I'm working on a Parse web app and have run into some problems using the backbone.js based client side javascript sdk. I noticed the way I have things set up, the client can view all of my source code by simply using the dev tools to view source files and can also run code against the database (within the limits of the ACL's I've set). I've started working on rebuilding the app in cloud code using the Express.js module Parse provides so that all of my code is stored server side, but I was wondering how those using client side frameworks get around this obvious problem.
That's the issue with client-side code. Assume any code you send to the client is hacked, broken, and tampered with.
With JavaScript, your best bet is to use either Cloud Code and send AJAX or streaming data calls to the server, retrieve the data from the server at runtime (not super secure, but would fool some people), or accept that your code is vulnerable.
I typically work with frameworks in the MVC format, so I only expose a limited subset of the actual model via a REST API. I use both a client-side framework and a server-side framework. Any thing sensitive goes on the server.
Related
I am currently in the process of creating a portfolio website for myself but due to hosting restrictions, I cannot make use of Node.js.
I know Angular can run on any web server, but is it possible to make use of Express.js to create web api's with relying on Node.js to run these web api's using Express.js?
If not, is there an alternative solution to create web api's that I can call using Angular and later for my mobile version of my website?
Please note that my shared hosting runs using cPanel.
As per definition Express.js, or simply Express, is a web application framework for Node.js so you can't do that. Alternatives would be to use a different backend language.
That also depends if your server supports them, for example, you can go with .NET CORE
You cannot use Express without NodeJS by definition so you have to deploy your backend somewhere else in you want to use it.
I suggest giving a look Firebase: you could write your backend using http cloud functions in express without paying anything until a reasonable amount of traffic (after that, is pretty cheap). You could also get rid of cPanel and deploy your frontend there via Firebase hosting.
Maybe you can try to build at first a web application with express. Of course you can create a web app without express if you need it. With express and Node.js I created a MySQL REST API. With HTML and Ajax you can fetch the Data from the API. So you can create two applications. One application where you need to run Node.js because it`s much easier to create a REST API with express. The second one is fully without Node.js.
Maybe there are better solutions, but inside each Web Application you can than but you can then access this API in any web application using jQuery. It doesn't matter if it is written with PHP, ASP.Net Core, Java EE / EE4J. You can also access this API in Ruby, Angular, React, Vue etc. using an AJAX request.
In some scenarios you can't start Node.js as a server because an application is already running on apache2 or nginx. There this would be a workaround to use something like this. For example, one could also integrate applications with HTML+JS in a CMS system that accesses other database tables and thus extend such a system without an iframe.
So can be helpful for few scenarios. Now just doesn't get around the actual goal of doing without Node.js completely or even express. But why are there REST APIs? So that you can query the data and incorporate it somewhere else. Otherwise you would have to build a REST API with another technology. Especially in the example of accessing MySQL with JavaScript, this would not be quickly feasible.
If you are looking for a similar solution to separate the web app and the REST API, but you don't need Node.js, then you should really build a REST API with .Net Core or with another technology, depending on what is possible and installed on your server. It could be Java or PHP behind it or Ruby.
The API that provides the REST access does not have to be written in JavaScript. You only need to be able to access it with JavaScript. So you can use many different approaches to access JSON data. I hope that in the short time with my bad English I have explained the basic idea, how to proceed stylistically and where advantages exist in REST interfaces.
With this, it should be self-explanatory that you don't have to use NodeJS and Express, but with JavaScript it's a pleasant solution. Only you have to ask yourself if a JavaScript application has to provide this interface at all or if in the end only a JavaScript application has to access this interface. Very big difference.
For backend rest api you can use golang with gorilla framework. Golang simple keyword and easy to learn.best important point is performance. If your server support golang you can use golang for backend..
ExpressJS is NodeJS framework so it's impossible to create an API without NodeJS.
Angular is front-end framework so you can host it on web hosting server.
If you need to create back-end APIs, you can use other clouding host servers that support NodeJS.
It's fairly simple to build this with just the net/http package. Set up a router that handles various commands and deal with the response accordingly.
I'm working on a project in which we need to authenticate the user in an application by using his/hers windows credentials. Frontend is using Angularjs and backend java.
After doing a sensible amount of research, I discovered that there is no way on the the frontend to obtain directly the Windows user & pass due to security concerns.
But I'm thinking that the whole process should start here, from the frontend, by obtaining these two encrypted credentials or at least a token and sending them to the backend in order to kickstart the ntlm authentication process.
And also, not sure if the user should have to log in the app by typing his windows credentials or if it should automatically be done with ntlm passthrough.
I do not have a good grip on the concept, and that is because most of the related sources that I found are referring to backend solutions (C# 80% of them), but almost nothing for fronted. So, I humbly require some clarifications on this topic. Is there some sort of middleware or npm package that I should use in order to obtain the user & pass, or what would you advise?
Web servers expose certain server variables to code handling requests they serve.
For me, using IIS, these are described here: https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524602%28v%3dvs.90%29
Since I am using IISNode; my node.js environment is completely embedded into IIS; I have access to these server variables. As the link described, each programming language seems to have their own way to access these variables.
