Yes, anything in your wrangler.toml is safe to commit
Yes, anything in your wrangler.toml is safe to commit
JFor secrets, you should use
wrangler secret putsecretswrangler-action
MThat answers it, thank you!
JSome examples from official Cloudflare repos, just in case: https://github.com/cloudflare/workers-sdk/blob/main/packages/edge-preview-authenticated-proxy/wrangler.toml 
MAwesome! I was just wondering cause I need separated environments + CI/CD, that will work for sure!
SWe're trying to use Hyperdrive, but our team previously had an enterprise contract with Cloudflare, so Workers has a custom plan and it's not available. But when I ask support, they never reply. What's going on?!
SI explained the custom plan a few times, but my support person only replied like an AI chat bot, and after a few replies, no response. CAN ANYONE REALLY HELP ME???
EWhats the ticket number?
S@Erisa | Support Engineer
#2977253As mentioned in the ticket, my guess is that it should just work to revert changes around custom plan that were not cleaned up well 
S
EYeah I see that now, sorry for the runaround I am looking into it
E@smorimoto Sorry that such a mess was made of your Enterprise downgrade, I've forwarded the ticket to the team who help with executing these along with instructions on what actions they need to take.
As it's currently out of hours for myself I will also follow up with a manager in working hours on Monday so I can see what we can do to hurry this along
As it's currently out of hours for myself I will also follow up with a manager in working hours on Monday so I can see what we can do to hurry this along
EI work with the Enterprise support team and will keep myself on the ticket to make sure it's correctly handled
SThank you! We were going to do the Enterprise contract again, but to be very honest, we were very cautious because of the ticket. You definitely made me feel positive again!
SIt's probably not a small deal for APAC, especially in Japan, and if it goes well, just hype up your great work! I will definitely sponsor that
JIs there a way to ignore the "cancelled" status when a user starts an ajax request but closes the browser before it gets a response? Essentially, I just want the worker script to continue doing what it's doing, and just not send anything back if the user is no longer there
Rwhat package can I use to encrypt password in workers? does node bcrypt works in workers?
Jworker scripts have access to some web crypto libraries built in
JThe Web Crypto API provides a set of low-level functions for common cryptographic tasks. The Workers Runtime implements the full surface of this API, …
JSo you could save a SHA-256 hash of their password, and then compare what they enter to the SHA-256 hash you save in a KV
Rshould I use SHA-256 for password hashing? ChatGPT -> "SHA-256 is not suitable for securely hashing passwords because it is too fast and does not incorporate additional security measures like salting and iteration."
Jthat's a decision you will have to make on your own
Rthere used to be a airtable page where there are tested lists of packages that works with workers, do any of you know the link? I can't find it!
CIt got removed because it was unmaintained. I use bycryptjs for passwords with my workers
ROh ok, thanks!
UI also use bcryptjs 
its easiest to get on workers but also interestingly there was some conversation on some laravel thing about how its better than argon2 but I dont know anything about passwords to know whats better really 
its easiest to get on workers but also interestingly there was some conversation on some laravel thing about how its better than argon2 but I dont know anything about passwords to know whats better really Uhttps://github.com/laravel/laravel/pull/6245#issuecomment-1730504804
To summarize, even some of the PHC judges acknowledge that, in order to achieve auth speeds in alignment with UX tolerance studies (500ms to 1 second of auth delay per user), both the Argon2 family and scrypt have to be tuned "downward" so much that they end up being less resistant to offline attack than bcrypt at equivalent auth speeds(!)
UIm aware of what owasp recommends and im sure the maintainers of laravel are aware also but it seems they have information from people who run phc that argon isnt better unless > 1 second runtime
UBut take that information how you want 
any of the options will be fine regardless
any of the options will be fine regardless
Uhttps://twitter.com/jmgosney/status/1508435966234611714 he still seems to argue bcrypt over argon in 2022
S@Petter That looks really interesting. A concern of mine is that bcrypt.js on workers would be too slow to have decent work factor. Did you do any performance testing with your Argon2 worker? (with the OWASP suggested config for Argon2id - interation count 2, memory 19Mib)
Cloudflare crypto has native support for PBKDF2, so I was considering that too (it's not the OWASP preference, but is mentioned as an alternative).
Cloudflare crypto has native support for PBKDF2, so I was considering that too (it's not the OWASP preference, but is mentioned as an alternative).
KPBKDF2 is currently limited to 100,000 iterations on Workers, fyi
UA like 12 or 13 cost bcrypt runs in 500ms and is plenty for the cost value
SArgh. Thanks for the info, that's a pretty good argument against PBKDF2 given OSWAP suggests 600,000+.
And thanks @Unsmart | Tech debt yes, 12 or 13 should be fine, and 500ms seems reasonable.
And thanks @Unsmart | Tech debt yes, 12 or 13 should be fine, and 500ms seems reasonable.
Swhat's the best way to use fetch with a proxy from a Worker?
Scan't find any proxy providers that support a dedicated IP with an API endpoint
Bis there any way to create folders in the dashboard where all workers and pages are listed so to group them by projects?
CUnfortunately not
Bis this something in the roadmap? I thought this is something that most people would want to use. or am I being biased? now when I heavily use cloudflare for many small projects I spent a lot of time finding my workers and pages.
TYou are one pages project and few API calls away from it
Dyou mean like a SOCKS-like proxy service that works with Workers?
Syeah through HTTPS endpoint that has dedicated IP support
S"that has dedicated IP support" this is the part I can't find
