Access restriction with JavaScript [closed] - javascript

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have an application done fully in JavaScript using Ember.js. What I want help with is the following:
I have two account types: basic and premium.
Depending on what account type the user have I wish to display ads him.
The user can use parts of my application only if he has a premium account.
What I must have in mind in order to protect my application so it's secure against people trying to use premium features without having that privilege? Because all Javascript will be sent as a single file, people can just look at all my app code and maybe reverse it or even copy it and use locally without even entering my site, which would put all my effort to waste.

Your client side code shouldn't be considered more than sugar for the user's experience, not a layer that is trusted.
That means your backend should be pessimistic in nature, not trusting requests from the client, but making sure they can make said request, and sanitizing any data sent to them assuming the user is trying to do harm.

Related

How do I make a web app with Google APIs? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 10 months ago.
Improve this question
I am pretty new to web dev, and I wanted to create a simple UI in Javascript with the Google Maps Places API to familiarize myself with everything. My question is, would I just make direct URL requests with the user’s variables, or would I have to create something server side, and if so, what would I have to do?
It depends on your application's functionality. Generally, you could keep all everything on the client-side. If you app is a server-rendered one, meaning you would be using a JavaScript framework like React or Vue, you could use just the website state to keep track of users' variables and send out requests to the Google APIs to do the heavy work.
You could also look into tools like Firebase, also created by the folks at Google to handle storage or user authentication. There are rich docs on how to include Firebase in your web application for your framework of choice. This way you can create language-agnostic backend resources that conform to all of the security measures and scales automatically so you can focus on the users' experience.
In case you would like to offer some less-common functionality or have complete control over the backend you could write up an API of your own and have it deployed on a separate backend server.

How to make a working login functions for my website? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
Improve this question
I am just entered this game since last December. Now I finished HTML CSS and a little bit of Java Script yet I got stuck at this stage: I can do basic styling but I don't know how to make it interactive.
So my question is :
how can I make a login function for websites, which can gives visitor an account (sign up, login, forgot password) that can do basic things like comment , add to basket and favorite a product?
Don't need to be specific, please just highlight which language is involved in which stage.
Thanks ahead.
Now I finished HTML CSS and a little bit of Java Script
So your site is what is called a static website.
If you want to allow login and data storing, you need a dynamic website, that requires one of this technologies:
PHP
ASP (check also ASP.NET)
Node.js (with express or http module)
Django (Python's library)
A few others...
All this technologies are called server-side languages/technologies, and the most used for long years has been PHP, that now has some strong rivals in terms of usage.
You can use only html/js to create a website. But, if you need authentication, post comments, a server side is needed.
A js can call easely an API to authenticate (server side) and post comments with XHR. You have to create it. You need to know how Authentication headers works for server side. You need to have a database (sql, file or nosql, it's your choice) to save the users datas and rights.

How should I structure .net website to use a web api? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I'm starting a project that will use a search bar to hit a web api and return the results. There will be no writing to the web api.
My biggest struggle when creating a new project is how it should be laid out. I never know when i should create a DAO, do it all via javascript, put it in a controller, etc.
For developing something like a search engine or any web application. You would need following:
A frontend, which is your application's GUI in browser of user or mobile application.
A backend logic, this could be in any server side scripting language, in your case you would be writing server code in .net
Now, your backend must expose a search api, Eg. If I send a HTTP GET with a variable q, it should return search results matching the query.
Your frontend must have input-box and a button for allowing users to send this request.
This answer isn't complete, just a vague overview of how this problem can be approached, also this isn't the only solution.

Send data online from one device to another using AJAX [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I'm trying to make a web application which uses a mobile phone as a controller (an example of this kind of thing: http://chrome.com/supersyncsports/). It isn't something very complicated, I just need to send text which was entered in the phone to the computer. I don't need any database, I just need to send text from one device to another. Is there a way to do this with AJAX and without PHP?
Thanks,
bhc11
This is possible but it's not simple. You will need to setup a browser-to-browser peer-to-peer connection.
See WebRTC and Wikipedia for a high overview of the technology.
You are going to need some server back-end to process this. You will make your ajax call to the server which reads and determines the location to send the text on to. Since you are using mobile, you will need to either send a push notification to the second user, or you need to have the users polling for new content.

Real time collaborative use interface on the web [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm wondering what the technologies and best practices are behind real time collaboration in web interfaces.
An example of this is of course Google Wave. Another is PivotalTracker.com.
I'm particularly interested in any work (frameworks, plugins, etc) people are doing with Ruby on Rails here.
I imagine it would have to use Javascript underneath at some level, but you would need a way to abstract this out. Probably polling the server periodically to see if changes have been made, and also a way to resolve conflicts if in the middle of editing something the server comes back and says someone else has updated it.
Thank you!
Wave has operational transform that has a nice property of being easily combinable. You have two users, each of them does "something" in the user interface and two "somethings" can be combined into final document. That allows you to skip the problems with conflict resolution.
A nice way to enable real-time updates to state of the app is by using Comet, which is essentially a geeky codename for keeping an alive, long standing, unterminated get/post request to the server, that server finishes and responds to when something happens on the server. It allows sending to the client instantaneous updates without having the client periodically poll.
I can't really say how to abstract this away in javascript/r'n'r, many of the underlying technical details are hard enough and application specific that no framework supports them out of the box.

Categories