Welcome to Software Development on Codidact!
Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.
Activity for jmathewâ€
| Type | On... | Excerpt | Status | Date |
|---|---|---|---|---|
| Comment | Post #290498 |
Separating it is sort of a paranoid safety measure in case there's any way to exploit the Swagger middleware (AFAIK there is none). And perhaps Kestrel*, though touted as production ready, may not be able to serve actual API requests while receiving millions of requests (DDOS) for large static assets... (more) |
— | 4 months ago |
| Comment | Post #290498 |
I'm also a little confused on how a static site that displays no user generated content can be exploited via script injection? It's clear someone can pwn you if they can control your swagger file, but publishing the swagger file should already be secured. Maybe the swagger UI's I'm used are more basi... (more) |
— | 4 months ago |
| Comment | Post #290498 |
Is the API meant to be shared between teams or is it essentially just for the team that deploys it?
If the API is meant for other teams, they need some documentation and that must be delivered. Swagger that's available in network is reasonable. Also, if your SRE is expecting a threat on the inter... (more) |
— | 4 months ago |
| Comment | Post #290066 |
Yes, if you have alternatives, don't directly using gateway protocols. However, its not about the reverse proxy sitting in front so much as how limiting working with something like FastCGI in general will be compared to a framework that communicates via an HTTP server. (more) |
— | 7 months ago |
| Comment | Post #290066 |
I think your thought answers the architectural dilemma if I'm understanding what you mean by dilemma correctly.
Your application server needs to communicate somehow and why not HTTP? It creates a nice developer experience locally since you can talk to it using HTTP tools which are abundant and wh... (more) |
— | 7 months ago |
| Comment | Post #289443 |
The first few paragraphs are not biased and were useful to me: a non-biased observer with knowledge of python and pip, but new to pipx. It puts the statements in your question into context. For example, I thought it was indeed strange that they talked about PyPi being an "app store" as suggested in y... (more) |
— | 9 months ago |
| Comment | Post #286006 |
No problem glad to help! Feel free to summarize and answer. (more) |
— | about 2 years ago |
| Comment | Post #286006 |
If `winpty` does work, it's likely the problem you're facing is what's described in that link. Basically, your installation of python is expecting a windows console and git-bash isn't one.
If the goal is to just be able to do run the same command in both terminals setting up aliases in git-bash i... (more) |
— | about 2 years ago |
| Comment | Post #286006 |
Maybe try `winpty black version.py` when in git-bash? A complete shot in the dark but its come in handy for certain interactive `yarn` commands. [Relevant link](https://stackoverflow.com/questions/48199794/winpty-and-git-bash) (more) |
— | about 2 years ago |
| Comment | Post #285799 |
Now that's so bad it's funny! (more) |
— | over 2 years ago |
| Comment | Post #285116 |
Hah. It is a trade off for sure, but not one that affects anyone in any practical way. It works 99.999...% of the time. Any major outage will be resolved shortly precisely because it's so broadly used. I can't recall a single instance where Google single sign on failed. And I've used it since it beca... (more) |
— | over 2 years ago |