I'm making a model viewer online with Javascripts. For security reason, i don't want user can run it anywhere out of my site.
I already obfucated and lock domain but if user download whole website, they still can run offline.
So, how to detect that user is running offline and stop working by Javascript?
Thanks.
var checkAfter=15; //15 seconds
setTimeOut(CheckNavigatorState,checkAfter*1000);
function CheckNavigatorState(){
if(navigator.onLine){
// --- Add javascript src OR call js functions here
}else{
//----remove javascript source OR stop functions
setTimeOut(CheckNavigatorState,checkAfter*1000);
}
}
I would like to mention that it is not easy to tell whether the browser is offline or not.
Some browser vendors say the browser is offline when computer loose its connection to the network, which is not really exact. We know that you can have access to the LAN but not to the internet. So to do what you may need to ping a real distant server, such as Google.
EDITS: To ping with JavaScript, check this fiddle (edited)
You could make the javascript code check the domain it is running on using the window.location property (http://www.roberthalf.com/technology/External_Sites/content/RHT-NA3/Shared/Images/logos/rht_logo_c.gif) but that will only keep people who don't know how to modify javascript code from running it locally. The better solution would be to make your code dependent on something on the server so that whenever they try to do something important it makes an ajax call to the server, which can then check the referrer and return an error if they aren't running from the server.
Related
I know this is security-wise an absolute No-Go. But I have a customer, who has an angular application running internally only. This means the workers of the customer don't have internet access in the browser in which they use the application, and it is running in a virtual machine.
So they don't really care about browser-security, since they only use the application on it.
Now they have following use case:
User clicks a button in the Angular app
A powershell script on the local machine gets executed
So my question is, is there a way to call a local Powershell script with using Angular/Javascript?
My current idea
I could start a local NodeJS server on the virtual machines (always when they are booting) running on localhost:8080 for example, which listens for Rest calls.
When the user hits the button, the Angular app will make a Rest-Call to localhost:8080, which is the client node-server and the node-server executes the Powershell-script.
I see that's possible with: Execute Powershell script from Node.js
So does this make sense?
Or is there a better way to accomplish something like this? (As I said if there's a possibility to turn off browser security it's ok.)
Other way to achieve this is by registering a custom protocol with your application. That is how lot of apps like slack, skype etc work. But, your initial solution seems more platform independent.
I have a site made in php that calls a javascript file to check for site notifications and then send them as a browser notification (ie Mozilla's Firefox Notifications, Chrome Desktop Notifications, etc.). It works really well, and some users have asked for a chrome notification. I made a basic chrome notification that uses the same code, and it works great for when people aren't using the site. However, the problem is when they're both running at the same time. Users who are on the site and who are using the extension find themselves getting double notifications.
Is there a way to make sure that neither one's code runs if the other is active?
Thanks!
The best way to do this is to mark the alert as read on the server side. That way if I have both Firefox and Chrome open and they go to pull the alert, whoever gets there first will mark the notification as read so that the other doesn't alert it.
You Can set cookie. if one script is running then set cookie. and when you start executing your code then first check if cookie is set? if yes it means another script is running. if cookie is not set then start execution of code.
hope it helps.
Thank you.
I was playing around with cookies and stuff, until I noticed a website saying that you can easily set cookies via the navigation bar with one simple code;
javascript: document.cookie="SESSID=IDOFSESSIONHERE;path=/"
while doing this, I could login on one computer, copy the cookie data to another computer, and set the same cookie via this code, after a refresh I was logged in with the same user.
(just on a simple webpage I made myselve)
this seems like a security issue to me, I mean, ofcourse they would first need to get the cookie data, but without that, I imagine that you could do alot of damage with the javascript: from the cookies aside.
Is there any way to prevent the usage of javascript: from the navigation bar?
The user is the security issue not Javascript. The user gave you the session id - i.e. do you give out your keys/passwords to others? If you do what can the site do? Send around a blioke to look over your sholder all the time
Javascript is only excecuted client side, (exception is nodejs). So no harm can be done to the server.
Javascript runs in the users browser.We dont have any control over it.
The thing you can do is to obfuscate or hash variable names and/or values.
See here
You cannot prevent JavaScript usage from the navigation bar. I could visit your website and use the Internet Explorer debug tool, Chrome debug tool or FireBug to launch JavaScript code on your page.
Since JavaScript runs on the on the visitor's local computer, you will have no control over it. Only the visitor has control over what cookies will be stored in the browser.
What you need to do is to take measurements of security server-side. But yes, all authentication-processes that depend on a session cookie will have the security issue you are explaining.
I am integrating a web application with facebook by following this tutorial
It is normally working but when AVG do not track is active the browser can't load the Facebook JavaScript SDK so I want to show the user that in such a case he needs to disable the AVG do not track for the current website..
Is there a way to handle the loading error in JavaScript? We have try catch in Java - is there something similar in JavaScript so that I can hadle the loading error.
Sorry if this is a simple question ... I am a noob when it comes to JavaScript :(
I attached a little function to give feedback at the end of the code supplied by the tutorial.
http://jsfiddle.net/PRvJs/1/
The problem is that because your script is running in a web app and the blocking is happening on the browser application level, you can only ever infer that things have gone awry, and even then you have to make assumptions – scripts have load and error events but most Facebook blocking scripts circumvent that whole thing and just kill the HTTP request before it even goes out… so you can never really know!
As a fallback, I made the subjective decision to wait 30 seconds and if there is still no load or error resolution to the script injection, makes the arbitrary [1] decision that something is fundamentally screwed somewhere between your code and Facebook. As far as I know, this is the most you can determine and the only way to determine it…
[1] Most connections close if nothing has happened in 30 seconds.
I have a site which uses AJAX and preloaders. Now I would like to see the impact of these preoloaders before deploying the site online.
The "problem" is that localhost doesn't have loading time and the response is immediate, so that I can't see my preloaders.
How can I simulate loading or limited bandwidth (with Firefox, Rails or whatever else)?
If on windows, download Fiddler and set it to act like you are on a modem:
Tools-->Performance-->Simulate Modem Speeds
[edit]
Since you said you are now on a MAC, you have Charles which has throttling
[/edit]
I don't have a rails app in front of me right now but why don't you just add a delay to the appropriate controller?
i.e.
def index
# ...
sleep 2 # sleeps for 2 seconds
# ...
end
Alternatively, use a debugger and place a breakpoint in the controller code. This should mean that your preloader will show until execution is continued.
One option would be to deploy the site briefly to the host you will be using for production under an alternate URL for performance testing.
However, the way it performs for you won't necessarily be the same for everyone else in other locations.
If you provide some more detail on what these "preloaders" are and how they work and what you mean by "see the impact" we might be able to give better answers. Do you mean you want to eyeball the AJAX spinner gifs and get a feel for how it will look to the end user as the loading takes place? Or do you mean you want to do some kind of formal benchmarking on them?
You can use Firebug plugin to Firefox to determine the network behavior of your page. This works fine for localhost. You should see all images being retrieved simultaneously at the time of the preload execution.
You could configure your router so that it forwards requests on a certain port to the computer you're running the website on. Then, when you open your.ip.add.ress:the_port in your browser, the bottleneck will be your upload speed, which is generally quite low.
But that's just how I would do it ;)