i've created a project(asp.net) - website
The database resides on the client machine.
Flow:
Client opens the website, and submit with the required fields, and then the server would authenticate.
Next, the api what i've created should be transferred to the Client pc, as the database would be accessible only where the client and server at the same system only.
Limitation: cannot move the database to the server, ie making database on the server.
If i'm hosting website on the localhost, everything is running fine, and also m fetching data from the database and i can see it on the browser.
But the same if i'm hosting website on server, m not able to fetch any result.
Is there any method or so, to execute on the client system that would be making connection between the cient browser and database residing on the client system only.
The whole scenario is same as of: bloomberg (what i came to knw about my issue and the bloomberg as a public db to be used issue), where bbg restricts its usage on the web, and bbg is accessble only for the client system for the client n on that client account only.
ON STRAIGHT: is it possible to access the client machine database or an application by browser.
Because i after making opening the website and also making some input and then submit, the call should call api which will access the data to be shown on browser would be from the client pc.(lets say - database resides at client pc)
No, there is no way to access a traditional database on a PC directly from the browser. You'd need a web app in the middle, so that your browser accesses the web app, and this offers indirect access to the database.
If you can install a web app that has access to the PC database, there are interesting ASP.NET and browser technologies to access the data: Web API OData + breeeze.js.
The only alternative would be to use HTML5 Storage databases, but they are still under definition and mostly unsupported. See, for example, this page: HTML5 Features: Storage. An this is not what you're looking for.
Related
Good afternoon,
I come to request support here to try to understand a behavior that I have noticed in my application and that I cannot explain the reason why it happens.
Settings
I'm using Webshepere, version 9.0.0.11, in which a spring mvc application is running over HTTPS in a profile. This application performs the definition of values in session (HttpSession), so that later, through the JSP, it is possible to obtain this data to be displayed in the browser.
On the client side, through js, a connection is made via WebSocket. The WebSocket server is located in another WebShepere profile.
Unexpected behavior
Whenever the websocket connection is successfully performed, all session data is deleted. Only the data that was recorded after successful connection is kept.
Additional data
If the WebSocket Server is installed in the same profile, the reported behavior no longer occurs, and the application works as expected.
if the application uses HTTP, the behaviour isn't presente.
on wildfly server, even with HTTPS, the behaviour is as expected, that means that session data isn`t deleted.
Default configuration
Application Address: https://myappurl:9444/
webSocket Server address: wss://myappurl:9450/websocket
After tests carried out, it was found that as the connection to the websocket was made to another port on the same domain, an override of the cookies was being carried out, thus eliminating the session data.
The solution went through, in the webshere's profile where the websoket server is located, changing the parameterization of the cookie name in the session management, from the default (JSESSIONID) to (JSESSIONIDA).
Path: Application servers > server1 > Web container > Session management > Cookies
I am tasked with converting a PHP application into a progressive web app. This entails converting the existing PHP logic into JavaScript that runs client-side.
However, the PHP application contains sensitive information, including SQL credentials, which must never be leaked. This complicates the conversion because one of the biggest requirements of a progressive web app is Offline First, or the ability to operate without an Internet connection and/or not slow down even if an Internet connection is available.
Encrypting the JavaScript code is not an option because, no matter how strong the encryption, the decryption code must be shipped alongside it, and thus, determined hackers will always be able to crack the encryption. HTTPS cannot prevent hackers from jailbreaking their phones.
On the other hand, sending an Ajax request to a proxy server that holds the sensitive credentials will slow down the application, defeating the whole point of progressive web applications.
I have spent hours looking up solutions online, yet nothing I found is relevant enough. So how should developers go about ensuring that SQL credentials and other sensitive information are never exposed in the progressive web app?
EDIT: I should clarify that, while I understand that synchronizing local data with server data is the preferred behavior of progressive web apps, I am explicitly forbidden from doing so in this particular case. The data must be kept confidential.
