Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
Any thoughts on how specific API response messages should be?
I'm looking at this from a Security perspective related to validating on data types.
Say my API requires string for an id and that my server validates the type - if not a string, should I response with something like.."Field must be of type string?".
This can be convenient to users who brushed by the documentation as it'll be a simple fix on their client code, but what about hackers?
They can kinda fish for information through these responses to learn more about the API inputs. I.e. they can input any random data and then find out the API only takes string which can help them even further.
Any thoughts on this?
Hiding things is never a good way to provide security.
You should provide as many details as possible about errors so you can help people work with your API. Your implementation should do every needed checks to ensure input data are safe.
Only specific point : do not throw errors like "Email does not exist in db" as it leaks information about your data.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
So as researching websockets has shown me I should be using 1 websocket for all my needs. The problem with this is that my application sends many different message types and receives many different message types.
So for example I could be getting back data on a document, user, some settings, a chat message, etc. So I have MANY different message types and my onMessage on both server and client sides are getting messy with if statements to deal with the different messages.
So my question is what is a good way of dealing with this, whats the best coding practice.
If you have a lot of different types of messages coming in why don't you make a script that has a function to deal with the payload's content. Since you have different messages types you will have to account for different types of payloads. Write a function in another file and import it into your socket file and it will be used to evaluate the payload and give an appropriate response. Tailor this function might take some work.
I have used sockets in a few projects and sockets on both front and back end only listen or emit. I try to keep other logic separate so my code is more modular. Hope this helps also can you show an example of your code?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I need help with creating a survey app. My idea is for the app to display questions and have users click buttons to answer. At the end, the app should show each user which user had answers closest to theirs. I need help with the following things:
*How to set up the questions and buttons for the answers
*How to compare all the answers and show each user at the end
*How to make it so there is a separate url for each survey being taken
Answering any of these questions would be very helpful.
For grouping the participants by how close their answers are, you could use the k-means clustering algorithm, of which there's already a JavaScript implementation you could use.
Well, I don't see where Socket.io fits, other than that you could use Survey.js Library to help you build the interface, store the data in the same format, JSON, in MongoDB. There you can group like here, returning the documents data of same value.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I got a request at work to create an SMTP server so that our website can sent automatic emails on daily/weekly basis. In simple - we have a website running on node.js and I need to give it an ability to automatically send emails based on time or/and other conditions.
Since I never worked in this direction (and I just got into this field) I decided to ask a question here, to see what you(experts) have to say in regards of this subject.
p.s I might have a wrong understanding of how this should run, so feel free to correct anything that I said.
Since setting up a brand new smtp server and managing correct configuration, security, and most important, domain/ip reputation can be a real pain, I would suggest using a cloud service for this task to get you going faster.
A few of these services, some of them with free tiers are Amazon SMS, Mailgun, SendGrid and Mandrill. At least Mailgun has a API wrapper available for Node.JS.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm at the moment making an angular webapplication with an REST api. I'm having a list of object which I request from my REST api. I've implemented a delete function to delete object from the list with a delete request. What I'd also like to implement is a check function which is able to check those objects before they are deleted if it is even possible to delete them but I don't know how to do this. Does anybody know how to write such a check function?
You'll need 'some other way' to communicate this type of information to a client. Your API could for instance just add a deletable property on the resource, determined by the server.
If you're looking for more of a standards approach, you could also implement an OPTIONS requests that returns an Allow header that contains a list of HTTP methods that the client may execute.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am developing a webbased application using javascript and I am applying a lot of algorithms on my data and a lot of processing on data is required.
I was wondering is it the common practice to do all the processing and implementing algorithms using javascript or should I do them somewhere else ( i.e. server side ) and just give the results to javascript for viewing?
Depends on what you're trying to do!
Generally if it's data crunching, you want to do that server side, and then present it to the user. Sometimes it can be helpful to offload some of this work to your client- but keep in mind, if you're pushing computing onto the client, it may cause a page to take longer to load.