Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 29 22:35
    HeyJoel closed #294
  • Jan 29 22:35
    HeyJoel commented #294
  • Jan 24 12:13
    HeyJoel closed #297
  • Jan 24 12:13
    HeyJoel commented #297
  • Jan 24 12:11
    HeyJoel commented #296
  • Jan 24 10:58
    HeyJoel milestoned #296
  • Jan 24 10:58
    HeyJoel labeled #296
  • Jan 23 11:24
    ernestoSerra commented #296
  • Jan 22 21:44
    HeyJoel commented #150
  • Jan 22 16:46
    j7rowan commented #150
  • Jan 21 12:28
    HeyJoel commented #297
  • Jan 21 12:28
    HeyJoel commented #297
  • Jan 21 12:08
    Enlatic commented #297
  • Jan 21 12:03
    HeyJoel commented #294
  • Jan 21 11:55
    HeyJoel commented #297
  • Jan 21 11:55
    Enlatic commented #297
  • Jan 21 11:49
    HeyJoel commented #297
  • Jan 21 11:47
    Enlatic edited #297
  • Jan 21 11:46
    Enlatic edited #297
  • Jan 21 11:45
    HeyJoel commented #296
IO
@Rajanflair
HI @everyone.
jaymel.tapel@gmail.com
@jaymel-tapel
Hi everyone. Can someone explain to me how secure is Cofoundry?
Joel Mitchell
@HeyJoel

Hi Jaymel, we don't have any security audits in place yet but we have developed Cofoundry with security in mind, e.g:

  • we have a robust CQS layer for data access that prevents mass assignment and permissions are validated at the query/command level to ensure they are always enforced no matter where you call them from.
  • For user accounts we an upgradable salted strong hash and we have failed login attempt logging/blocking to prevent enumeration attacks.
  • At the data access level we use EF or parameterized stored procs to prevent SQL injection attacks
  • Although we don't get involved in your front-end code we do have (and promote use of) an html sanitizer to prevent XSS attacks.

I'm actually working on some additional features in this area for the next release, such as configurable password complexity policies per user area.

Is there a particular aspect of security you're interested in?

Joel Mitchell
@HeyJoel
Oh and you can also configure the admin panel to run on a specific (obscured) path to make it more difficult to find, or disable it entirely on your public facing website and host the admin panel on a private server.
Jon
@jonaldo_gitlab
Hi @HeyJoel do you know when the next version(s) might be coming out? :)
Joel Mitchell
@HeyJoel
Hey @jonaldo_gitlab sorry I missed your message, the gitter notification went into my junk mail for some reason. I haven't much news on the next update unfortunately, I've been a bit busy with other projects recently. Having said that I have managed to put a lot of work into the design of user areas that works a base for much of the changes that will be in v0.7 and pretty much finished #215 along with an extensive sample. There's still a lot of work to do though, but I'm eager to get 0.7 out of the way as there's some cool stuff to look forward to in v0.8.
Does anyone else find gitter notifications unreliable?
CharlstonMann
@CharlstonMann
Good afternoon I am looking for a way to take my datamodel and add it to the database
Joel Mitchell
@HeyJoel
Hi @CharlstonMann , I'm not sure what you mean, do you mean a custom entity data model?
Hisham Bin Ateya
@hishamco
Hi @HeyJoel I just replied to the Localization issue
We may chat in private for more details about the Cofoundry & Localization
Joel Mitchell
@HeyJoel
Hi @hishamco thanks for getting in touch. Unfortunately I'm on a contract right now and don't have time to dedicate to a full exploration of the localization feature. I'd suggest getting familiar with Cofoundry and the way the feature works as currently implemented and share with us any limitations of the current design and also perhaps some typical scenarios with localized sites you've developed. I don't think the implementation will be particularly difficult, but for me the tricky part is getting the design right and typically the devil is in the details and edge cases.
Simon Novak
@snovak7
I agree with this. I can give you some use cases I have, which have made me not to use any CMS at all, if you want to think about that. Mostly in Routing part.
Joel Mitchell
@HeyJoel

thanks @snovak7 that would be really useful. For me an example would be that we did a site for a food product which had 8 locale variations. For us some of the tricky aspects were that some of the designs for the locales had to be very different and in some parts required very specific templates that were locale specific. For the product nutritional information the format was very specific to a locale for legal reasons which made it impossible to content manage - this had to be hard coded and updated by the dev team.

For routing we just used the format example.com/en-gb, but we linked out to some sites that were managed by other local agencies under different domains e.g. example.co.uk.

So for this site each locale had a different set of pages e.g. /en-au/what-we-make/, /fr-be/nos-produits/. I've not worked on a site that used the same pages with simple translation of content regions but I presume it does happen.

