Is there any pattern if already mobile number exists then the error message has to be shown in form validation.
If existing mobile numbers are present in the database, then you should make an API request to your backend using Ajax to avoid page reload. You should send the mobile number as a parameter in the request.
On the backend side, you need to check in the database that if this number already exists or not and based on your finding you should return appropriate responses.
On frontend, you need to check the response returned from the API and make appropriate decisions based on it but all the validation through the database should be done on the backend/server side.
Related
I have an asp.net web api with getting a list of data from database with a very heavy sql query(using store procedure) then serialize to json, my data result could return sometime more than 100,000 rows of data and is beyond the max limitation of http JSON response which is 4MB, I've been trying to use pagination to limit my result size but it pulls down performance as everytime user click on next page will trigger a heavy sql command, but if I don't use pagination, sometimes the result data size is more than 4MB, and my client side grid won't render properly. Since I don't have a way to check the JSON data size before sending back to client from web api. So my questions would be:
Is there any way to check data size in asp.net web api before sending back to client? For example, if it's more than 4MB then send a response saying "please modify your date range to have less data"? Would this be a good idea in application design?
Is there any way to save the entire data result in cache or
somewhere with asp.net web api so that every time when user perform a
pagination, it will not get result again from database but from the
cache.
Is there any way to store the entire data result in cache or in a temp file on client side(using Angular 5) so that when user perform a pagination, it will not request another http call to web api.
I would be more than happy to listen any experience or suggestion from anyone! Thank you very much!
Here is what I am planning to to for keeping separate tokens for web and mobile
1.When user is logged in from web JWT token is issued and it is stored in DB table with created time stamp.
The above step is repeated for the mobile client ,so the table contains separate tokens for each client.
2.At the time of validation search for the token in table and validate if exists then it will try to verify with JWT.verify
Is it right method to do keeping separate logins using JWT??
Maybe there are other ways to do it, but your approach is totally correct. By fact I would recommend it exactly your way. What you doing, is scoping issued token for specific service, platform. It is useful not only for your use case, but also when you have multiple APIs. You can issue different tokens for each service separately.
I made an online store coded in JSP and tables stored in MysQl. I'm using servlet and classes. I would like to get notify by mail at admin#domain.com when an order is inserted in the database.
Likewise, the customer should receive the order confirmation to the email they entered when they submit the form.
I would like to get feedback on how to do such a task. What's the best practice? I hope to not get back fire with this question because I`m aware there are several answers possible.
Basically, I`m just looking for the easiest and fastest implementation without too much hassle!
The form contains very sensitive and confidential data like address and such. But, since our customers can track their orders on the site, the data should not be sent, for security purposes. Just a message to confirm the reception of their order.
Please guide me in the right direction.
If you are using Hibernate i would recommend you using an entity listener, specially with a #PostPersist callback. You can read about it in Chapter 6. Entity listeners and Callback methods.
The email part can be done using the JavaMail API.
You can check an example of sending an email in Sending an Email using the JavaMail API.
Hope it helps!
One "Search" button is there in the JSP page. After taking all values for searching, the form is submitting.
In processAction(), I am getting all parameters. Using these parameters, in doView() I am consuming one API (JSON data). Creating one JSON object for input to the API and consuming it. Now I got the output JSON data and have passed it to the jsp using renderRequest.setAttribute("jsonString", json.toString());
Then showing search result using this jsonString.
Its working properly.
The issue is, its not creating multiple instances for multiple users. If one user done a search action, the same search result will show to each user if they refresh the page.
Why each user not having separate instances?
Now all users of this page can't do search action as they wish. If one user does, the same result will be shown to all. How can I fix it?
Why session of a particular user is sharing to all? Or What is the actual reason of this issue?
I have a website where you can request data using ajax from our servers as json (only to be used on our site). Now i found that people start using our requests to get data from our system. Is there a way to block users from using our public json API. Ideas that i have been thinking about is:
Some kind of checksum.
A session unique javascript value on the page that have to match server-side
Some kind of rolling password with 1000 different valid values.
All these are not 100% safe but makes it harder to use our data. Any other ideas or solutions would be great.
(The requests that you can do is lookup and translations of zip codes, phone numbers, ssn and so on)
You could use the same API-key authentication method Google uses to limit access to its APIs.
Make it compulsory for every user to have a valid API key, to request data.
Generate API key and store it in your database, when a user requests one.
Link: Relevant Question
This way, you can monitor usage of your API, and impose usage limits on it.
As #c69 pointed out, you could also bind the API keys you generate to the API-user's domain . You can then check the Referer URL ($_SERVER['HTTP_REFERER'] in PHP), and reject request, if it is not being made from the API-user's domain.