I’m making a company pricelist app for the iPhone.
Most of my application is finished, except for the “security” part.
I use PHP to extract from the SQL database, and encode it as JSON.
All this is fine, except….
I would like to protect my pricelist data from others not accessing the URL request from a browser.
I’m not a great web / php programmer and I’m not sure how to implement this on the serverside.
For now I have just made a user/password in the URLRequest like
www.hopepage.com/searchDB?User=Jack&Pass=Jones&Comp=iPhone%
In the PHP I have then made something like
IF user and pass in user database then
Select * from components where comp like &Comp
However, this request shows my login in the URL string, an what is somebody sniffs this string ? I guess this is fairly easily possible ?
I have read a bit about SSL and HTTPS, but I’m not sure how to implement it on the serverside.
Anybody knows about good documentation, or can lead me in the right direction ?
Maybe a tutorial hidden somewhere on the net (I have searched, but maybe not used the correct words).
Anybody
Related
this is my first post and I am trying to get back to technology after a break of few years. Really enjoying coding again and decided to learn the MERN stack first. I went through some tutorials and then started to build a website for my business. Created a few pages here and there and was fairly successful to build most things via express, HTML and CSS, until I hit a situation.
Question.- I have an app.post for my '/ranking' route and in this function I am performing some logic. This app.post is being called from the '/ranking' page when the user hits the "View Profile" button. The idea is to pick up unique ID as the value from the HTML template, pass it onto app.post. Then perform the business logic, which includes finding the unique values of the unique ID from the DB. Once this is done, pass it over to a /profile page with res.render. Now this is all working fine. However, after the res.render("profile") call, even though the website is going correctly to the page that I want it to, the url reads
http://localhost:3000/ranking (This is the page from where the post call made). Instead I want it to read,
http://localhost:3000/profile
If there is a solution for this please do let me know. Also if the answer implies that I haven't understood certain key concepts about express and routing, please pass me in that direction. Thanks in advance.
The URL of the route and the filename you pass to render are entirely independent.
If you want to redirect someone to a different URL, then you need to respond to the request using res.redirect and not res.render.
In its most basic form, what I want to do is access data on my web server, from an Android App I'm developing (to be clear, different apps accesses the same data set).
To be more specific, I would like to set up my Web Server so that it returns a JSON String, in response to an HTTP GET request sent from the app. (That's not a requirement by any means, it just seems like how most APIs work).
So far, it seems I need a Web Framework with an MVC, like Ruby on Rails that uses a controller that can decide what to do with an HTTP GET request.
What I don't quite understand yet (not that I understand what I've said so far), is this:
How the data is stored (I know I can use a database, but I'd like to know the best/other options)
How to get query parameters from the URI
How to retrieve the data
How to organize the data into a JSON object/string
How to send the JSON string in response to the GET request
Obviously, I'm not a web development expert. I'm trying to learn, but I don't have the experience yet to even know what to search for. So I appreciate any help and resources you may have.
I just started with Angularjs and I was wondering how I should proceed to make a simple app to let users subscribe to a course...
Where should I keep those subscription records? For security reasons I guess a json file on the server is not the way to go? Or not?
Users are on the intranet and a variable with their userid will be used to authenticate...
Any suggestions?
I found something about auth and angularjs here:
http://frederiknakstad.com/authentication-in-single-page-applications-with-angular-js/
It is a server problem so you can't solve it with AngularJS, which is pure front end framework.
If you don't want to code something on a server, there is currently a trend called "nobackend", have a look here : http://nobackend.org/
About the website you mentioned : the author also made a post about the server so you can go with it since it is also in Javascript, thus part of your abilities with JS can be reused.
http://www.frederiknakstad.com/blog/2013/08/04/authentication-in-single-page-applications-with-angular.js-part-2/
I called attached code below in WinJS app and keep getting this error 405 Method Not Allowed. I have changed the method property to "POST" , still the same thing. Some of the guys saying it is to do with the permission so I am trying to set the credential in the uploader. This is an internal app so we assume this should carry the Windows Authentication. But at the moment, I could not find how. Can anybody help?
uploader.createUpload(endpoint, file)
.startAsync()
You haven't narrowed down the problem to the point where you should be worrying about how to express what you need with BackgroundTransfer APIs yet - you need to figure out what you need to express, first.
If you have access to good documentation or a knowledgeable owner of this internal service you're connecting to, your first step should be consulting that to figure out what exactly the HTTP request (and the associated credential headers) should look like.
If you don't have access to that, the second best starting point is to take an existing, working client of this service you're uploading to and use a networking capture software (Fiddler, for example) to take a look at what the request it's sending looks like.
Once you've figured out the specific HTTP method and server credentials you need to use, you can tell BackgroundTransfer to use them by setting the method and serverCredential properties of your uploader object before creating your uploads.
I don't understand. I have searched all internet forums but found nothing helpful. I am trying to update the numberOfLikes field on my postsTable in MySql when the user clicks on the like button. I know this is done through ajax but I am only familiar with prototype ajax and none internet forums state anything about it.
Here's the flow chart
1. On "seeForums.php" user clicks on the "like" link.
2. The like link has an id that triggers the function which updates numberOfLikes on my postsTable.
Thats it. Thats all I need. But I need it in a prototype ajax format, something like this.
function processLikes()
{
new Ajax.Request(theUrl,
{
contentType:"text/HTML",
onSuccess:updateLikesMySql,
onFailure:error
onException:error,
});
}
Helps are appreciated :)
You can't do this with Javascript alone as it is client side only, you'll need to get a server side language (e.g. PHP) involved as well.
The idea is that you send an AJAX request to your PHP file along with the data that you want to update, and your PHP file will handle inserting values into the database. That PHP file would then print an output (e.g. success or failure) which would be received in your Javascript so you can act accordingly.
You should know that the nature of HTTP (web) makes it Request/Response like.
So your backend code runs on the server,
And javascript and all frontend code run on the client.
Client has no access to your database, So you can't do anything to your database with Javascript.
Best thing you can do is ask your serve with javascript to update the database,
Make a server-side script available at some URL,
Then use ajax to call that URL.
In the server-side script, do the code which updates the database.