Hisham Bin Ateya
@hishamco
Thanks guys .. hope to see some Localization stuff soon
@HeyJoel please ping me in private whenever you are online
Simon Novak
@snovak7
Well I have cases like when you have more domains, and my local language has .si domain, but other locale/language is .com, and german is under .com/de this is my most wicked I have one so far
Simon Novak
@snovak7
So I guess my idea would be that there is some kind of table which has columns: domain, prefix, alias (slug, url), I don't know internals of Cofoundry, this being most simple...
Hisham Bin Ateya
@hishamco
@snovak7 we can't cover all the cases now, but I will struggle to make Cofoundry has a great localization support
Hisham Bin Ateya
@hishamco
@HeyJoel I just saw the contribution doc, seems you are not accepting PRO
Am I right?
Simon Novak
@snovak7
@hishamco no worries
Hisham Bin Ateya
@hishamco
That's why I saw only one contributor
@snovak7 it's OK
Joel Mitchell
@HeyJoel
@snovak7 thanks for the feedback. @hishamco the contributing doc is correct, we are not accepting PRs yet. It is on the radar, but is dependent on getting the funding in place to support the process. We don't want to open up for PR's if we can't budget the time to effectively provide design support, code review and PR management, as it's not really fair to those committing their time to the project.
Hisham Bin Ateya
@hishamco
I understand what you talked about .. but this miss many of OSS projects
All the best ..
jaymel.tapel@gmail.com
@jaymel-tapel
@HeyJoel Thanks for response last time. I really appreciate it. Keep up the good work! Anyway, I have a question, how do we do file upload of documents for cofoundry? Like for a contact us form with an attached pdf. I want it to appear on the documents page of the cms. Is that possible? Thank you
Joel Mitchell
@HeyJoel
Hi @jaymel-tapel , can you add that as an issue? I'm busy today but I might get a chance to look at it tonight. If you fancy digging around you can look into DocumentAssetRepository or DocumentsApiController.
KillerKiwi
@Killerkiwi2005
Hello, is it possible to have an EntityDefinition for a sql table based on a model instead of JSON storage ?
Joel Mitchell
@HeyJoel
@Killerkiwi2005 you mean like a GUI over EF? No, but it has been mentioned before as something i think you get in one of the python frameworks. It's a neat idea, but could be tricky to implement beyond the simple scenarios e.g. relations, editors for many-to-many connections, uniqueness constraints etc. Doable i shoud think
KillerKiwi
@Killerkiwi2005
@HeyJoel We have been using UiOMatic https://github.com/TimGeyssens/UIOMatic in umbraco and its great for a quick admin UI... we are looking for some thing similar on .net core
Joel Mitchell
@HeyJoel
That's neat, i like the idea but it's not something we'll be able to implement any time soon.
Jon
@jonaldo_gitlab
Hi @HeyJoel I can well appreciate you are really, really busy but I was wondering if you know when the next release(s) will be made for Cofoundry?
Joel Mitchell
@HeyJoel
Hi @jonaldo_gitlab as you can probably tell, things have been a bit quiet recently. Unfortunately the company that was generously sponsoring us are no longer able to commit funds, so I've been busy on contract work instead of working on Cofoundry. Steve and I, the project owners, have been working on a new sponsor opportunity, but so far that has not come to fruition.
Having said that, there's a couple of release branches in development, one of which is quite close to being release ready so I might get some time this month to finish that off.
I was going to write a blog post to cover all this stuff, but the workloads been a bit crazy over the last two months and I haven't had time to put that together. Hopefully I can get something our the door this month
Jon
@jonaldo_gitlab
Totally understand @HeyJoel and I really appreciate the effort you've put into Cofoundry it really is a credit to you both! :)
Mohamed Usama
@moe-uxa

Hi @HeyJoel I know you are super busy these days regarding the sponsoring condition you mentioned above, I hope you find a good partner soon and of course you are welcome anytime to ask the community for support, we're all supporting your project because it's really great.

if you got some time, I have an issue with working on admin panel on all mac machines both safari and chrome, it always shows "Uncaught ReferenceError: angular is not defined" errors in the console, I've tried to unbundle the shared files and it worked well but that was for trial purpose as every module throws its own bundles on runtime so I couldn't generalize this solution.

Joel Mitchell
@HeyJoel

Thanks @moe-uxa, with regards to your issue, can you post that to our issue log? It sounds like a similar issue to what we might have seen before with using browser sync or application insights where the auto-injected code mangles our script tags, but I don't see any past issues relating to that, I'm pretty sure we were able to resolve the browser sync one at least.

Some follow-up questions:

  • If it fails on mac, do you know if it work on any other platform or browser?
  • Has it worked before and only just started not working? If so, what changed?
  • Do you have application insights running?
  • If possible can you look at the code and locate the Cofoundry script tags at the bottom of the page and paste them into the issue so we can see if they are being rendered correctly
Mohammad Anouti
@manouti1
any video tutorials?
Joel Mitchell
@HeyJoel
Sorry @manouti1 , no video tutorials yet.
jaymel.tapel@gmail.com
@jaymel-tapel
Is it possible to create a login and signup system separate from the admin login functionality?
Joel Mitchell
@HeyJoel
Yes, check out User Areas. The SPA Site sample has a separate user area implementation. We're also working on an upcoming release that has more user area features
jaymel.tapel@gmail.com
@jaymel-tapel
Thanks Joel. I'll check that out.
mohamed ahmed
@midoo_mada_twitter
is cofoundry support workflow ? (document managment system)
Joel Mitchell
@HeyJoel
@midoo_mada_twitter there's issue #139 open that covers workflow, so no there's nothing yet, but if you want to add any additional requirements to that issue it might be helpful.
Alwin Meijboom
@ameijboom_gitlab
is it possible to use MySQL with CoFoundry?
I can't seem to find anything about it on the docs, although that could just be me
Joel Mitchell
@HeyJoel
It's not possible to use mysql, see issue #171. If we choose to support another db it will likely be postgres and will depend on funding for us to be able to support the additional db.