I am just getting started couchdb and have been looking into writing couch apps. the idea is pretty cool. From what I can tell so far, its great for writing front facing apps, but what I have not been able to tell yet is securing data and your code.
For example, if I have an app on something like iriscouch, it seems like the whole database is replicatable to the world. which is fine for those things. But if I were to host something on something like cloudant (or self hosted) where I dont want joe schmoe to replicate my db (assuming I have it at my own domain), is there a way to secure and not let all of your source code out?
Maybe its just my understanding so far. But when you have javascript you can always see the source. Is that any different when building couch apps? Such as if I wanted to keep the back end js code proprietary.
When building front ends, the client code obviously doesnt matter. But Im wondering if is possible to use the html/js to build apps where I can keep the back end proprietary. Or is this just out of scope of couchapps?
CouchDB has very primitive access control. It is not possible to build a security minded web application, like a shopping cart, using this access control system. In order to enforce more complex access control rules you need to build a middle-ware between JavaScript and CouchDB. In this case the user logs into the middle-ware, and this code is responsible for keeping track of who the user is and what resources they have access to.
Related
I'm mainly a front-end devloper, so the basic server-side aspect of the project I'm working on is escaping me.
My main webpage has a list of products pulled from a JSON array with angularjs' ng-repeat, but I'd like to add an administrative page in which authenticated users could push a JSON object to the array. How can I do this with no experience in any server-side scripting languages?
I hate to be the bringer of bad news, but when dealing with user permissions, you need to be using some kind of back-end technology.
Theoretically, you could store authentication information in the JSON that denoted whether or not a user is an admin, and display the content/assign permissions accordingly. The problem with this technique is that, since the code is on the client side, hacking the admin page would be as easy as altering the JavaScript. This method would provide literally no security whatsoever.
If this is okay with you, then go ahead. But I would strongly advise learning some kind of server-side technology.
Given that you're a font-end developer, I'm assuming you already know JavaScript, so maybe doing this in Node would be a good option. Node does have a learning curve in and of itself, but knowing JavaScript will help significantly. You'll also need some kind of basic database to store the login information. Some kind of noSQL dialect such as MongoDB would probably work well here.
For doing advanced permissions, you'd want to use something like LDAP or Active Directory, but for what you're describing this would probably be overkill.
Remember, learning new things is fun! Good luck!
I have an iOS app in which I use parse.com as backend service. Now, I hired someone to do a website interface using HTML and CSS. I want to share the same data between iOS app and website, I know parse.com offers me a few ways to do this, including creating a javaScriptapplication. The problem is, my programmer doesn't have any experience in JavaScript, nor do I.
My question is: Is it possible to use what I have (objective-c, xcode) as far as retrieving data from parse.com and showing on website? Even if I need to code something new, is it possible to use objective-c together with HTML and CSS?
Thanks.
Parse has several APIs, one of which is REST. Your web developer should use the REST API to get data from Parse
https://www.parse.com/docs/rest
If there is will there is way, but you'll be making something really specific to your use and will be non standard and will be immediately hard to maintain, I recommend that you hire another developer and do things properly using the technologies given to you by parse !. if the cost will be high now I can promise you it'll be much higher if you went the path you're going to now.
So my answer is:
Yes, everything is possible and no, don't do it ! :)
Edit: Added an example to a possible way to do it to actually answer OP's question.
Example case:
1-Create a simple Mac Application in Xcode that fetches data exactly like you do it on iOS, and store the needed data into a database of your choice on your server
2-You now have access to the data you needed from parse, but on a local mirror. you will need some tool to fetch that data though, I recommend a simple PHP script.
Note that this will require an OSX server to always be running to fetch that data, you'll also need of find a way to fetch data on demand when a user needs it Vs. polling at specified intervals, this will hardly scale and will be costly as I said.
My workplace keeps client records in a database which is accessible via an aspx application hosted on our local network. The page allows logging in, simple searching, and retrieving of information, which is displayed on this webpage. A task I am performing requires I access each record, copy a block of text into a new database which we are creating, and move to the next record (thousands of times).
My question is, is there a way to automate this? I've looked at browser macros, but the task of searching for each record does not allow for a simple macro interface. I was hoping to write a program which directly interacts with the aspx application without the need for the browser. In the code I'd be able to tell the application which records i'm looking for (by date, or unique ID, for example), and have the aspx application return the appropriate fields of text I need. I don't have any back-end access to the aspx application (it is a third party, proprietary application and their developers are not interested in helping me with this task)
Can this be done?
If yes, in broad terms, what sort of solution should I be looking at? Is there a particular language that is more suitable to this task?
Any help is appreciated. I realize the question is a bit vague and broad, but the third-party application is only hosted locally so I can't give an example. I know a little ruby, and came across the gem Mechanize, which looks like it might work... but I can't find much about interacting with asp.net
You're on the right track with ruby mechanize. Mechanize will keep track of the cookies for you and make it easy to submit forms (logging in, asp doPostBack actions). Give it a try, and if you get stuck, post specifics in a new question.
I'm trying to build a phonegap app for ios and android. It's been going well so far but now I hit a major obstacle and I need some help.
I need to connect to a remote Postgres database. I haven't done anything like that before.
Does anyone have any experience/tips for this, or know of any resources which contain relevant information?
