i'm experimenting by mounting a website hosted on my Dropbox Public folder. Files can my accesed and I used my domain name to redirect to de index.html public url.
I can run javascript, bootstrap, jquery and that stuff but not php (for obvious security reasons of dropbox).
I would like to save data from the website. We all know that JScript is not allowed to write files or anything outsite the browser or the webpage itself.
I've been searching for a webapp/service that provides me a database or something like that let me save data from javascript. Somethingthat get connected to my host and gives me an API to the service or something like that.
Anyone heard about something like this? Or any other way I can get data saved? (serializing a JS object to a file would be just enought to me)
From experience,
If you stick with trying to host something on Dropbox or anything that was not purpose meant for that, you will continually run into problems like this.
In the end spending (wasting) more time, energy and money on workarounds, rather than having fun in a real hosted environment (cloud based is more fun than DB!)
Do yourself a favor and move to a hosting platform, and spend that energy more wisely in creating a website or product (maybe that will make you money even)
There are plenty of free hosting platforms to get your started.
A quick serach on Google:
http://appfog.com/
https://pagodabox.com/
Related
I have just built a nodejs app (with HTML/JavaScript/css) to handle (among other things) workflow management for my business. I am currently running it on a local computer on the network so it is accessible to all the staff who connected to office WiFi.
So that staff can access the system from outside the office I’m considering grabbing a cheap URL and deploying it on a web server (siteground specifically because I have a reseller account there). However because this is the first web app I’ve built from the ground up I just know there are going to be security vulnerabilities and the like in my coding.
The kind of data that is included in the MongoDB database is fairly basic, just customer/supplier contact information and product information.
How dangerous is it for me to do this, is it something I should worry about or should I be okay? I don’t plan to have it indexed by search engines, it’s only for staff use so I don’t need customers to be able to find it.
Appreciate any insight from people who have been doing this longer than I have.
Thanks in advance!
Background:
I'm a tech writer at our company. I dabble in Javascript from time to time, and I consider my js skill level to be maybe advanced beginner/early intermediate.
Anyway, we have Help content created by Adobe's RoboHelp (version 2017). The Help content is static HTML5 .htm pages. The Help gets installed into a folder as a bunch of static .htm pages on our users' computers when they install our product. The users open our .htm pages in their browser via the file:// protocol.
Our Goal:
On our first intro page of our Help, we're planning on showing a "What's New" .htm file inside of an iframe, but we only want to show it the first time a user accesses the documentation.
What I Know and Have Tried:
I know on a real web server, I'd probably just use cookies to control this. But on a local computer, cookies aren't persistent, and after the session closes, the local cookie storage gets deleted.
I know that Javascript accessing the file system unfettered is a security no no and isn't possible.
I've looked into the FileSystem API but the things I've read indicate that it is dead and not in the standard going forward.
My Question:
Is there some other way in Javascript to have limited trusted access to a single settings file etc for this kind of thing? If so, what is the best / recommended way that keeps the user's computer secure but allows us to store and modify settings in a limited fashion so the user has the best experience?
Note that many of these users probably won't have access to the Internet at all, since their computers will be on a factory floor, so a solution that doesn't require talking back to the Internet is ideal.
I assume most of our users log onto their computers with a standard (non-admin) level login. How many users on the same computer will vary, and I don't have that info, though I think it's likely there will be different shifts that use the same computer.
I'm planning on just storing something simple, like boolean values (ie True/False for if this is the first time they've seen the What's New page etc).
Some questions:
Does a user login? What sort of information is planned on being stored?
How many users will be using the same computer?
It's not strictly secure. I wouldn't store any passwords, and personally identifiable info in localStorage, however there are some caveats ( Storing Credentials in Local Storage ), https://softwareengineering.stackexchange.com/questions/152763/html5-localstorage-and-encrypted-sensitive-data ( however if it's on a computer not connected to the internet, then maybe something simple with encryption, might be ... okay )
Might have a look at localStorage.
https://stackoverflow.com/a/44358718/2026508
https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage
I'm a teacher. My grade book is a .xlsm file, located in my Google Drive folder. I'm building a web app, also in my Drive folder, that shows the students names arranged according to the seating chart. I want to run the app on my Android phone, and click a student's name to add a participation mark to the grade book. The app should also display the students' existing participation scores (from the grade book). What is the best way to go about accomplishing something like this?
*I initially tried to do this using another .xlsm file but, when I realized that macros don't run on the Android version of Excel, I switched to an HTML-based app. Was that the right decision?
Here is a sample .xlsm file. In this case, the app would check cell A2 to make sure it's the correct student and then both read and write to cell B2.
If Excel isn’t doing it for you on Android then I’d strongly suggest looking in to Google Sheets. Creating an app for this yourself would be a fun project, if you enjoy that sort of thing, but Google Sheets sounds like it might do the job and you can be up and running in a few minutes.
Having got that out of the way I think it would be best to clear up how web apps work, it sounds like you have some confusion about how they work (or I am from your question!).
