I'm working on an application that uses imgur as hosting service and I'll be uploading images to imgur using javascript. But that means I have to put the client id in my code so everyone will be able to see my client id when they look at the source. Is this bad and if so what can I do as a workaround?
Thanks!
It's only bad if you don't want other people use your client id.
You can use node.js to use the same javascript you are using now, but on the server side.
That way you don't have to learn a new language, but get all the benefits from keeping it on the server.
Good luck,
bovako
Related
We have a web client built with GWT that talks to a server via gwt-rpc. One part of the app will now use html/js to replace the GWT GUI and we want that part to talk to the server but not via gwt-rpc. What ways are there to migrate a gwt-rpc call to something that will work with a none a gwt client? Today we send and receive java collections that contain object graphs like a list of order objects that have them self order detail objects and so on.
Thanks
Your best bet is using REST. Your data is sent using JSON, which is part of JavaScript so it will always be understood on the client-side. On the server side there shouldn't be any problems finding a suitable library to handle the rest (ha-ha, get it?).
If you're using GWT on the client and server side for now, resty-gwt and Jersey are a popular combo. There was a talk about it on the last GWT.create conference, it's a good starting point.
I am developing an web page (html5) for my graduation project. In the web page the user would provide "body type" and based on the input various garments's images would be pulled from database and displayed on the page.
I am not a technical student so failing in my database connection efforts.
I have index.html page, a .mdb db (ms access 2007) and using js to connect to the .mdb. I also installed the "Microsoft Access Database Engine 2010 Redistributable". Then too failing.
Kindly mention what I am missing.
HTML pages are mostly accessed via a Server (IIS, Apache,..) and the data work is done by the server, on the server (AKA ServerSide programming)
So first consider if your project is intended to be accessed this way or only locally / standalone to your very computer.
If you only want a local page, there might be a solution here : http://accessdb.sourceforge.net/
But I bet it only works on IE through ActiveX
Read this : Read and write to an access database using Javascript
Also : why MSaccess ? If you really try to manipulate data locally using JS, try SQLite, there should be many library for JS like this one : https://github.com/lovasoa/sql.js
or why not... the HTML5 webstorage objects, that could be pushed far
http://www.w3schools.com/html/html5_webstorage.asp
I think you have got it all wrong! The short answer is you can not. And that is because your design is wrong. You can not* directly connect form html5 / javascript to a database.
Back to the basics.
You will need server side scripting to read the database content and expose them to the client (javascript) or to embed directly the result to html5 (while server is building the page).
You need to take a look to the following technologies
java / Jsp
c# / aspx
Those will help you to read the db file on the server side. Then as I said you will need to find a way to expose that information to your web page. As a side note, those are not the only server side scripting technologies, but are the one (IMHO) the can read an access file.
So look into that direction you will find a lot of resources to help you.
*The truth is that you can, but this can be considered an 'advance' issue.
We are creating an online service divided like that:
- an API, of course
- full JS/AJAX client, no MVC, it is pure JS
We are experienced developers and we do know that we can't secure the JS client code, however, we are trying to figure way to prevent 3rd parties from creating their own client by analyzing our JS API Call and this way restrict access only from our own client.
Thanks in advance!
We are experienced developers and we do know that we can't secure the
JS client code, however, we are trying to figure way to prevent 3rd
parties from creating their own client by analyzing our JS API Call
and this way only restreint access from our own client.
That is contradiction in terms. If you know that client-side ECMAscript code can never be hidden, it will always be possible for any somewhat experienced developer to analyse your code. Even if heavily obfuscated, minified and uglified.
Use a server-side authentication, by password. Its the only secure way. You just can not prevent that somebody will clone/copy your script.
I don't think you can. Perhaps generate a key or something to authorize requests.
For you and anyone with a similar question, take heed; it is impossible. If you send a user working code that will communicate with your API, there is nothing you can do to stop then modifying or re-writing that code. The only area you can keep secure is the back-end.
Oh, this is the wrong question to ask.
The question you need to ask is "why do I care if someone accesses my server without my client?"
You obviously have a reason. I can think of one reason only - your server trusts the client to behave nicely. Don't do that. Make sure the server can handle any kind of zany client request. It doesn't have to handle it nicely (throwing a 500 Server Error is OK) - as long as rogue clients can't mess with your data or kill your server entirely.
You could try to obfuscate your javascript code to make it hard readable:
a link to an obfuscator
you can find outhers
If you have authentification, you can pass session id to your API to keep user logged in, so if user is not authentificated he won't be able to get data from your API.
I am working on a little fun project(webcalender) and I want to use mongoDB. MongoDB is running and I figured out how to deal with it. I also got the connection to PHP.
I was wondering is there any chance to connect to the MongoDB using simple javascript?
I have searched a lot and I always passed by Node.js? Do I need Node.js to connect to mongoDB over Javascript?
Does anyone have a great link? Tutorial? or arguments why I should not do that?
Thanks for help
there are client side ways of doing this but its not safe at all.
there are a few reasons for the lack of security.
1. connection info is in the source for anyone to see.
2. if you use a service like mongoHQ where its a restful API to connect to Mongo your secret is exposed on the client side.
Both of these reasons scared me enough to not use a JS library that allowed me to connect to mongo on client side.
is your application being built in node? or PHP?
if PHP I know theres a PEAR library for MongoDB, then you can use javascript on the client side to interact with php to do what you need on the DB.
if the application is being built in node.js then sure why not? I've had success using Mongoose with express in node.
hope that helps.
Yes, you need Node.js to access MongoDB via JavaScript, because simple plain JavaScript runs on the user browser, not on the server, and Node.js is meant to run on the server.
Accessing a database directly from the browser would be a huge security issue, since JS files are always available to those viewing the page.
What's an easy and secure way to let my Flash app communicate with my back-end server?
The Flash app, which is a video player, should retrieve the person's username and send back an ID. How would I do this?
Note: Back-end is written in Javascript.
If you want to connect flash with JS to actionscript use ExternalInterface. If you want to connect to e.g. PHP use NetConnection or UrlLoader
I've used XML-RPC in a Flash client before. I've gotten it to work pretty well too.
I've personally used this Action Script 3 implementation:
http://danielmclaren.com/2007/08/03/xmlrpc-for-actionscript-30-free-library
Of course, the server I was talking with was Java/Tomcat. However, I'm pretty sure there are XML-RPC implementations for JavaScript; a quick search found this:
http://phpxmlrpc.sourceforge.net/jsxmlrpc/
Don't know how much setup/overhead it would be for you server-wise, but I've had success with that protocol.