To answer your original question on how to store your DB passwords safely in client side, "you can't". Anything at client side is not for sensitive information like server side DB password.
PWA is a web application end of the day with new features. But those doesn't gives you any added security to perform server side like operations which you can hide from users. Even if you use HTTPS, it will only encrypt data over network.
What if you use: If you store "DB password" in a PWA app or any web app for that matter, user can get the password using Chrome Dev tools for example and use that to connect to DB directly to get all the data in it, not just his.
Solution: PHP is a server side scripting language. When you convert that to HTML/JS, server side code from it will be remaining for your to put it again in server side itself and expose the data using web services to PWA.
On Downloading data: Caching is not plainly equivalent to downloading. Read more on here and if you still don't want caching, you "Network only" mode as explained in the same link and make use of other PWA aspects..like notifications, install to home screen.
For my job, I am doing research on finding a means on how a web application running locally from file:\ in IE11, created with either HTML5 or Javascript, can access the raw data or listen to a computer's serial port being sent out from a windows service or proxy. The situation is that We have a proxy designed to collect data from a computer's serial port and it will send that data outward on our network to the local host.
What we want our web application to do is to catch that data the proxy is sending out directly from the service on the computer, removing the need to have the proxy send the data to a server and having the web application collect the data from a server. So far googling the solution has been difficult. Does anyone know the solution to our problem or knows where to find the solution?
Lazy people, why don't you use Google search bar (!?!)...
Here: https://github.com/garrows/browser-serialport
Note: You cannot use this in a Web page, i.e. cannot put it on a Web server. And it is supported only by Chrome.
Basically I'm developing .NET API that allows a certain Javascript to access a Database through it. The database contains User Information and the API is the mediator between the client (running the javascript on their websites) and the database. The javascript simply gets the data from the DB and displays them.
My problem is, where do I host my API so that the client Javascripts can access it? What is this system called? I'm using Microsoft Azure SQL Databases to store the user information. How do I access my C# API from the client's javascripts? Do I need to host my API on Azure's API Hosting service? Very confused.
1) Client adds the Javascript and a HTML div to their website
2) The Javascript should access the API
3) API accesses the Database and gets the Data (Which is completed and it works)
4) Send the Data to the client and the javascript populates it
I just need to figure out how to make a connection between the API and the javascript on the client's website
Do I need to use THIS?
I would use ASP.NET Web.Api. It allows you to build a REST endpoint in C# that you can host on the Azure platform as well. You will be able to host it using the web sites features of Azure. Even though you want to build an API not a web site hosting it in a web site container will give you what you need:
Easy hosting solutions
Web endpoints for your client JavaScript to consume
C#.NET
Web endpoints close to your database. (Host them in the same data center)
Scalability
Monitoring
Ability to create a web site at the same address if you need to.
I haven't used Azure api management so I can't comment on that, but you will be able to get an ASP.NET Web.Api site up very quickly.
How can a web application store a very large amount of data client-side? (I'm talking concretely about allowing a capacity of some millions of records).
What I want to do here is to allow research of these records offline.
All of the users are using Chrome.
I was opting for indexedDb until I read that with about 400k records, it is almost unusable.
Then there is the Web SQL, but it had been deprecated.
I was then thinking that my last option would be to install a web server like apache with small script locally that would interact with my web application and store the records in a DB like MySQL. With AJAX I could access my script in localhost, but then there is the cross-domain problem.
I ran out of ideas
Update: clarification->
The main web application is running on a distant server. It has to be on a server as the application is used by several people at different locations (it is shared), and need to be accessed by smartphone, etc. The last idea was to install a web application locally (on all of the user's computer), that would interact with that distant web application to fetch the records from it and store them locally. Anyway it wouldn't work because of cross-domain issues I guess.
I see few alternatives:
don't you actually need a desktop application. I know, I know it is so 1990's...
installing a local web server and accessing your application via web browser is an option as well. But this is dangerously close to point 1.
you might consider developing a Java applet and permitting it to use the file system