A web app is typically made up of two parts, a client and a server.
The client requests resources from the server and the server responds. For example, the client requests the resource associated with example.com, the server is listening for this request and fulfils it by returning a string of text with some meta saying its html. The client (lets say its a browser) understands this is html and begins to parse and render it. If it hits <link> or <script> (or some other stuff) it knows to go and request more resources from a server.
The client is totally detached from the server, it has limited access to the file system and must perform tasks by asking the server to do them. It can only ask, not enforce.
Often there is a 3rd piece which is storage of some sort, this could be a file system somewhere or a database. The client is also detached from this and the server (or another service) owns and manages the storage. In your case Google Drive can act as your storage.
A web client has no direct access to your Google Drive, although if its contents is public there is likely a scheme for you to get a resource (I don't know how Google Drive works but this is fairly likely). I'm not sure it will let you write to the Drive though, not without additional permissions (granted through authentication) being acquired. Many popular frameworks and libraries will allow you to interface with Google Drive and handle the auth handshake etc etc, they are often called a driver or connector.
Very basically, you'd likely need a couple of parts:
Storage -> Connector -> Service -> Client
You can get away with putting connector and service together, and you might be able to get away with connecting direct from the client, which would save you the trouble of creating, hosting and running a service.
The last piece of the puzzle is the conversion you must do from the .xls data into something JS on the client can work with (again, there are often multiple ways of doing things, you might decide to render your page on the server).
There are many tools out there that can convert from .xls to json, which JS can then parse and use (on client or server). I have used one a couple of times but I can't remember which one right now, a quick npm search throws up a number of hits.
Your best option is not to use Google Drive at all. If you are interested in doing something like you described, I would strongly recommend using either PHP and MySQL (a popular combination) or Google Cloud Platform's App Engine (they provide a lot of help, even allowing you to easily build an app that you can sign in to from your Android device with your Google account). If you're more in the mood for Do-It-Yourself, I would probably recommend Spring Boot (These tutorials look pretty good)
When it comes to integrating with Google Drive, it is technically possible to do, but so difficult that you would be much better off writing your own system from scratch and perhaps exporting to an Excel file. (See this page for a tutorial on exporting to Excel from Java)
You have several concerns with the final solution for your problem:
Security (You don't want students breaking into it, like I probably would have done)
Accessibility (You want to get at the information on your phone and your computer)
If I was in your position, I would probably write a Spring Boot application (which can house it's own database, website and API for a computer/phone to communicate with) and an Android application that talks to it.
Also, it would be helpful to know what programming languages and/or libraries/frameworks you have used in the past in order to make better recommendations for your situation. What have you used in the past?
If you need help or have questions, just message or comment.
In a static web app (nothing except html, css and javascript),
I'm searching for a method to protect a file (e.g. json) from being accessed.
That file should only be accessible by authenticated and approved users. (I don't know yet how authentication will be handled.)
I can hide the view of the content in the application with userapp.io e.g., but I can't prevent someone to read it if he wanted to.
Would this be possible?
I thought of putting the protected file on www.firebase.com, but I could not find any practical example.
I also found solutions with .htaccess, but I need to avoid server dependent solutions.
P.S.: Not asking for code here ;-), just advice to point me in the right direction will do.
Thanks in advance!
You can limit access through the web server (.htaccess), server-side code, or a third party solution. If you want to keep your app static and want to avoid modifying .htaccess, then your best bet is to find a third party file host that offers authentication. Would something like Box work for you?
If you're interested in putting your website on something like Weebly, then you can password protect certain pages.
http://www.s3fm.com/ is really useful for uploading/viewing files for personal viewing.
I was wondering if there was something good for social networks (using Amazon s3 or something similar),
where it will only show the subset of files uploaded by a specific user (for example, limit access to the user's specific bucket).
Can s3fm be adapted to this solution? or is there something else out there?
Chris, thanks for bringing this up.
Next version of S3fm will allow just that: sharing files and "folders" with your friends and colleagues using your own S3 account. A bucket owner will be able to use his or her credentials to create new (non-AWS) "accounts" and assign different permissions for each user. Then s/he will be able to select files to share or "folders" for uploads for each of those users.
A secure authentication method has been developed on top of regular Amazon S3 API so no 3rd party service will be required for that purpose. In fact, your newly created account credentials are not even accessible to anyone but you and you users . On the flip side, if you loose them - they are gone, we wont be able to restore them. :)
This version was expected this coming Fri (Aug 9, 2009), but apparently will be delayed another week or so.
Happy to help, feel free to follow up with questions or ideas,
I believe you would need to build your own system to do this. What you use doesn't really matter, you could use S3, Azure, etc as your base storage "cloud."
There is no method of authentication on S3, it only serves files publicly. You can of course obfuscate the file names by naming them with hashes. But still only a fileserver. Maybe roll your own system?
Then make it public so I can use it... it would be awesome!