Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have made a decent website using HTML, CSS and JavaScript. I'm new to programming.
Now I want to give some privacy to some users and create a login space. I saw that some people are using PHP, other JS or Node.js, but I haven't seen any good guide for the best practice.
I would like to make a robust website with up-to-date technologies. What is the best practice for this kind of request?
It is very wide question and have so many answers and techniques based on your requirements, for example if you need to implement it yourself you need to use token based authentication, AKA JSON Web Token, technique where you simply send a token to you client after validating their username/pass to be saved in the browser and later on you can send this token along with any further API/HTTP request(s) for validating your encoded token that was sent before by your authentication service.
Check JWT site to know more about different libraries that will help you implementing this technique in almost all known languages (PHP, NodejJ, Python, .NET, and Java) in just 10 minutes.
Backend server or used language should not be the issue as much as you should understand the technique itself.
If you want to use Amazon Cloud, you can totally depend on their authentication services they provide, its name is AWS Cognito
If you need to implement social based authentication, then you should use OAuth protocol for integration with different sites like Facebook/Twitter
If you're using JS for your website then I would suggest using Node.js for your database. What you'll be creating is an authentication front to your app to protect the data within. Here is a good link on getting started with authentication.
Check this out
You probably would like to take a look at PHP.
If you want good security for your database, you will want to take a look into hashing passwords so in case your database gets hacked, it's not so easy for a hacker to get everyone's information. Not only that, but you're not a safe site if you're not hashing user's passwords, you'd be a phishing site considering you'd be able to see their passwords. (DON'T DO THAT) Here
You will also want to learn SQL for handling the information that will needed to be saved to a database for access through queries. SQL
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
Improve this question
I am just entered this game since last December. Now I finished HTML CSS and a little bit of Java Script yet I got stuck at this stage: I can do basic styling but I don't know how to make it interactive.
So my question is :
how can I make a login function for websites, which can gives visitor an account (sign up, login, forgot password) that can do basic things like comment , add to basket and favorite a product?
Don't need to be specific, please just highlight which language is involved in which stage.
Thanks ahead.
Now I finished HTML CSS and a little bit of Java Script
So your site is what is called a static website.
If you want to allow login and data storing, you need a dynamic website, that requires one of this technologies:
PHP
ASP (check also ASP.NET)
Node.js (with express or http module)
Django (Python's library)
A few others...
All this technologies are called server-side languages/technologies, and the most used for long years has been PHP, that now has some strong rivals in terms of usage.
You can use only html/js to create a website. But, if you need authentication, post comments, a server side is needed.
A js can call easely an API to authenticate (server side) and post comments with XHR. You have to create it. You need to know how Authentication headers works for server side. You need to have a database (sql, file or nosql, it's your choice) to save the users datas and rights.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I would like to add a live chat support channel in my website, mainly focused on new users who have specific questions about my services and i´be been thinking about the best way to implement this solution myself. do note that i do not intend to use third party solutions.
What i´ve thought about retrieving messages: i can have a form on the page that will activate on user click (like a "start chat" button), once the button is clicked, i will GET all messages in the database related to the client's IP address (if it's not a logged in user) through a web service and load it into the DOM. after this, i will have a javascript function that will execute every XX seconds asking whether there are new messages.
to send messages: the user will have a textArea with a "send" button that will trigger a POST to a web service in order to save their message into the database, on the Support/web admin side, everything will work in a similar fashion but with the option of having several chats at the same time. Also i think I can achieve this by using JQUERY and ajax requests.
Is this a good idea to implement a live chat services? or am I far off from the ideal way of doing this? I have browsed around and all i get is suggestions to use third party service which i definitely do not want to use. Thanks!
You should have a look at websockets, especially at the socket.io library, which provides you an event based communication between the clients and the server.
They even have an example how to create a live chat:
http://socket.io/get-started/chat/
I you want a chat that is not just a "proof of concept", you should go for using XMPP, it's the most popular (and maybe the only-one) opensource instant-messaging protocol. There are several implementations in multiple languages and it has proven its robustness.
Wikipedia :
Extensible Messaging and Presence Protocol (XMPP) is a communications protocol for message-oriented middleware based on XML (Extensible Markup Language). It enables the near-real-time exchange of structured yet extensible data between any two or more network entities.
source
You could also take a look at IRC, which is quite old but still useful.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I developed a Node.js Application that I would to like to sell to my clients on monthly charges.
I'm looking for solutions to:
Keep my source code safe
Easy client installation
Serial code solution for activation
Application update method
Any advise will be appreciated.
