Jun 23 15:47:13 ip-172-16-0-62 systemd: Listening on REST API socket for snapd user session agent. If this is insecure, then have I somehow missed security good practice for handling node js projects? I know that running sudo npm install -g is really bad practice but is using npm as a user which has write access to your main shell configuration file almost as bad just with a few extra steps in between, or am I lacking an understanding of how user permissions/shell configuration/npm works? Obviously I do trust most of the programs that I install to not be malicious, however, I do use npm as a package manager for my own projects which is commonly accepted to be a vector for malware due to the sheer number of dependencies each module and it's dependencies can have. I'm concerned that a malicious program that I install on the user level could then trick me into somehow giving up my sudo password through this method. In malicious hands this could probably be used to edit aliases or append a directory of the attackers choosing to the beginning of the $PATH. ![]() I would be interested in seeing what you're trying to accomplish, but that's a different conversation.My understanding of user permissions is that any process spawned by my user will then have read/write permissions to this file. I hope I have helped you make a decision! or at the least gave you enough input to accept that you're going the right way. I am working on a project that allows cropping (and potentially re-sizing) of images, but I'm struggling with a potential bug that I'm waiting to hear back from. ![]() I only use DropzoneJS because I only need the ability to drag and drop files and upload them to the server without being edited. I imagine it is possible to do what you want, but I feel like you will end up recreating a few wheels from FileDrop and/or file-input. I'm guessing right now that DropzoneJS is not the right one this time. In the end deciding on the perfect library for your project falls to you. The file-input part doesn't seem necessary for me, but I have not seen your iteration of using it. It would be interesting to say that DropzoneJS could potentially move to something like that, but I doubt that is a goal of enyo or anyone in this specific community. If you're trying to edit the file contents and then possibly send those new contents to the server to then be downloaded by the client that is a completely different type of functionality. ![]() ![]() It is more of being able to edit the contents of the provided file. The FileDrop from chrismbarr is a different type of file drop. So I want to say DropzoneJS is all you need and setting up the options to fit your needs would be best for you, but now I don't know what you want. Out of curiosity are you not going to upload the files to the server at some point?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |