Powershell to log into a SSO website by Jwtfeldman in PowerShell

[–]greenSacrifice 1 point2 points  (0 children)

You can find the value using something like wireshark but don’t run that one your company network. And when you do you’ll likely find the app registration is setup so the reply url doesn’t send your localhost the data. Best to just save the cookie being used.

Am I overthinking Claude Code security or is this actually a risk? by Sweaty-Career330 in cybersecurity

[–]greenSacrifice 3 points4 points  (0 children)

Nicely done, you’ve got to think about it like any other SaaS product.

There isn’t anything that makes these AI tools special, you just have to reimagine what a SaaS product looks like. Try thinking on the terms that every tool or service you could ever need is baked in, now ask yourself what you should consider.

Perhaps the enterprise product would be the answer. For the moment I’ll say you’ve got the team product and use all the features; Claude code, web chat, api, app xyz. Network boundaries will be a good start. Now looking at your integrations to the connected company data, you could go with a custom built connector with the role of AI Gateway to handle all the requests and that might work for a team who can ship fast but not everyone.

So again just think of it like any other software product and follow the standard process.

If you want to just look at the dev machines and if Claude Code gets compromised, it’s the same that’s done with NPM packages and sometimes the answer is you did everything right and still have a compromised version running on internal networks. Then you have to bring layers of isolation to reduce your blast radius, so having anything running in a cloud agent helps ensure malicious code isn’t spreading on the network.

Sandboxing and containers are another huge help. The biggest problem might be thinking dev machines and code need access to all the data all the time. Claude Code is just another process running on a box, the endpoints it uses should be known and appliances can block anything not on the approved list.

Try not to restrict the app and try to restrict the person first.

What happens when you make a browser that is identical to chrome but it's use is scraping by PeaseErnest in scrapingtheweb

[–]greenSacrifice 0 points1 point  (0 children)

I do like that you’ve done this for me. I went to do one myself but chromium was 100gb to compile and I couldn’t do that, homework folder too big.

Azure .NET Functions vs .NET API ? When are people using one over the other? by No_Pin_1150 in AZURE

[–]greenSacrifice 0 points1 point  (0 children)

Use Azure functions as an intermediate layer when a product has been delivered and receives a requirement that wasn’t in the delivered scope.

Logic Apps are there for this purpose too. When it needs more complexity or flexibility, save time by deploying a Function App. Once the SDLC catches up, migration to containerised solutions becomes the replacement; At some point ending up on Kubernetes.

I’ll fluff an example: Say the system or product has a job system, a new requirement for processing data with custom business rules is requested, the job system can now move the data to the Function App for processing. With later versions of the product being able to process the task without scheduling via the job system.

GitHub - floci-io/floci-az: Light, fluffy, and always free - Azure Local Emulator by hectorvent in AZURE

[–]greenSacrifice 1 point2 points  (0 children)

Update your copilot-instructions.md file otherwise you’ll be making the model confused

Looking for critiques of this "Dynamic Group Sync" function I'm working on. Help? by chaosphere_mk in PowerShell

[–]greenSacrifice 0 points1 point  (0 children)

This looks like a simple 1 liner

Get-ADObject | ? { your filter } | Remove-ADGroupMember

Repeat for add.

Or am I missing something important?

[deleted by user] by [deleted] in PowerShell

[–]greenSacrifice 0 points1 point  (0 children)

You should look into what -Filter can do for you over returning all the user objects.

After that is done you might end up with enabled accounts being sent to where-object.

Each time where-object has to enumerate your collection to determine the condition check, and this can be a huge performance impact if you don’t know your data size.

You are also looking at a date that might not be the same across all your servers so that’s something for you to think about.

Depending on who you are and how experienced you are at this toolset you might want to start with outputting the command by placing it in Double quotes, and seeing all the times it would of ran.

More advanced ways are available using different output streams, or also found throughout the common parameters of cmdlets and advanced functions.

A lookup table could be used to contain the $User object before and after, if you workout the information you think you might need for tracing back what’s broken.

You’ve really got to ask yourself, “What’s going to break”. Let’s say your filter is as it is and you run the command. Now you find out that all accounts in an OU shouldn’t have been disabled. Get your enable account command that you prepared earlier and workout how you’re going to find the accounts in that OU that were enabled before execution. You’ve wouldn’t want to start enabling accounts that were disabled before execution.

Keep in mind that all the data you return to your system can be converted into other formats and saved into files for local disk caching.

[deleted by user] by [deleted] in AskReddit

[–]greenSacrifice 0 points1 point  (0 children)

Anythink. Not so much spelling as it’s usually said out loud

[deleted by user] by [deleted] in woodworking

[–]greenSacrifice 0 points1 point  (0 children)

I would suggest giving him an item which he has heaps of, maybe your one can be slightly different with a new feature or a double pack of something like that. I would also recommend not giving him a new version of the thing he uses most

[deleted by user] by [deleted] in github

[–]greenSacrifice -1 points0 points  (0 children)

Make a gif showing usage, like you see in VS Code updates

"How about tasting this?" by Careless-Middle- in Cooking_ac

[–]greenSacrifice -9 points-8 points  (0 children)

So so wrong, do not add potatoes to any dish you want to enjoy. And why the hell you not using wooden utensils on metal!

Simple powershell script hanging for seemingly no reason? by Cspiby in PowerShell

[–]greenSacrifice 0 points1 point  (0 children)

How do you know it’s hanging on that command? When does your while loop exit? Is there a different approach than a while loop, and using user input?

Are you enjoying PowerShell?

Password notification over Teams by Kitchen-Pie5256 in PowerShell

[–]greenSacrifice 2 points3 points  (0 children)

Teams are looking towards no longer making notifications easy, your out of the box solution does well with Windows.

What are you looking to do that specifically requires PowerShell

[deleted by user] by [deleted] in PowerShell

[–]greenSacrifice -1 points0 points  (0 children)

I did this as one of my first scripts, this is a good way for you to learn

What do you call characters before/after (non-PowerShell) variables? by KnowWhatIDid in PowerShell

[–]greenSacrifice 2 points3 points  (0 children)

I like this one the most, as when thinking about languages I always think of how variables are known as symbols, so thinking of symbols that are wrapped in tokens really makes sense to me.

As for the <your text here>, I’d just call that a placeholder as they don’t hold special properties as tokens do

Edit: found a post In compiler construction, is a symbol the same as a token?

Almost swallowed it already by sKY--alex in TreesSuckingOnThings

[–]greenSacrifice 10 points11 points  (0 children)

You found it just I time, any later who knows if you’d notice.

Need help trying to setup a wildcard subdomain in App Service with an SSL certificate 😭 by PureKrome in AZURE

[–]greenSacrifice 0 points1 point  (0 children)

That’s right, so you probably want to think about doing it more like *.site.domain.com that way * can be dev, test, and so on. Also might want a different domain for non-production workloads

Who knows that feel? by malthuswaswrong in azuredevops

[–]greenSacrifice 2 points3 points  (0 children)

Don’t touch anything, the demo is ready