aerocirno

As some advice use utf8mb4 and utf8_unicode_520_ci as your charset and collation in your queries please, the old utf8 doesn't fully support UTF-8 characters exceeding three bytes like emoji and just cuts them off which can impose a potential security hazard to my knowledge.

I happened to notice this when messing with a database a while ago, that my tables were seemingly not inserting as InnoDB engine despite my .sql file having no errors (testing at home was fine with no changes to the database server). Instead they inserted as MyISAM as if it was just ignoring the engine part of the table creation altogether... This was a while ago, so I might test it later and see whether it was just a problem with me doing something stupid but I seem to also recall basic emoji breaking despite using utf8mb4 and utf8mb4_unicode_520_ci in my database... Don't take this as something to look at right now until I can update with more details. ----EDIT---- I found out InnoDB is blocked on free hosting (only finding out from a GitHub issue that someone pasted a ticket response in a reply) and any instances of it are rewritten to use MyISAM internally as a result. Is there any particular reasoning behind that, especially given more and more scripts are going to be likely to drop MyISAM in the future due to it being a much older standard?

LE has limitations for verification that would be impossible to implement on free hosting automatically on registration and/or under subdomain names. Depending on how LE works, and the server configuration here, can't users who pay for their own domains and link them to free hosting (which is far more common than the latter for legitimate individuals) have the ability to somehow "temporarily disable" aes.js protection for certain things like the LetsEncrypt validator, and other such things (maybe for 12 hours per month would be a reasonable term)? I recall some time ago (probably 6 months now maybe?) trying to add a TLS certificate for an owned domain through COMODO manually and it didn't have any way to verify ownership that would work. Given modern steps to ensure your sites are taken seriously on the first hit (regardless of where it's hosted) include having a valid TLS connection, this would be a reasonably good compromise to the suggestion. On an unrelated note, it is worth mentioning that MySQL on the free hosting is forcing MyISAM for tables right now and won't accept 4-byte characters despite me forcing it to. Something odd is up...