Similar Question: Secure distribution of NodeJS applications
Your goals
Keep my source code safe
The only way you can do it is by making it a Web application that is used as a service instead of being distributed to the client. Don't trust anyone who tells you about code obfuscation or encryption as this is inherently impossible.
Easy client installation
Nothing easier than a Web application.
Serial code solution for activation
For a Web application you don't even need that. And for any application that you distribute to the client it will be trivial to circumvent and there is no way around it.
Application update method
Web application is always up to date. For a distributed application you can take a look at the Electron auto updater.
Any advise will be appreciated.
General advice
My general advice would be to keep in mind that any Node application that is distributed to the client will be very easy to analyze the source code and to circumvent any activation features that you implement. The only thing you can rely on in that case is law, not technology. Make sure that the licence is enforceable and the terms are clear. Distributing the source code doesn't mean that it has to be open source. The license is what's important, not the visibility of the code.
Your options
Depending on what the application does and how the interface looks like, something that you said nothing about in your question, you have few options:
Distribute the application as is and rely on the license to protect you but understand that anyone could be able to analyze your source code no matter what you do. Here you need to manage updates for every change. People will be able to circumvent your activation code feature.
Make it a web application and keep its inner workings completely to yourself. Here you have no updates problems or source code visibility. No need for activation code, you can give access only to paying customers.
Make it a service and keep all the important logic in your backend API and distribute only a thin client that uses that API. You only need to manage auto updates of the client, the backend code is always up to date. You don't need to implement activation codes, people can just log in to the account on your system in the client program and your backend will know who is a paying customer and who's not. The only source coude visible to the client is the client side code which can be minimal and doesn't have to include any critical logic.
Of course it all depends on the nature of your application which you said nothing about.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am creating a website that must be able to login using the credentials that are saved in a text file(login.txt).After logging in the person must be able to add and remove images(images folder).
These images will then later be used to create a gallery that all users will be able to view.
What I want to know is can i achieve these results by only making use of HTML and JavaScript or must i also make use of server side languages like php or asp.net ?
note : I have done a good amount of research and still wasn't able to find an accurate answer for this question.
Any advice will be useful. Thanks ahead...
Short answer: You have to use a server
I assume you already know Javascript, so my advice is use Node.js.
You have to use a server side language because other users need to see the gallery , besides the ones that are uploading. So you can't use localStorage to save the images, because the front-end is private to the user, not global to every user (like a database or a server).
Some suggestions:
Use a database for user details, is faster, safer, and more maintainable
Define a Rest API on the server-side
On the front-end make a Single page application (using desired framework/libraries), using TDD principle
You should to use a server side language.
And if you save the credentials in a text file then anyone can reach these infos with that file url. ( Eg: http://yoursite.com/login.txt )
What I want to know is can i achieve these results by only making use of HTML and JavaScript or must i also make use of server side languages like php or asp.net ?
You'll need something on the server. That something might be:
Web server software that supports using the PUT verb to put files in a directory on the server. The general term for this is DAV or, in the web context, WebDAV. Apache, for instance, supports it with mod_dav. I've never tried it, but it may be possible to set up Apache with simple authentication (probably not with a plain text username/password file, though) and enable WebDAV for authenticated users. Your client-side code could then send PUT requests via ajax.
A server-side programming environment of some kind whether that's PHP, ASP.Net, NodeJS, or something else.
A content management system of some kind that already provides the ability you would otherwise write.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
If you don't want to read what im trying to do just skip to the "My question" part :)
My goal:
developing an application that saves as much server performance as possible.
There is no such thing as 100% secure, the app of course should be as secure as its coded.
However the founder of http://lavabit.com/ actually managed to take his security as far as making it NSA-safe (which obviously is the reason he had to shut it down).
My Progress:
I already discovered the BackboneJS Framework, which has saved me a lot of server-side coding,
using javascript templating, routing, input validation,client communication using websockets.
My Question:
since installing node or php on the server is a security risk in itself (which is the reason security issues need to be patched on newer versions.).I would like to know if there is a way to authenticate users without being forced to install nodeJs or PHP.
If you're able to use HTTPS then perhaps you could look at just using Basic access authentication? The web server itself would do the authentication - more information on Basic Auth in Apache can be found here.
I really think the experience you get from using a server-side language and cookies etc. is far richer and offers a much nicer user-experience. I'm not sure I understand the security risk[s] which you allude to. Alternatively if security is something which you are hesitant about, and feel that it will slow your app down, then perhaps you should consider designing your programme in such a way that security is not an issue.