πŸ‡ΊπŸ‡ΈUnited States @daceej

Account created on 25 March 2015, about 10 years ago
#

Recent comments

πŸ‡ΊπŸ‡ΈUnited States daceej

Adding a patch that addresses the issue.

πŸ‡ΊπŸ‡ΈUnited States daceej

daceej β†’ changed the visibility of the branch 3511713-entity-usage-not to hidden.

πŸ‡ΊπŸ‡ΈUnited States daceej

daceej β†’ created an issue.

πŸ‡ΊπŸ‡ΈUnited States daceej

Hi @yazzbe!

Thanks for the feature request!

I can tell you that this will not be included in the next release, however exposing all installed modules is something that is being planned for a future release.

Any additional information you can on your use case would be super useful as I'm also considering creating another module for pulling and aggregating data that vitals exposes.

πŸ‡ΊπŸ‡ΈUnited States daceej

This has come up again in https://www.drupal.org/project/vitals/issues/3474653 ✨ Report all installed modules Active .

Closing this issue in favor of carrying on the conversation over there.

πŸ‡ΊπŸ‡ΈUnited States daceej

@tijsdeboeck vitals_v2-2.png is perfect!

I'm going to add a "credits" section to the readme when I commit this. Do you have a preference on how I add your name?

πŸ‡ΊπŸ‡ΈUnited States daceej

@tijsdeboeck I'm open to the idea! I will reach out to you in the #vitals channel in the Drupal Slack. I am in the early planning phases for some changes to vitals to make it more robust and allow it to develop a better ecosystem. In fact, you have requested some of the features I'm trying to work in in previous issues :)

πŸ‡ΊπŸ‡ΈUnited States daceej

Committed! New release should be tagged in the coming days. I have one other issue I wish to include in the next release.

πŸ‡ΊπŸ‡ΈUnited States daceej

Working on getting this committed with a D11 release (apologies for the delay).

πŸ‡ΊπŸ‡ΈUnited States daceej

Hi @tijsdeboeck!

This is a great idea! Thanks so much for putting these together!

Of these I like vitals_v2.png the most.

Would you be willing to make one that is all black with a transparent background?

Using the current one for vitals extra could be neat because it would be the same logo just with the green graph, which would set it apart.

What do you think?

πŸ‡ΊπŸ‡ΈUnited States daceej

Patch has been committed and should be in a release here shortly!

πŸ‡ΊπŸ‡ΈUnited States daceej

Thank you for reporting (and the patch!!) @Glottus!

I will take a look and attempt to get an updated release out this weekend.

πŸ‡ΊπŸ‡ΈUnited States daceej

Hello @seeduardo!

Can you specify what sets Site Guardian apart from similar modules such as DRD, Vitals, and Monitoring on the product page and/or README?

It looks like the site_guardian_key will be exported as part of the Drupal configuration export. Many modules do this, but you may want to consider explicitly flagging this in the README or on the product page so that site maintainers can take actions as needed. Many site owners prefer to keep config items like this in environment variable or even directly in settings.php as an override.

The access check happening in checkActivationAndSiteGuardianKey() are potentially susceptible to timing attacks. The key comparison should be done using hash_equals() to mitigate.


    if ($savedKey && (empty($site_guardian_key) || $site_guardian_key != $savedKey)) {

      \Drupal::logger('site_guardian')->warning("Site Guardian request received but Site Guardian API access is denied.");

      return "Access denied";
    }

Finally, you should consider taking advantage of the Flood API. It looks like the module may currently open a site up to a brute force attacks while attempting to guess the key. Limiting the number of failed access checks via the Flood API would be a great way to mitigate that.

BTW - I am the maintainer of the Vitals module, which suffered from the exact same issues I'm flagging here. You can see the protections that vitals uses to address these concerns here.

πŸ‡ΊπŸ‡ΈUnited States daceej

Have not had much time to think through everything just yet. I have some projects that are wrapping up soon, so I should be able to devote some time to this shortly.

πŸ“Œ | Vitals | New release
πŸ‡ΊπŸ‡ΈUnited States daceej
πŸ‡ΊπŸ‡ΈUnited States daceej
πŸ‡ΊπŸ‡ΈUnited States daceej
πŸ“Œ | Vitals | New release
πŸ‡ΊπŸ‡ΈUnited States daceej

New tag for D10 will be cut in a few moments.

πŸ‡ΊπŸ‡ΈUnited States daceej

Committed!

New tag for D10 will be cut in a few moments.

Production build 0.71.5 2024