Where can I ask questions about the Banshee Framework?
Thanks
Hugo Leisink
5 December 2013, 10:51
Here. The Banshee website used to have its own forum. But since nobody uses Banshee, all I got was spam.
René
5 December 2013, 10:53
He replied in one second! GEEZ
Hugo Leisink
5 December 2013, 10:55
Yeah, I get a notification on my phone via Prowl [www.prowlapp.com] when a messages is posted.
Prowl rules. Any interesting event on my server, and I know it within a few seconds.
René
5 December 2013, 10:56
What is considered best practice to deploy the Banshee Framework on a production server?
Hugo Leisink
5 December 2013, 10:58
You have to be a bit more specific, otherwise the only thing I can do is refer you to the installation documentation [www.banshee-php.org].
René
5 December 2013, 11:01
Ok, let me think about this one. Be back later.
René
5 December 2013, 12:16
Just to get started. I want to create a real world web application with posts, comments and images. I don't want my password sent in clear text.
So ...
How do I redirect users to a secure login page? (https) How do I set the headers for cache-control, X-Content-Type-Options, X-Frame-Options and pragma for secure pages. What about CSRF ans XSS protection are they enabled by default?
Hugo Leisink
5 December 2013, 12:51
Banshee's login page uses challenge-response (if Javascript is enabled) to protect the password, even if HTTP is used.
Simply use a https:// link to redirect to a secure login page. You can also use the RequireSSL option to force the usage of HTTPS for the entire website. Extra headers have to be set manually, via for example public/index.php. Banshee has built-in protection against XSS. CSRF protection is also included, but only if the client doesn't block the Referer header. In that case a warning is shown that the client is vulnerable for CSRF-attacks.
René
5 December 2013, 13:34
After these changes I can use Banshee in production?
René
5 December 2013, 14:12
Banshee's login page uses challenge-response (if Javascript is enabled) to protect the password, even if HTTP is used.
Most of them shared hosting companies don't offer ssl. People with shared hosting can use Banshee?
Hugo Leisink
5 December 2013, 22:34
Even without those changes, you can use Banshee in production.
I don't guarantee that Banshee will work with all shared hosting environments, but I have deploited it successfully on two of them.