Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
All posts by Pramod T P
flush Cache Command Line Magento 2
php bin/magento cache:flush
php bin/magento cache:clean
Magento 2 Reindexing
php bin/magento indexer:reindex
Execute Magento Cron MageRun
Run the following command
/var/lib/n98-magerun/n98-magerun.phar sys:cron:run JOBCODE
List All The Crons MageRun
Run the command from terminal
/var/lib/n98-magerun/n98-magerun.phar sys:cron:list
Difference Between REST and SOAP
Simple Object Access Protocol (SOAP) standard an XML language defining a message architecture and message formats, is used by Web services it contain a description of the operations. WSDL is an XML-based language for describing Web services and how to access them. will run on SMTP,HTTP,FTP etc. Requires middleware support, well defined mechanisam to define services like WSDL+XSD, WS-Policy SOAP will return XML based data
REST Representational State Transfer (RESTful) web services. they are second generation Web Services. RESTful web services, communicate via HTTP than SOAP-based services and do not require XML messages or WSDL service-API definitions. for REST no middleware is required only HTTP support is needed.WADL Standard, REST can return XML, plain text, JSON, HTML etc
REST is almost always going to be faster. The main advantage of SOAP is that it provides a mechanism for services to describe themselves to clients, and to advertise their existence.
REST is much more lightweight and can be implemented using almost any tool, leading to lower bandwidth and shorter learning curve. However, the clients have to know what to send and what to expect.
In general, When you’re publishing an API to the outside world that is either complex or likely to change, SOAP will be more useful. Other than that, REST is usually the better option.
Difference between cache:clean and cache:flush Magneto 2
Typically, cache:clean deletes all enabled cache related to magento whereas cache:flush deletes the whole cache storage, whether its magento cache or any third party cache (whether enabled or disabled)
Where does all core modules are located in Magento2?
They are under vendor/magento folder.
Put site into a developer mode Magento2
In order to do this, open your terminal and go to the Magento 2 root. From there you should run the following command:
php bin/magento deploy:mode:set developer
SFTP User Creation CentOs
Step 1. Crate Group
groupadd sftponly
Step 2. Create user account
useradd -d /home/sftp/MYUSER -s /bin/false -G sftponly MYUSER
Step 3. Create a password for your username.
passwd MYUSER
Step 4. Ensure the following line is commented out in your sshd configuration file ( File Location: /etc/ssh/sshd_config )
# Edit the sshd_config file which holds the SSH/SFTP configuration
vi /etc/ssh/sshd_config
# Ensure this below Line has a hash symbol, # in front of it
#Subsystem sftp /usr/lib/openssh/sftp-server
# Ensure that this below line is added directly below the line you just commented out with a hash symbol #
Subsystem sftp internal-sftp
Step 5. Add the following to the bottom of the same file (it must be at the very bottom)
Match Group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
Step 6. Test the changes with sshd before restarting the service, please note it’s important you do this correctly, or may break your sshd configuration
sshd -t
service sshd restart
Step 7. Give proper ownership to the newly created folder
chown root:root /home/sftp/MYUSER
Step 8. Test SFTP credential is working:
# Connect to SFTP using the myuser, replace myuser with the user you’ve chosen
sftp myuser@localhost
myuser@localhost’s password: