I have been reading up about html localStorage but I've read contradicting information. All I would like to know is if I was to save information using localStorage was the user of that computer be the only person able to access/view the information that they had inputted into a form? Or can it also be viewed by users on different devices?
I am thinking to use local storage in an admin page that many people are allowed to access too, instead of sessions. And all users must be able to edit and view information from different devices and using different login details.
The localStorage is called like that because it can be accessed only locally. So you cannot use it to share the data across different clients. You need to use some server to store the data and provide it to your users.
The localStorage object stores data on the users computer permanently, and that data can only be accesses on the users computer by the same origin or domain name, so if you want shared data you have to use some sort of server side mechanism.
Related
I am working on a Laravel app that should allow the user to manually add integration to 3rd party APIs and databases. With APIs it's easy: you only need to store the token. But the user should also be able to add integration with their own databases like MySQL. For that I'll need to store a host, user, password, basically all of the credentials. The issue I'm having is finding a proper and secure way of storing those credentials.
I was thinking about storing all of the connections in a connections table, adding the credentials to a connection_parameters JSON type field (so there would be flexibility and different types of connections can be stored in the same table) and hiding the details using the $hidden property on the model. This would be a first step towards a secure way of storing them, but I'm not sure that's enough.
Do you have any suggestions or practices you've used that you can explain to me?
I can see your main concern is to hide sensitive data from 3rd parties. What you are doing is already "ok" unless someone gets access to your database somehow. You may want to treat those fields the same way you treat users' passwords, since they also contain credentials.
One way would be to encrypt them before storing. Laravel comes with encryption/decryption out of the box https://laravel.com/docs/5.8/encryption.
Another solution is to store each user's credentials in a file and store the file in any directory but the public directory (e.g: /storage/connections). This way, only you can access those files. Each file could be named something like user_1234 1234 being the user ID. So it's easy to retrieve.
Intent: I would like to distribute forms to User X, User Y and User Z. These forms would be pre-populated with existing data on their ongoing projects. Meaning for User X, he will only be able to see his own details etc. They are to validate the information, and make changes to the data if necessary.
I tried finding the best way to go about executing this and landed on MS Access (if there's something else, please do share).
So I have a database, created my forms but how do I go about sharing only the forms to my users and updating my database. Resources I have include:
SharePoint Online (may or may not have access to it...)
Outlook
Desktop Access
I am open to various scenarios involving direct updating through SharePoint, or even manually updating the forms received through them via email if it is possible.
My most important consideration is data security. User X should not be able to see the details of other users. User-level security from older versions of Access could probably do that but its no longer in the newer version and a check online suggests it isn't the most secure option.
Any help would be much appreciated.
You do not include any information on what kind of data your "forms" includes why you collect the data and what do you want to do with it. At the very least if data from multiple users needs to be combined for any sort of overall reporting.
If the most important consideration is limiting each user to a sub-set of the data then I don't see how you decided MS Access is your best option. Any security on an Access file is easily bypassed. On top of that unless each of your users has their own set of tables you cannot set up any kind of security that isolates their individual information.
To completely isolate user information you have three options:
Use a separate database for each. Then, if you need to, link them all
into a master database in the back end.
Use an isolated front end. You cannot use an Access front end as that
will have to link to the tables; you have to use a separate
interface, either a web type interface or a Windows application that
the user has to log on and has no access to any data other than what
the software is displaying.
Use import/export files. Have access export each user's info to an
Excel sheet or other convenient data file. Let them make their
changes and return the files to you, then import them back into your
database.
I need to store the IP address, the User-Agent of the client who is requesting a particular web page, the name of the webpage being requested and the request time. I am planning to store the information in a table in the database(MySQL). But, the problem I can for-see is that every time the page is requested there will be a database entry, and in time it would take up a huge amount of space.
Does analytics tools like Google Analytics already store these information (IP-Address, User-Agent, Requested-Webpage-Name, Time) that I can access anytime in future (Say, i need to check the client's IP and User-Agent who viewed a particular page within a particular timeframe)? If not, is my approach the right way to do it? If not, what is the right way?
I found that nginx does this out of the box with it's access logs, which are stored in /var/logs/nginx/access.log. So, i just need to pare the access log data, using various tools available online.
My client wants to store his login in the Adobe AIR application. Is this a good idea? I've looked at using Encrypted Local Storage (which uses the operating system) or is there another method more suitable?
I've found this answer but it is very confusing, https://stackoverflow.com/a/11899254/441016. It is saying it is OK to use to store login information but not OK to store registration keys for licensing software. I don't understand that. Login is more important than registration keys.
It's saying that other applications can read that information. Does that mean my application can read sensitive data from other applications simply because the user is logged in? That doesn't sound right. If an application adds sensitive data to the keychain it should be the only application that can retrieve it.
You should use the Encrypted Local Storage for saving login information in the device, it's save and easy to use.
If some user is able to see the contents in the Encrypted Local Storage (ELS), all he will see, is his own login info, so there isn't a security risk here. However, if you save registration keys or API keys, the user could use this information to hack your App.
Hope this helps.
I am developing an Angular app that uses Firebase to manage users. All is working correctly at this point: users are authenticated via Facebook, FB profile pic is displayed when user is logged-in, etc. the goal of the app is to allow users to upload videos and also vote on videos. I have been pondering the idea of possibly using a MySQL database to store user videos (due to limited storage with the free Firebase account) but I am not sure how feasible this would even be. Has anyone had any experience with something of this nature? I've been browsing the web for some time now but haven't found anything related.
You don't store videos and images inside a database, you get a storage server, AWS for example, and then save the url to that file in your database. Firebase would be just fine for that.