Over the last view weeks we have gotten a lot of questions about how to upgrade the old Wizkunde WebSSO extension now that Wizkunde is no longer existing. We wanted to reach out to you and give you an update and provide you the best way to receive the new GoGento version for your Magento platform.
The GoGento extension has been rewritten from the ground up and therefor its not a matter of replacing your old extension with the new one. The old extension was very dynamic and allowed customers to create a very generic SSO connection suitable for most identity providers with either SAML2 or OAuth2 as its protocol.
This solution caused a lot of support cases and often required a lot of help from us to get the SSO connection going, because it was quite a technical process.
We wanted to strongly simplify the way the integration was setup and still make it possible to customize the way
So you are either looking for the best way to provide versioning for your extensions or maybe you do have a working versioning system and are looking for ways to improve it. This blog gives you our perspective on future-proof extension versioning. It does not matter if you develop extensions for Magento 2, WordPress, Drupal or any other third-party platform. This Semantic Versioning Model allows you to build a bulletproof solution which will work properly for years. It is designed to be able to be linked to the versioning of the platform, allowing customers to stay up to date without having to worry about installing a version which breaks due to platform incompatibility
Many companies allow their customers to see / manage the docker containers by allowing them to be in the docker group. After all, tts very easy to say "Just hop on to the php container to do your work".
Due to the way docker works, the docker engine needs escalated privileges to manage its containers and that means, anyone in the docker group, effectively has root access to the server.
Your customer might not know this, but malicious users, who can beg, steal and borrow your customers ssh credentials, most definitely will.
In our example, we've given our user sudo rights, but effectively you can achieve everything, including spionage.
As an actual recent case, i had to modify SSH information to allow PasswordAuthentication and to force the server to reboot.
To force the host to reboot from a container, you can add: -v /dev:/dev:rw