The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2015-03-08

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 Flying_Squirrel joined #mojo
00:15 mattastrophe joined #mojo
00:24 mattastrophe joined #mojo
00:26 good_news_everyon joined #mojo
00:26 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/pqty
00:26 good_news_everyon mojo/master 6c62018 Sebastian Riedel: slightly more consistent examples
00:26 good_news_everyon left #mojo
00:26 mishantil joined #mojo
00:41 mattastrophe joined #mojo
00:45 mattastrophe joined #mojo
00:52 mattastrophe joined #mojo
00:58 d4rkie joined #mojo
02:02 KindOne joined #mojo
02:06 theo I've got that warning when starting morbo: "Your secret passphrase needs to be changed!!!". According to perldoc it's only used for cookies "and the like". Which I'm not using (yet). Is there a way to disable this message?
02:07 theo Or maybe I'll just set the app->secrets even though I don't use it.
02:08 theo Is it safe to make it random, instead of using a string?
02:08 nicomen make it a random_string?
02:09 nicomen if you are not using it, it should be fine
02:10 theo eg: app->secrets([$random_string]) instead of app->secrets(['my_string']), $random_string being something I would generate with map & rand.
02:10 theo Yeah, that's what I assumed. I mean if I use cookies in the future.
02:11 theo Should it be something persistant, or is it ok if it's different every time I run morbo?
02:11 theo s/run/restart/
02:26 mattastrophe joined #mojo
02:27 klapperl_ joined #mojo
02:57 d4rkie joined #mojo
02:59 davido__ joined #mojo
03:13 d4rkie joined #mojo
03:19 deserted joined #mojo
03:19 mattastrophe joined #mojo
03:24 d4rkie joined #mojo
03:27 noganex_ joined #mojo
03:28 d4rkie joined #mojo
03:43 bpmedley theo: My understanding is that if there is a secret / cookie mismatch, then the worst that could happen is you need delete the cookie in the browser.
05:06 Anon021 joined #mojo
05:17 csson joined #mojo
05:35 dotandimet joined #mojo
05:41 Flying_Squirrel joined #mojo
05:41 crab joined #mojo
05:42 jberger theo: the reason not to generate the secret on the fly is that if you use a forking server the secrets won't be the same
05:42 jberger which will mean a cookie generated by one process will be invalid on the others
05:44 jberger yeah just set it to some jumble of letters for now
05:51 Oleg joined #mojo
05:51 mattastrophe joined #mojo
05:53 Oleg joined #mojo
06:04 avenj joined #mojo
06:32 reneeb joined #mojo
06:46 d4rkie joined #mojo
07:02 reneeb joined #mojo
07:05 irq joined #mojo
07:07 Flying_Squirrel joined #mojo
07:51 riche joined #mojo
07:52 dod joined #mojo
07:57 dod joined #mojo
08:14 Vandal joined #mojo
08:16 trone joined #mojo
08:21 cfedde joined #mojo
08:40 dod joined #mojo
08:51 ispyhumanfly joined #mojo
09:08 jwang joined #mojo
09:52 crab joined #mojo
10:04 punter joined #mojo
10:10 d4rkie joined #mojo
10:14 d4rkie joined #mojo
10:18 polettix joined #mojo
10:30 berov joined #mojo
10:49 trone_ joined #mojo
11:13 d4rkie joined #mojo
11:14 D4RK-PH0ENiX joined #mojo
11:28 sh4 joined #mojo
11:46 mattastrophe joined #mojo
11:49 amon joined #mojo
11:57 theo bpmedley: would that be automatic and the user won't know, or would that need a user action?
11:58 theo jberger: Oh I see. So as long as I only use one mojo/morbo process, that doesn't matter? Even if I have a cluster with several nginx or apache process running?
12:02 batman theo: it does matter, since all your users will be logged out when you generate a new secret
12:02 batman i could suggest making a random string and then saving it in a file which is loaded if exists
12:02 batman wonder if mojo should do that by default.... ^
12:03 batman (nah. that would be a bad idea moving that into mojo core)
12:06 theo Yeah good point. So I guess you only need to generate one bunch of passwords and never change it on a given Website?
12:07 crab all my mojo programs look for a secrets.conf at startup and load it as a part of the configuration if it exists.
12:07 crab that's where i usually set the secret, as well as other stuff that shouldn't be world-readable.
12:07 theo Oh cool. :)
12:08 theo I suppose the secrets.conf file should be in the same directory as the .pl file given as an argument?
