Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
What I understood?
It shares some code between client and server as both are in javascript. eg: form validation.
How does this work?
Can the shared code be seen from the browser? If yes then it becomes easy for an attacker to find loopholes in our code. Since the same code is being executed in the server side the attacker can pass through the server side validation too.
Are there any drawbacks or security issues if we follow this approach?
It shares some code between client and server as both are in javascript. eg: form validation.
Yes. Since the only language that executes on clientside with any reliability is JavaScript, and since node.js is the only JavaScript serverside framework, node.js is the only way at the moment you can achieve this. (Java could also do it with applets, but pretty much no-one is using those any more.)
There's several JS projects that already use isomorphic principles - more here.
The only drawback is that you're severely limited in your choice of technologies, as described above.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
In my current project I need to optimize socket.io. It can handle 500-600 Connections but I need 2300 at Least. Is there a way to optimize?
Only being allowed to support 500-600 connections is a very broad issue. You need to distinguish what's bottlenecking your code and analyze it to see if there's any way to fix it. This issue may not be socket.io specific and can be caused by some other module in your application. First profile your code and see if there's anything that is is really heavy and can use optimization. NodeJS has a built in profiling tool that can be used which you can find >HERE<. Once you've narrowed down your issue, it'll be easier for you to figure out what needs to be optimized and easier for us in the community to help aid you.
Another option you can do is completely scrap socket.io all together and write your own custom websocket protocol. Requires a bit more work, but it'll strip away a lot of overhead you may not need.
https://codeburst.io/why-you-don-t-need-socket-io-6848f1c871cd
If you do want to keep using socket.io and you find that there's nothing that sticks out while profiling your application, your machine probably needs more resources to support the number of connections. Only thing you can do for this is to upgrade whatever hardware your application is sitting on.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
In web development, does the backend code always mix with the front code at some point? Checking jsp and some php I see that the code is usually mixed, is this a bad practice or should you always avoid using javascript as an intermediary?
Normally it depends on what you really want to do. But they are usually mixed
PHP was developed as a templating language for web, so basically it is what it was created for. But you might notice that in modern projects PHP used mostly as an API backend for Javascript application. In such cases, it will not be mixed.
It seems to me that it depends on the project type. But even if you do not use modern JS frameworks try to separate business and frontend logic. Check the MVC architecture or DDD.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
Is JAVA compatible with html and js? Can we work together other than jsp???
To link the WEKA function.We implemented the java code using jar, and we need the html and js links for visualization. Is there any other method of linkage besides jsp?
There are various ways of working with Web tech and Java. JSP is an old-school means of generating a Web page using Java code and supplying it to a browser. This requires an application server capable of handling HTTP and JSP. Another approach is to create an independent Web page and to communicate with a server that is running Java. The simplest approach is, again, to use an application server that supports HTTP.
Reading between the lines of your question, I think the various solutions will require more effort than you were hoping.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I'm currently working on a PHP project, which should use markdown to display some text.
The question I ask myself now since there are markdown parsers for javascript and PHP is if I should parse the markdown Server or Client Side.
Pros Server-side:
Always the same, even on clients which have javascript disabled.
Pros Client-side:
More dynamic allows for Preview function.
Uses Clients-Resources instead of the Servers.
Did I miss anything?
What would you suggest?
Any help is appreciated!
Inspired by so-called Isomorphic Javascript or Universal Javascript, I suggest you to make the first rendering on server side; then when you update your page —using ajax— you make the rendering on client side. Doing so you would get the pros of both solutions:
a fast initial rendering of the page (no need to wait for the JS libraries to be loaded)
a reduced server load for following requests
an up-to-date user experience for edition
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
If I were malicious (or malicious and thoughtless) I could add some PHP to websites I'm working (or back-end web applications I'm building) that can send some data I'm not authorised to have to my remote server. There are numerous ways to achieve that.
I was wondering: can Javascript do something similar?
For example, is it possible to be spied by using some html/css/javascript web template which will disclose informations from(about) my website - send any kind of information from my website/web app to remote server of malicious developer?
Thanks in advance.
Yes, of course you can send data to other servers using javascript. The difference to your PHP-snippet approach is only that it is executed client-side, at the user's view of the application. So, you can only leak data that the current user is knowing, and you can only compromise the application with the rights of the current user (and his credentials).
However, it would be more difficult to detect javascript injections (which can also happen clientside or during the transfer) than malicious PHP snippets.