how to make a JavaScript SDK/Library secure (client side) - javascript

I am here to do a question about how to create a SDK or a library in JavaScript for the web but securly. Let me explain a little more
Let's guess the library has to connect with another Third Party Libs like "Facebook" and "Google Maps" and their provide me some "Special private/public Keys", so the library has to use it internally, then the users who will use my library have to be able to do mine functions that uses the Keys
now the question is:
Is there a way to hide that Keys? I mean I just wanna the Library use it but I would like to know if there is a way to do it secury and those users that will use my library cannot see it.
What are the options I have to do this?
cheers and TIA!

Related

shamir's scheme in jquery

I'm developing a secure key sharing mechanism for personal cloud users as a research project. For that I use Shamir's algorithm to split and reconstruct the key. I have to do that in client side. So I have to use JS or JQuery. If anyone have implemented this schema in Jquery help me.
here I found this schema implemented in java but what I want is JQuery
http://sourceforge.net/projects/secretsharejava/

how can i convert a javascript variable to a java string variable

I'm trying to get a javascript variable from my webview and convert it to a String variable in Java. But i'm new to javascript and can't figure out how i can do this.
Can anyone help me?
How about using the Android Java/JavaScript bridge to send data between the two layers. The integration technique is part of the core Android framework.
PhoneGap is also great but is overkill if you just want to stick to Android
Here is a tutorial on how this stuff works: http://code.google.com/p/openmobster/wiki/JavascriptBridge
Full Disclosure: I am the Chief Engineer of OpenMobster and I wrote this tutorial
There is no easy way to just pull a variable from client side javascript into application level Java. Hopefully someone can come along and give a good original answer. However, the PhoneGap library has an easy way to do this. PhoneGap can tie javascript events to native application events which is extremely useful. If you really want to do this I would recommend at least checking out PhoneGap.

CouchDB AJAX interaction

I'm writing a CouchDB sample. My intention is to write a web app using AJAX and deploy it in the tomcat environment. As I use the CouchDB I would like to know the way to interact with the CouchDB server. However there were few examples but I have few concerns over that.
1) As my application is deployed in a web server is it possible to connect with a CouchDB outside? Many examples uses apps which are deployed in CouchApp or Couch environment itself.
2) If so will it end up with cross domain issues. I found this in here
Connection AJAX, CouchDB and JavaScript
However will this be a problem? Is this the correct way to achieve this?
3) To omit above issues is it possible to use some server side javascript implementation as an example Rhino?
http://www.mozilla.org/rhino/doc.html
4) If I use Rhino above it wont allow many java script libraries to use. How do I interact with CouchDB then? Do I have to invoke native Javascript? Cant I use something like JQuery?
5) What are the best libraries for client side to achieve my goal?
Your help is appreciated.
Thank you
Based on your need to use tomcat, I would just recommend using ektorp (http://ektorp.org/). Just think of ektorp like a jdbc driver. No need to do ajax from the user interface, or no need to use javascript from java in your server.
Ektorp also lets you annotate your java classes with the javascript couchdb needs to make views. see the example here: http://ektorp.org/reference_documentation.html#d100e753
Hope that helps.

Widgets in Rails

I have a business that I outsourced all of the tech for. Its essentially a widget on an external site, with a management panel on our domain selecting whats shown on the widget. Lets say its a manual "relevant news" widget.
I think I can code the rails part, but how would I do the widgets part? Can someone point me in the right direction? The widget would need to be JavaScript and copy/pastable.
(More context, having to use the old system thats in PHP, and it breaks my heart having to ask the outsourcers to help me with every little thing, so I'm looking to rebuild it)
EDIT: how much of this is still valid? Its posted from 07 - http://www.igvita.com/2007/06/05/creating-javascript-widgets-in-rails/
Thanks!
Geoff
you could create a json api using https://github.com/fabrik42/acts_as_api (imho, this is the easiest way to create an api)
and then create your widget in pure javascript or jquery.
If you need to authenticate, you'll need to send an api key with your requests, and also on your server side check the request.domain with the api key you have given that domains webmaster.

App Engine and Facebook: which libraries to use?

I will be developing a web application with Google App Engine that will use Facebook Connect as the only means of registering / logging in. The web app will be written in Python. I need to know their name, profile pic, how many friends the user has, as well as their age and also possibly location, relationship status, work info, etc. (although those are mostly optional besides name, pic, age and friend count).
There seem to be a number of libraries that can do the task. There is the official Facebook Javascript SDK, minifb, and pyfacebook to name a few.
How do you think I should go about this task? Which libraries should I use, and what are the pros / cons?
Also to be considered is how well documented the code is and how widely it is used. If you can provide links to relevant example code / documentation, that would be greatly appreciated.
Facebook python-sdk has an example application to use Facebook connect with Google App Engine. I guess, you are looking for the same.
This should be a comment for the answer which suggests using the Facebook python-sdk.
Note that at github it says
This SDK is deprecated. It does not support the new cookie format that
we rolled out as part of the OAuth Migration. In short, it doesn't
work.
I've had success with the facebook-sdk project, which I believe is a fork of Facebook's original (and now dead) python-sdk project noted above. However you may also wish to check out EngineAuth.
Why don't you check out this similar question asked by another StackOverflow user:
Simple Facebook Connect in Google App Engine (Python)
There are some links provided here that sound exactly like what you're looking for.
For all specified detail you need to go with respective permission from users and then you can extract all specific information you needed.
You can go by either Graph Api or Javascript Api:
But with javascript you need to use many ajax request through your application where graph api only need access_token once for particular instance and also independent of client action.
Graph API also helps you in preventing use of other framework like pyfacebook, minifb, etc.
Apart from pros and cons you can also look some example code for both javascript and graph api
Hope this information will be useful to you.

Categories