So I would doubt it if Java does not have those as well. The exact code to use will depend on you back end.
But a quick search for "java server variables" already yields me the following:
https://docs.oracle.com/cd/E19534-01/820-3288/gawim/index.html for the java access manager.
http://users.polytech.unice.fr/~buffa/cours/internet/POLYS/servlets/Servlet-Tutorial-CGI-Variables.html for old school JSP.
How can I obtain server variables using apache wicket 1.54? for java wicket server.
So have a look at the documentation of your specific web server software or Java API.
There should be a list and example code of how to access these.
Once you obtain this data server side, you can do the LDAP query and then return the results client side.
I am concerned with the feasibility of this:
On a pre-configured machine I will have a Web-Application pre-installed, next to an Apache-Suite. So client and server are the same!
In this Web-Application Users can drag and drop PDF-Files to an USB-Icon.
Then the Web-App should write the dropped PDF to an attached USB-Stick.
I have never done something like this (writing to USB), so I am fairly insecure.
And I am well aware of the browser-restrictions concerning JavaScript and Filesystem-Access, but...
after researching a bit I found out, that there might be some possible and
relevant (I'm a Web-Platform-Guy) solutions to this:
Make a "Chrome App" with USB-Permission (does this really work?)
Use PHP to find the USB and then write to it (how would that work under Windows?)
Use some Flash as middle man (not preferred)
Now I'd like to know:
Has anyone some good experience with before mentioned possibilities?
Has anybody ever done something similar? Did it work? Which path did you choose?
How would I know which drive the USB is mounted, and how would I get sure?
What other possible solutions to this problem are there?
You have a website ('client-side' user interface) and a back-end server ('server-side') running on the same machine. This gives you 2 options:
Client-side: Download a file through the browser via HTTP GET and let the user choose where they save it.
Server-side: Build your USB interactions into the back-end (Node.js) code, as #mcgraphix suggests.
Interacting with the USB on the server-side provides the most flexibility. Furthermore, there are a number of libraries that you can leverage. Head to npmjs.org and consider, among others, the following Node.js server-side packages:
usb-detection
usb
With the server-side approach, initiate a Webservice request when the user completes the drag & drop action on the client, and implement the USB interaction within the server (Express.js or similar) method which services the request.
If the letter of the stick is known then writing a file from PHP will be simple
file_put_contents( 'E:\\folder\\file.pdf', $data );
Update
You can read a list of drives into a dropdown and allow a user to select a default drive to write to
https://stackoverflow.com/a/8210132/696535
Your question is more an architecture question than a code specific question.
Your web app (if you insist on a web app) should have two major components, a server side component that can be given arbitrary commands, and a client side component (javascript using XMLHttpRequest) that can make requests to the server side component to execute said arbitrary commands.
So your server side component, the component that serves your web page should have some server side code that can write your pdf to the file system, it should probably generate the pdf file as well rather than doing that on the web browser.
Which technology you use is up to you, whether that's PHP, .Net, Node.js etc...
The general gist is you want a server side framework that deals with HTTP requests, in your case probably a post request from the client side containing the encoded pdf, and responds accordingly. Bind a particular http route to trigger your save logic.
Your http post request to the server will contain your payload which is the pdf file to a particular path, e.g. http://localhost/savepdf that whichever technology stack http listens to (you'll need to configure that)
Your server side component should read the incoming data, decode it as appropriate then make a file system request to write the received payload to disk.
I am looking for a end to end example for Breezejs library with .NET WebAPI but without using either oData or Breeze.NET (Breeze's server side component).
I have tried looking at the sample code but it doesnt seems to give an example which does that.
http://breeze.github.io/doc-samples/
All the server side samples either have oData or breeze.NET dependency.
From what I understand it is possible to use breeze.js purely in client side (and have your own server side webapi (restful)).
"BreezeJS really is a pure JavaScript technology. You do not need any Breeze on the server. The server need not use use any Microsoft technology: not IIS, not Web API, not Entity Framework, not SQL server."
Source - http://www.getbreezenow.com/spa-template
Any help?
Update:
I dont like the fact that the server is 'coupled' with the client for the metadata information. I understand this is how the breezejs functions.However and this is my personal opinion but its lot of work just to get the client side tool working with the server. This also adds traffice between server and the client. Anyway we decided to not to use breezejs because of the same overhead. (Not saying its not good for other scenarios)
We have a web client built with GWT that talks to a server via gwt-rpc. One part of the app will now use html/js to replace the GWT GUI and we want that part to talk to the server but not via gwt-rpc. What ways are there to migrate a gwt-rpc call to something that will work with a none a gwt client? Today we send and receive java collections that contain object graphs like a list of order objects that have them self order detail objects and so on.
Thanks
Your best bet is using REST. Your data is sent using JSON, which is part of JavaScript so it will always be understood on the client-side. On the server side there shouldn't be any problems finding a suitable library to handle the rest (ha-ha, get it?).
If you're using GWT on the client and server side for now, resty-gwt and Jersey are a popular combo. There was a talk about it on the last GWT.create conference, it's a good starting point.