• Tutorial

    [Laravel tips] How to temporarily change a laravel environment variable without updating the .env file

    Imagine the following scenario: you are working on a laravel application that dispatches some jobs to a queue. You notice in your log file that a specific job is throwing an exception, but you can’t debug it directly (with dd() for instance), since the job is consumed by a worker elsewhere. One way to debug this issue would be to change the QUEUE_DRIVER environment variable in your .env file to sync, debug, and then revert back the change after you finish. Or imagine that you have a test database and you need to run the migrations on it first, and you’d need to update the .env file to use the…

  • Uncategorized

    [PoC] Partially random passwords: or how to protect users passwords from keyloggers with partially random passwords

    One of the issues we all face when we login to some online accounts especially on public computers, or on any computer that we do not own, is that there is always a risk to get our passwords stolen especially with keyloggers. If a hacker gets a “copy” of your password, she can log in to your account and do whatever she wants. As always, using 2 factor authentication can mitigate this issue, since the hacker needs to access your phone as well. But what if using 2FA is not an option, and we want to protect the user even in this case, can we detect,when the hacker tries to…

  • Tutorial

    [PoC] Password-Based user roles and triggers/actions (or how to use different passwords for multiple roles for the same account)

    We have all seen a movie or two where a villain forces some innocent people, to give him the password to access her ultra secret account (a nuclear facility, or a Swiss bank account), the villain ends up getting access to the account and transfers all the money to his own account, or launch a nuclear weapon. We have also all heard about authorities in some countries that force their citizens or even visitors to hand them their social media accounts and passwords. Usually the “victims” don’t have any choice and they end up providing their passwords. One way to prevent this is maybe to activate multi level authentication on…

  • Tutorial

    How to avoid duplicates when you insert hundreds of thousands of entries into the same MySQL table

    let’s assume that you are working on an application that requires all entries on a table (lets call it entries) to be unique. If we are writing our application with PHP/Laravel the migration (more precisely its up() method) of the table would look like this: public function up() { Schema::create('entries', function (Blueprint $table) { $table->increments('id'); $table->string('parameters_001')->nullable(); $table->string('parameters_002')->nullable(); $table->string('parameters_003')->nullable(); $table->string('parameters_004')->nullable(); $table->timestamps(); }); } One way to solve this issue (if not the most obvious one that comes to mind) is the following: use a simple check, create a method called isDuplicated($entry) that searches for the entry in the table, if it doesn’t exist insert it, otherwise, throw an exception. This method…