From client-side javascript, you can't. Unless phonegap has done something very odd with permissions or provided a PostgreSQL interface (which presumably you'd know about if they had).
What you'll want to do is provide a small server-side wrapper to PostgreSQL that will take requests, convert them to queries and return (presumably) json-formatted results. Oh - and you'll need to think about security too - who can connect, what can they do, does it all need to be encrypted?
If your requirements are simple, this can be easy enough to do in Perl/Python/Ruby etc. or even javascript if you have node.js to hand. With Perl you'd wrap DBIx::Class in a Dancer app - similar modules exist for all the above scripting languages.
Do consider whether you want to run the whole thing over https (let apache handle this for you) - it will avoid issues with passwords/private data being sniffed over wireless connections.
For example, your app would issue an ajax request to: http://myserver/projects/123/messages?limit=20&sort=date
That would be translated into a query into the project-messages table for the last 20 messages sorted by date and wrap the results up as an array of JSON objects (presumably).
You would need to create an API for your data. Then access that API using promises from your js app.
To let the security issues where they belong to (in existing experienced and tested parts of server / client software) and to have a minimum effort of development, I suggest to use some existing lightweight middle ware:
http://restsql.org/doc/Overview.html
It comes with a docker, where any service you require is packed in, thus making it easy to try it out quickly.
Preamble
So, this question has already been answered, but as it was my first question for this project, I'm going to continue to reference it in other questions I ask for this project.
For anyone who came from another question, here is the basic idea: Create a web app that can make it much easier to create other web applications or websites. To do this, you would basically create a modular site with "widgets" and then combine them into the final display pages. Each widget would likely have its own set of functions combined in a Class if you use Prototype or .prototype.fn otherwise.
Currently
I am working on getting the basics down: editing CSS, creating user JavaScript functions and dynamically finding their names/inputs, and other critical technical aspects of the project. Soon I will create a rough timeline of the features I wish to create. Soon after I do this, I intent to create a Blog of sorts to keep everyone informed of the project's status.
Original Question
Hello all, I am currently trying to formalize an idea I have for a personal project (which may turn into a professional one later on). The concept is a reflective web application. In other words, a web application that can build other web applications and is actively used to build and improve itself. Think of it as sort of a webapp IDE for creating webapps.
So before I start explaining it further, my question to all of you is this: What do you think would be some of the hardest challenges along the way and where would be the best place to start?
Now let me try to explain some of the aspects of this concept briefly here. I want this application to be as close to a WYSIWYG as possible, in that you have a display area which shows all or part of the website as it would appear. You should be free to browse it to get to the areas you want to work on and use a JavaScript debugger/console to ask "what would happen if...?" questions.
I intend for the webapps to be built up via components. In other words, the result would be a very modular webapp so that you can tweak things on a small or large scale with a fair amount of ease (generally it should be better than hand coding everything in <insert editor of choice>).
Once the website/webapp is done, this webapp should be able to produce all the code necessary to install and run the created website/webapp (so CSS, JavaScript, PHP, and PHP installer for the database).
Here are the few major challenges I've come up with so far:
Changing CSS on the fly
Implementing reflection in JavaScript
Accurate and brief DOM tree viewer
Allowing users to choose JavaScript libraries (i.e. Prototype, jQuery, Dojo, extJS, etc.)
Any other comments and suggestions are also welcome.
Edit 1: I really like the idea of AppJet and I will check it out in detail when I get the time this weekend. However, my only concern is that this is supposed to create code that can go onto others webservers, so while AppJet might be a great way for me to develop this app more rapidly, I still think I will have to generate PHP code for my users to put on their servers.
Also, when I feel this is ready for beta testers, I will certainly release it for free for everyone on this site. But I was thinking that out of beta I should follow a scheme similar to that of git: Free for open source apps, costs money for private/proprietary apps.
Conceptually, you would be building widgets, a widget factory, and a factory making factory.
So, you would have to find all the different types of interactions that could be possible in making a widget, between widgets, within a factory, and between multiple widget making factories to get an idea.
Something to keep on top of how far would be too far to abstract?
**I think you would need to be able to abstract a few layers completely for the application space itself. Then you'd have to build some management tool for it all. **
- Presentation, Workflow and the Data tier.
Presentation: You are either receiving feedback, or putting in input. Usually as a result of clicking, or entering something. A simple example is making dynamic web forms in a database. What would you have to store in a database about where it comes/goes from? This would probably make up the presentation layer. This would probably be the best exercise to start with to get a feel for what you may need to go with.
Workflow: it would be wise to build a simple workflow engine. I built one modeled on Windows Workflow that I had up and running in 2 days. It could set the initial event that should be run, etc. From a designer perspective, I would imagine a visio type program to link these events. The events in the workflow would then drive the presentation tier.
Data: You would have to store the data about the application as much as the data in the application. So, form, event, data structures could possibly be done by storing xml docs depending on whether you need to work with any of the data in the forms or not. The data of the application could also be stored in empty xml templates that you fill in, or in actual tables. At that point you'd have to create a table creation routine that would maintain a table for an app to the spec. Google has something like this with their google DB online.
Hope that helps. Share what you end up coming up with.
Why use PHP?
Appjet does something really similar using 100% Javascript on the client and server side with rhino.
This makes it easier for programmers to use your service, and easier for you to deploy. In fact even their data storage technique uses Javascript (simple native objects), which is a really powerful idea.