12:08 batman theo: you could use $app->home->rel_file()
12:08 crab mine are. yours can be wherever you want, you just look in the right place in your startup sub./
12:08 batman but it depends how you deploy the app
12:09 theo Ok, thank you for the answers. :)
12:09 crab (also my app.conf is usually checked into version control, but secrets.conf isn't)
12:11 theo Yeah that was the idea. I didn't want to commit that part and release it.
12:12 pink_mist I tend to have an app.conf.sample that I check in, containing a default secret with a comment to change it :P
12:15 crab and does anyone?
12:15 * purl does anyone who speaks softly and carries a big clue.
12:16 pink_mist well I'm the only one I /know/ that uses the app, so yes, 100% of the ones I know of do it :P
12:20 crab must be nice to have such obedient users. :-)
12:26 nicomen batman: it could've used a random string by default, so that things _didn't work_ until you did it properly
12:26 batman nicomen: no. i think it would just be confusing.
12:26 nicomen yeah, you are right
12:27 nicomen maybe the stuff that uses the secret should croak if not set?
12:28 batman nicomen: it does make a log message
12:28 nicomen yeah, easy to ignore
12:28 batman but croak'ing might be a good idea...
12:28 nicomen but only croaking when it is actually used
12:29 nicomen but that might introduce a gotcha hm
12:29 batman :)
12:29 nicomen as in you roll out your app then suddenly someone comes with a mojolicious cookie set that matches your app and things croak
12:30 nicomen does the app generation make you a random default one?
12:30 batman nicomen: no. it's a fixed string
12:31 nicomen is that similar to what RoR had security issues with at some point?
12:31 batman probably :/
12:33 batman s/probably/no idea/
12:49 d4rkie joined #mojo
12:50 D4RK-PH0ENiX joined #mojo
12:59 Oleg joined #mojo
13:00 ZadYree joined #mojo
13:01 Oleg joined #mojo
13:04 bwf joined #mojo
13:05 asarch joined #mojo
13:05 cpan_mojo SVG-Fill 0.07 by Jens Gassmann - http://metacpan.org/release/JEGADE/SVG-Fill-0.07 (depends on Mojolicious)
13:47 janus joined #mojo
13:53 denny joined #mojo
13:55 jberger purl: you minx
13:55 purl jberger: i'm not following you...
14:03 polettix joined #mojo
14:03 denny joined #mojo
14:31 janus joined #mojo
14:32 d4rkie joined #mojo
15:01 zivester joined #mojo
15:09 dod joined #mojo
15:11 mattastrophe joined #mojo
15:14 janus joined #mojo
15:18 mst joined #mojo
15:58 ispyhumanfly joined #mojo
16:09 janus joined #mojo
16:12 uma joined #mojo
16:23 mattastrophe joined #mojo
16:27 uma joined #mojo
16:30 d4rkie joined #mojo
17:24 mattastrophe joined #mojo
18:01 polettix joined #mojo
18:13 mattastrophe joined #mojo
18:21 asarch If you have a PostgreSQL type: CREATE TYPE language AS ENUM {'Perl', 'C', 'C++'}; Can you do: foreach ($schema->('Language')->all)?
18:25 asarch Ups, wrong channel. Sorry :-(
18:29 d4rkie joined #mojo
18:39 jberger asarch: ok, but now when you get then answer, let us know ok?
18:39 janus joined #mojo
18:43 mst my @enum_members = @{$schema->source('Language')->column_info($col)->{extra}{list}};
18:43 asarch WOW!
18:44 * asarch was about to type the answer...
18:45 mst I figured I might as well
18:45 mst also it's nice to remind myself I still know how to DBIC ;)
18:48 asarch Thank you, thank you very much :-)
19:20 asarch Du bist unglaublich! :-)
19:22 ispyhumanfly joined #mojo
19:24 polettix joined #mojo
19:49 meshl joined #mojo
20:01 zivester joined #mojo
20:02 irq joined #mojo
20:10 Adura joined #mojo
20:10 polettix joined #mojo
20:43 phillipadsmith mst: if you don't "still know how to DBIC," we're all in trouble. ;)
20:52 d4rkie joined #mojo
21:42 kaare joined #mojo
22:12 d4rkie joined #mojo
22:22 d4rkie joined #mojo
22:24 Averna joined #mojo
22:39 dhg joined #mojo
22:48 alnewkirk joined #mojo
23:20 mikegrb joined #mojo
23:33 mattastrophe joined #mojo
23:33 d4rkie joined #mojo
23:43 Flying_Squirrel joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary