Is there an upper limit to the damage that Eldritch Smite can deal?

The Eldritch Invocation "Eldritch Smite" says the following:

Eldritch Smite

Prerequisite: 5th level, Pact of the Blade feature

Once per turn when you hit a creature with your pact weapon, you can expend a warlock spell slot to deal an extra 1d8 force damage to the target, plus another 1d8 per level of the spell slot, and you can knock the target prone if it is Huge or smaller.

Unlike a paladin’s Divine Smite, which says "to a maximum of 5d8", Eldritch Smite says no such thing, so does that mean that a Warlock 5/Sorcerer 15 can use an 8th level spell slot to deal 9d8 damage using Eldritch Smite?


Related: What is the damage dealt by Eldritch Smite?

How can we limit access to a single computer?

We would like to limit access to a web server (and eventually other services on the computer) to individuals that have been authorized access. Of course we don’t trust passwords so we think certificates are the right answer.

There are hundreds of these servers. Access to any one server should NOT provide access to any other server. The access should be to only the single server. (Access will also be time limited for additional security).

How can we implement these security requirements?

We are currently on a path that would involve creating individual CAs for each server. The server would require mutual authentication for the server and client. The server and client certs would be signed by the unique CA for each server.

Is there an alternative? Perhaps one that does not involve creating many CAs?

Thanks for you advice.

FYI — The servers are all running Linux.

Are Javascript closures a useful technique to limit exposing data to XSS?

I’m wondering if using Javascript closures is a useful technique to limit exposing data to XSS? I realize it wouldn’t prevent an attack, but would it reliably make an attack more difficult to execute, or would it only make my code more irritating to write and read (a waste of time)?

I got the idea from the Auth0 documentation regarding storing OAuth/OIDC tokens. It reads:

Auth0 recommends storing tokens in browser memory as the most secure option. Using Web Workers to handle the transmission and storage of tokens is the best way to protect the tokens, as Web Workers run in a separate global scope than the rest of the application. Use Auth0 SPA SDK whose default storage option is in-memory storage leveraging Web Workers.

If you cannot use Web Workers, Auth0 recommends as an alternative that you use JavaScript closures to emulate private methods.

I can see how this is better than just putting the token or other sensitive information in localstorage. In localstorage an XSS attack needs only to execute localStorage.token to get the token.

Now, if you’re not familiar with tokens just apply this reasoning to any sensitive to information. In my case I want to build a client-side cache mapping user IDs to usernames for an administrative interface, but I realize that client IDs and usernames are somewhat sensitive, so I wondered if I could "hide" the data.

Need to limit the previous/next post links to current author editing post

I installed a plugin to be able to display a previous post / next post option in the backend, in the post edit screen. However the code does this for all posts and we really would like to build in a restriction.

I would like to restrict the links to point only to the posts made by the logged in (current) user editing his/her own post at that moment.

The code I would like to alter is this (I already added a current user variable, in case I’d need it)

add_action('admin_print_footer_scripts','amm_edit_next_prev_post_button'); function amm_edit_next_prev_post_button(){     $  screen = get_current_screen();     //echo "<pre>";     //print_r($  screen);     $  supported_types = array('page', 'post');     if( strpos($  screen->parent_file, 'edit.php') !== FALSE && in_array($  screen->id, $  supported_types) && in_array($  screen->post_type, $  supported_types) && $  screen->action != 'add'){         //Prev-Next are arranged acc. to post table so switched next to prev and prev to next         $  next_post = get_previous_post();         $  previous_post = get_next_post();         $  current_user = wp_get_current_user();         ?>             <!--<style>body{background-color:red !important}</style>-->             <script>                 if(window.jQuery) {                     jQuery(document).ready(function($  ) {                         $  (window).load(function() {                              var is_next_post_available = '<?php echo ($  next_post->ID) ? true : false ?>';                             var is_prev_post_available = '<?php echo ($  previous_post->ID) ? true : false ?>'; 

I did some researching and fond this but would be hesitant if I can combine these two ? Modify previous and next post links to current Authors Other posts

Limit custom post type to the authors only on front-end!

I’m trying to limit the custom-post-types to their authors excluding administers on the homepage. This is how the code looks like on the homepage.php

  <?php             $  args = array(           'post_type' => 'project',           'post_status' => 'publish'           );            $  post_query = new WP_Query ( $  args ); ?>            <?php while($  post_query->have_posts()):$  post_query->the_post(); ?>       //display post type content            <?php endwhile; ?> <?php wp_reset_postdata(); ?> 

I tried using the code below, that almost achieved what i wanted but it is giving an unusual 404 error instead of the homepage for the new users(authors) but works absolutely fine when logged-in as administrator or from old author’s profile before adding this code.

// limit post display to post authors function limit_post_to_only_author($  query) {     global $  current_user;     if (!current_user_can('manage_options')) {         $  query->set('author', $  current_user->ID);     } } add_action('pre_get_posts', 'limit_post_to_only_author'); 

I’ve posted a question with detailed explanation about the issue that the above code is causing here. but would prefer a solution to limit the post to authors on the frontend…

Is there a limit to total number of CAPTCHA tries? Is same proxy used for all tries?

I know some systems have a limit and will lock out a user after x CAPTCHA fails.
But…I also know that this might only affect things if one proxy is used for consecutive solve attempts on fails. Which way does SER handle consecutive solve attempts: same proxy or different?
AND, if same proxy is used, what’s the highest number of total tries suggested?  I have used various external solvers, and even the ones at the end of the list seem to get used, so it seems having a high number of tries does work.
Thanks…

How to proof that Turing machine that can move right only a limit number of steps is not equal to normal Turing machine

I need to prove that a Turing machine that can move only k steps on the tape after the last latter of the input word is not equal to a normal Turning machine.

My idea is that given a finite input with a finite alphabet the limited machine can write only a finite number of “outputs” on the tape while a normal Turing machine has infinite tape so it can write infinite “outputs” but I have no idea how to make it a formal proof.

any help will be appreciated.

Is there a way to limit cookies to certain hosts in HTTP?

Using Nginx, I hope to restrict the permissible hosts for cookies. My initial intention was to employ a Content Security Policy for this purpose, but I don’t see an obvious way to do this via a CSP. Ideally I’d find something like

Restrict-Cookies-Header: hostname1.tld hostname2.tld2 

Can something like this be accomplished with HTTP headers? Thanks!