Does the date object get the values from the operating system locally ? what if someone changes his time value , in my project I need to implement a system for reserving food, in my case the user can't make request for food before 10 am , but what if one of the users change his current time ?
I think that the best choice is to get time value form backed side.
any suggestions ?
Everything you do in javascript is client side, it's executed in the browser of the user, so your date object will be created depending on the client's browser.
Moreover, all the validation about the time has to be server side to prevent any kind of alteration. You have to perform ajax requests and make sure on your server that the client is allowed to buy food.
Related
I have variable in Javascript which are created by reading a number from HTML, adding a number to it and then returning it to HTML.
I want to make it so that no matter what browser/what user you are, you are seeing the latest version of the variable. Currently, if I refresh the page then the number resets to 0 (the default value). I want it so that if I update the number to 1 when someone else views it from another browser they will also see 1 and not 0.
I've seen that cookies are an option, however I thought cookies were client side only? So that would mean that only I would see the latest version of the variable.
I've seen that sessions are another option, are sessions server side? And would they do the job that I am after?
Is there another way of doing this I haven't considered?
Thanks in advance
I want to make it so that no matter what browser/what user you are, you are seeing the latest version of the variable.
You need to send your updates from the browser to a server, and then have that server relay your updates to all the other clients. There are many choices for how to do this, with various tradeoffs and complexity.
One method is to simply take that number and send it to the server. Then, on next page load, the server injects that new number into the page it outputs (or it serves it up via an API call, over AJAX, via the Fetch API, or server-sent events, WebSocket, etc.). If you do this though, you will need to decide how to handle concurrency. What will happen if two people load the page at the same time?
The general system you're describing is called Operational Transform, and this is a rabbit hole you probably don't want to go down right now. Just understand that there's no magic that synchronizes things across the planet perfectly and at the same time. Your system has to account for inherent delays in some way.
I've seen that cookies are an option, however I thought cookies were client side only?
Yes, cookies are client-side. They're sent to the server with every request, but that's not a useful tool for you, aside from session identification.
I've seen that sessions are another option, are sessions server side?
They can be, but you need to find a way to know what the user is between browsers. Normally, a session ID is stored in cookies.
I have found certain online time servers that share accurate time when provided with proper time zones. For example:
time.windows.com
time.nist.gov
time-nw.nist.gov
time-a.nist.gov
time-b.nist.gov
are some time servers that are used by Windows to auto-update time over internet. I want to use these servers to determine the accurate time instead of local server time or client system time. I tried querying as : http://time.windows.com/?timezone=GMT+5:30 (get request) expecting to get current time in India but it said: Error : 403.
So, I would like to know , What's the right format to query such time server to get the time & date in response. Codes using any ne of html (get)(post), php, js, jquery is/are acceptable.
Thanks !
You should not do this from your application code. As you are pointing out there are "some time servers that are used by Windows to auto-update time over internet." So, use an appropriate client program/service to set your server's time on a regular bases. This way your server's clock will always be accurate to the microsecond level. Attempting to query a time-server on a per request bases (as your description suggests) is foolish and causes a great deal of unnecessary overhead.
So I'm writing a game client using WebSockets. However, I want to prevent people from cheating and sending certain data to the server. Can people modify the html and javascript on the page to change what data is sent to the WebSockets?
If so, how can I prevent this from happening?
This is the big thing about "cheating" and "hacking" in (multiplayer)games. Data that comes from the client (and sometimes even the server) can never be trusted.
Think about a "teleport hack" in a shooter game. Your client is sending your players new position to the server, as soon as you move. If you want to cheat, you can simply manipulate your client to send the coordinates of the position you want to teleport to.
Now there are two possible outcomes:
1) The developers did not care about cheaters, when coding the server side application. The server accepts the new position, although it is impossible that your client moved to that position since the last position update.
2) The developers were smart and wrote an intelligent server. Before accepting the new coordinates, the server validates if it is possible that your player moved to the given location since the last update. If it is, the server accepts it. If it is not, you get banned for the next 1000 years.
Where should I store a client secret in a JavaScript application to prevent other users from getting access to it? My particular use case is an AngularJS SPA.
The client secret is a guid which is generated at login and passed back to the client, expires after 15 minutes of inactivity.
Considering the nature of my secret key, should I even care?
2 things:
One: You can't. It's on their side, anyone with access (to the computer while that user is logged in) and knowledge will be able to see it. As well as anyone that intercepts the transmission from client to server (if your not using https).
Two: It's not necessary if you are implementing it correctly.
Meaning will it ever be valid again, after it expires, or is it a one off*?
Is it authenticated against the other half on your server?
*By one off, I mean a GUID is supposed to be globally unique. Are you using the same GUID each time for each user or are you scrapping it and the next time assigning them a new one? If the first you have an issue.
If your doing all those things then you really don't need to worry about it.
I need to get the browser user local date and Time on my server side asp vbscript page.
The goal is to show a specific message to all connected users that are in conversation at a specific local time in my web chat application.
Is that possible?
One way is to include the local time on an hidden text field and then pass it through using ajax/javascript but it's not secure because user could change it and find the secret time on server side.
The best I can think of would be to cross-reference Request.ServerVariables["HTTP_ACCEPT_LANGUAGE"] to a time zone offset and then calculate their local time using UTC. The liabilities here are trusting that their local language setting corresponds to their time zone appropriately and that your accuracy doesn't need to be perfect all of the time (multiple time zones per language code).
Alternatively, if you can afford to be lazy in this case (how important is this local time to your app?), you could just write some purposely obscure js code to smuggle the local system's current time as a long int and named something misleading for those hackers interested in spoofing your js.