admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2019-01-18 18:39:24 +00:00
parent 43363e787c
commit 2b729a633f
4 changed files with 15 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
devdocs/todo.txt
View File

@@ -16,39 +16,16 @@ SERVER
- DO ALL THE THINGS!!!! - all the way down to DOCS MANUAL below which isn't urgent and go back to client stuff
- LOOK INTO JWT issues??
- potentially lots of issues, look into it as using them kind of mindlessly right now.
It could be simply that people are attempting to do other things I am not but to be safe read the criticism and see if any of it applies:
http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
https://stackoverflow.com/questions/27301557/if-you-can-decode-jwt-how-are-they-secure/27301616#27301616
https://news.ycombinator.com/item?id=14292223
https://news.ycombinator.com/item?id=18804875
- Add tests to ensure security of JWT
- https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf
- https://gist.github.com/ejcx/cbf2e1bb75b02c7d77bc1cfcf84a167e
- DONE Test for expired token
- . Wrong key / credentials rejected (ISS?)
- Test truncated signature portion (3rd part)
- Test signature transpose bytes
- Test with no or wrong algorithm ensure won't accept
- Test inactive user can't login
- WTF is this shit when logging is set to normal:
2019-01-16 16:13:03.4808|WARN|Microsoft.EntityFrameworkCore.Query|Query: '(from Widget <generated>_4 in DbSet<Widget> select [<generated>_4]).Skip(__p_1).Take(__p_2)' uses a row limiting operation (Skip/Take) without OrderBy which may lead to unpredictable results.
2019-01-16 16:13:03.6455|WARN|Microsoft.EntityFrameworkCore.Query|Query: '(from Widget <generated>_4 in DbSet<Widget> select [<generated>_4]).Skip(__p_1).Take(__p_2)' uses a row limiting operation (Skip/Take) without OrderBy which may lead to unpredictable results.
- UPDATE: Update all 3rd party libs in use with server and re-test
- It's been a while, some of the modules date to last fall
- Test on OPS server
- WTF is this shit when logging is set to normal:
2019-01-16 16:13:03.4808|WARN|Microsoft.EntityFrameworkCore.Query|Query: '(from Widget <generated>_4 in DbSet<Widget> select [<generated>_4]).Skip(__p_1).Take(__p_2)' uses a row limiting operation (Skip/Take) without OrderBy which may lead to unpredictable results.
2019-01-16 16:13:03.6455|WARN|Microsoft.EntityFrameworkCore.Query|Query: '(from Widget <generated>_4 in DbSet<Widget> select [<generated>_4]).Skip(__p_1).Take(__p_2)' uses a row limiting operation (Skip/Take) without OrderBy which may lead to unpredictable results.
=-=-=-=-=-=-