Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
How can an offline website (zip, MHTML, SingleFile) be made secure? Are there techniques (obfuscating, encrypting) or anything within the specs of HTML or JavaScript (ECMAScript) that would allow for an offline website to be secure on its own?
By "secure" I mean that if a user has a local copy of the website, they may not still have access to the contents without a password. Imagine a level of security approximating that which is used in PDF documents.
You may use an offline js function (https://code.google.com/p/crypto-js/#Ciphers here are some algorithms that will do) to encrypt all the data, and ask for a password to decrypt it.
Note that you shouldn't store the correct password, but instead check if it is correct by decrypting with the password given by the user a known message (encrypt "hello world" with the correct password, and then check if the password given by the user works).
Yes; you can encrypt the data, then decrypt it in Javascript.
Note that any user with the encryption will always have full access to the data.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I got a request at work to create an SMTP server so that our website can sent automatic emails on daily/weekly basis. In simple - we have a website running on node.js and I need to give it an ability to automatically send emails based on time or/and other conditions.
Since I never worked in this direction (and I just got into this field) I decided to ask a question here, to see what you(experts) have to say in regards of this subject.
p.s I might have a wrong understanding of how this should run, so feel free to correct anything that I said.
Since setting up a brand new smtp server and managing correct configuration, security, and most important, domain/ip reputation can be a real pain, I would suggest using a cloud service for this task to get you going faster.
A few of these services, some of them with free tiers are Amazon SMS, Mailgun, SendGrid and Mandrill. At least Mailgun has a API wrapper available for Node.JS.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
we are creating a chrome extension that can able to retrieve a data from MYSQL database and display in extension.is it possible? second question is it possible to authenticate localhost .aspx website from java script.
If you want to make a native database connection I think it would be possible with npapi, see https://developer.chrome.com/extensions/npapi. However it sounds to make like a big security risk due to the fact the username and password will be stored in the extension code that can be early access, a better solution would be to develop some http service/api that will connect to the database and return some information, then you can just make an ajax request to your service and display any information you want.
About the second question, you can make any http request just like the browser using chrome extensions.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
How JavaScript take user ID and password? And where do it stores that data? And how it check the authentication when next time user wants to login in?
It doesn't. JavaScript running in the browser cannot perform meaningful authentication. You'd need a server-side application that performs the authentication. At most, JavaScript could perform an AJAX request, sending the user ID and password to the server — but how exactly you'd do that would depend entirely on the application. You'd need to read the documentation for your system to find out how authentication is performed.
(It is conceivable that we're talking about a server-side application written in JavaScript à la node.js, but since the question is not tagged as such I'm assuming not.)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am very new to web technologies. I don't even know what keywords to search with, so please bear with me.
I want to make a hybrid web app. The user visits the site and gets a login prompt to verify his/her identity via facebook.
When the use logs in correctly, they are allowed to query the database on my website. If the login fails, they cannot query my database.
I do not want any heavy duty SDKs or special purpose libraries. Is there a shortcut, lightweight implementation?
thank you for the help!
I see that you have tagged it as javascript, so i would suggest you t go through this official Facebook tutorial : https://developers.facebook.com/docs/facebook-login/login-flow-for-web/v2.2
Once the user is done with this, you just need to allow the user to query your database.
P.S. - For a more appropriate answer in regards to the later section, you need to put forward a more "to the point" question.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am testing a simple registration form (username, password, email... etc), where input validation is done on the client side every time the user writes/deletes a character (not allowing some characters, checking length... etc).
I have recently saw something about doing the email validation on the server side not only the client side because it is insecure since javascript can easily be deactivated on the client side.
Is that really a threat when using javascript only for validating the inputs before sending them with a submit ? or am I worrying for nothing ?
Attackers can send any HTTP request they want, without running any Javascript code.
Yes, it's a threat. Yes, you need to worry about it.