They're all the rage!
>>>
>>> Tired of managing your insecure dynamic CMS? Try a static site generator!
>>> They're all the rage!
>>>
>>> /me wonders what new-old-thing is next.
>>>
>>> (Note: This is not commentary on TriLUG in the slightest! Just musing
>> about
>>> the march of technology...)
>>>
>>>
>>> On 04/09/2018 01:15 PM, Aaron Schrab via TriLUG wrote:
>>> >At 13:10 -0400 09 Apr 2018, William Sutton via TriLUG
>>> ><trilug at trilug.org> wrote:
>>> >>looks good to me. how is it security-wise compared with what we
>>> >>currently have?
>>> >
>>> >The new site has a much lower attack surface than the current one does.
>>> >Since Jekyll is a static-site generator, there is no server-side code
>>> >for visitors to attack other than the web server (Apache) itself.
>>> >
>>> >The old site had a lot of PHP code, and used a MySQL database to store
>>> >the content. All of that was more places for vulnerabilities to crop up.
>>> >
>>> >
>>>
>>> --
>>> This message was sent to: Ken M. <ken at mack-z.com>
>>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
>> address.
>>> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
>>> Unsubscribe or edit options on the web :
>> https://www.trilug.org/mailman/options/trilug/ken%40mack-z.com
>>> Welcome to TriLUG: http://trilug.org/welcome
>> --
>> This message was sent to: William <william at trilug.org>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
>> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
>> Unsubscribe or edit options on the web :
> https://www.trilug.org/mailman/options/trilug/william%40trilug.org
>> Welcome to TriLUG: http://trilug.org/welcome
> --
> This message was sent to: William <william at trilug.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> https://www.trilug.org/mailman/options/trilug/william%40trilug.org
> Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list