back4app | How secure is the visible APPLICATION ID in website - javascript

I program with JavaScript, Node JS, html, css.
Building a web app I'm trying to figure out, how to use back4app.com as database. Starting with the examples, I've created a connection.
Now I'm wondering how secure this solution is? Following the back4app example "YOUR_APP_ID" and "YOUR_JS_KEY" are visible in the code of the index.html.
How can I guarantee security for all user data? I would like to save the sign-in data and progress of the users.

Related

Is it ok to use two different ReactJS Code bases for one project

As I'm starting my carrier as JavaScript developer I always have this question. Let's say I'm developing an App using ReactJS. And in that project, I want to create separate domains for Admin and Client.
Because the admin can log into the backend and check the inventory, it won't get mixed with the Client / User when using the same login. And the code is also getting smaller
As an Example.
Admin is logged using admin.site.com
User / Client is logged in using site.com/login
Now, I decided to go with NodeJs as the back-end for the project. For front-end of the back-end (UI), I thought of using REactJS. Also to use Admin LTE.
For Client-side I will be also using ReactJs.
So there will be two ReactJS code bases and one Node JS.
My Questions are,
Is this method ok?
Or can I do this on one ReactJS code base?
Do you guys have any suggestions for me?

User Extendable Front-end With Web Technologies

About My App
I have a spring boot application which I develop for desktop. The embedded server runs on end-user's computer, not on hosting provider's server. After server starts, application opens localhost with the default browser. Then the user is greeted with my front-end.
My Problem
I have some entity/model(will be provided by my back-end) which I want to represent on my front-end with a view (Which is just a part of my layout). Now, I want my end-user to be able to write his/her own views with JS, HTML, CSS while having access to this entity/model and somehow register this view to my application. Then my application should be able to insert it as a view when needed. But I have no idea how to implement such a system. My best guess was to use a iframe and embed it inside my layout. Which still begs the question: How to register it?
Questions
How would one design a system like this?
Is there any example application which does something like this?
Any tip or source is welcomed.
Thanks in advance.

How to manupulate external Javascript processing

We are creating a simulator to test our new system. The simulator will be used for performance testing using varying payloads. But we are stuck while trying to create multi-user scenario due to an embedded functionality of our new system. Given below is the workflow of the new system under question:
User logs in the system
When page is loaded, a hidden iFrame is rendered with url to User Authentication Service via HTTP Post
User Authentication Service executes a javascipt in the user browser and gets the following - (A) User ID, (B) IP Address, (C) Browser details
User is authenticated and next page is loaded
The javascript mentioned above is maintained by external group and we don’t have access to it (don’t have the source code yet but we may get it).
Our Scenario: We have to simulate multi user condition for varying pay load. We have created a simulator for this purpose. We want to simulate for different concurrent users connecting from different machines (different IP, browser). Since we are talking about simulated condition, the simulator is expected to generate it from the server machine only.
Challenge: How wan we suppress the execution of the javascript mentioned in the Step#3 above? Is it possible at all? What do we need to know from the external group regarding the javascript to achive it? Will it help, if we have the source code of the javascript?
Please refer to the image for the scenario mentioned here. Any help is appreciated:

Dynamic website without client side url handling

I have a challenge that I can't solve. I have made a website with node.js and have all of the code written for the routing including routing for sub-domains. Some location only some users can access, some locations only logged in users can access. I wanted to include a chat for my users so I went along and created one with socket.io and some client side js.
Now I need the site to keep the chat element open which in on a bar across the screen when the client goes to another portion of the website. I have looked into many solutions but almost all of them include some js library like angular.js with the ng-model or ui technique but all include writing code for the client side that handles the url and what to load.
I don't really want to do this method because:
I don't want to re-write all my routes and I am not even sure how to handle the authentication of the users.
I find the client method to be a security issue
My website isn't a single page app, I just want one portion of the website to stay loaded.
Here is some images of what I am wanting:
State 1:
State1
State 2:
State2
Notice that the chat stays but other content was loaded. Also that it went to a different sub domain and a location that is only accessible by logged in users.
Thanks!
I guess you want to maintain state across page refresh, much like e.g. Facebook does. A true and trusted way of doing this is setting a cookie that stores the chat state: open/closed, or store the state on the server. Then on page load, initialize the chat based on this data.

Using a server to send/receive information between a mobile phone and web page

I am trying to set up a simple set up as follows:
Have a mobile app with a page consisting of 4 lines (4 html paragraph lines (I am using phonegap)).
I want to use a web page from which I will input the data for those 4 lines. This information is sent to a server and that server transfers this information to that app on that mobile phone. Now, those 4 lines on the mobile phone is filled with the new information.
Similarly user inputs information on another page consisting of 10 lines of li (list). This information is again sent to the server and to the web page where the information is displayed.
I can almost feel the "internet police guys" getting all hyped and ready to vote this question down. But please understand that I have been on this site and various forums desperate to find a tutorial to guide me to do this and not able to find.
I am trying to use ajax to perform this setup. Confused how I would be using the php file. Information such as password n username is going to go in that php file to connect to the server. But php is a server side script thus needs to sit at the public_html folder. How do I use the php file from my desktop? Write a separate javascript to access it?
It is the concept that is confusing me. I am familiar with html,js,php.
I would appreciate any guidance or maybe a link to a tutorial which would help me to do the concept I mentioned. Thanks for listening.
You will need to create an API using PHP. This API is uploaded to your server and is considered "RESTful". Google a tutorial for what fits your needs. You can set all sorts of rules in this API such as requiring any requests to have an ID or access token.
Since you are using PhoneGap, your HTML and JS files rest on the device, so you will need to allow permissions to your API from anywhere. For this you will have to speak to your host provider about unless you know how to configure it yourself (some providers restrict what you want to do by default as an extra security precaution against XSS attacks).
Next, you can either use jQuery, or you can write some AJAX calls by writing the JavaScript yourself.
The most efficient way for this to work is to send JSON objects to and from the API. You will include a "command" in the JSON when you are sending from your app. On the PHP side, you will retrieve this command and use the rest of the data included in your JSON object to process the request. Your API will need to encode a JSON object for return (such as a user's profile information).
Here is a basic PHP API tutorial to get you going that explains some of the features of a RESTful API: PHP API
Here is a simple AJAX function (you will probably want to make this much more modular): AJAX
As broad as your question is, it seems like the best/easiest thing for you to do will be for you to first create a PHP webpage that will access a SQL database to perform the record updating. Actually, this should serve all of your needs for your mobile users assuming you don't need push notifications for live data updates.
I am assuming, since you are using phone gap, that you are more comfortable with web languages. After you get the webpage fully operational, then you should start building your app based on that exact same SQL database. With mobile app development there are a lot more "what if's" (what if the phone rings, what if the app is running in the background, what if there is no cellular service, etc...)
It is always easier to start with what you know and build on that, rather than starting with a new development platform and troubleshooting as problems arise.

Categories

Resources