Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
If you don't want to read what im trying to do just skip to the "My question" part :)
My goal:
developing an application that saves as much server performance as possible.
There is no such thing as 100% secure, the app of course should be as secure as its coded.
However the founder of http://lavabit.com/ actually managed to take his security as far as making it NSA-safe (which obviously is the reason he had to shut it down).
My Progress:
I already discovered the BackboneJS Framework, which has saved me a lot of server-side coding,
using javascript templating, routing, input validation,client communication using websockets.
My Question:
since installing node or php on the server is a security risk in itself (which is the reason security issues need to be patched on newer versions.).I would like to know if there is a way to authenticate users without being forced to install nodeJs or PHP.
If you're able to use HTTPS then perhaps you could look at just using Basic access authentication? The web server itself would do the authentication - more information on Basic Auth in Apache can be found here.
I really think the experience you get from using a server-side language and cookies etc. is far richer and offers a much nicer user-experience. I'm not sure I understand the security risk[s] which you allude to. Alternatively if security is something which you are hesitant about, and feel that it will slow your app down, then perhaps you should consider designing your programme in such a way that security is not an issue.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 23 hours ago.
Improve this question
: )
On my adventure with coding, I got to the point when I want to learn about databases but I don't quite get where to start.
I know that we have SQL and noSQL and I get the difference more or less.
The project:
It's a basic budget app. For personal and learning use only (me + a bunch of friends). I store the data in local storage. It's not really convenient + I want to learn the alternatives.
The project has been deployed via Netlify.
In the future, I'd like to write a small app which would work as a survey app and then save the app in some database so that I can analyse it (I actually need such an app to finish my Master's thesis and can't find anything). There would be mostly closed questions. Then, I'd like to check eg how many ppl chose A in question 1 and simultaneously B in question 2. Here, the SQL database would be more convenient, is it right?
I use JS and React.
My question is:
is there any free server online that I could use as a database?
I thought about JSON file. Please, correct me if I'm wrong, but I cannot make a fetch request from the app to the app. I understand that I would need a server or API. I don't want my computer to be the server as it's not sustainable.
The same thing with node.js, right? I can't use it inside the app to change a file in the app unless I use localhost, which I don't.
I also thought about Mongodb. I don't quite get how it works. I saw a tutorial that instructed me to download it. Then I will use my computer as the server, right? Is there an option to use some online database, preferably for free?
I know that Amazon, Google and Microsoft offer sth, but it looks a bit perplexing to me and before I dive into this, I'd like to know if I'm at least going in the right direction. I saw a tutorial about Google sheets as a free online database. It looks complicated but would fulfil my need. Do you have any experience with that?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
i'm really new to these things. Normally in making website it's easy to secure it becasue everything is actually local. Just PHP or someting like that process data and shows up in a static page. But when we got desktop app i don't know how to do it. How can i make app <-> server relation? Like Instagram or Facebook or something like that. At the first i think JSON might work for that, but it think it's not secure for all information.I hope i explained good.
Little bit late but if someone comes here, here's the answer you're looking for; HTTP. Yeah It's that simple. Learn how HTTP works. For making security tight, look for cross origin resource sharing (CORS), two-way encryption, server-side validation and so on. Have a good day!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have made a decent website using HTML, CSS and JavaScript. I'm new to programming.
Now I want to give some privacy to some users and create a login space. I saw that some people are using PHP, other JS or Node.js, but I haven't seen any good guide for the best practice.
I would like to make a robust website with up-to-date technologies. What is the best practice for this kind of request?
It is very wide question and have so many answers and techniques based on your requirements, for example if you need to implement it yourself you need to use token based authentication, AKA JSON Web Token, technique where you simply send a token to you client after validating their username/pass to be saved in the browser and later on you can send this token along with any further API/HTTP request(s) for validating your encoded token that was sent before by your authentication service.
Check JWT site to know more about different libraries that will help you implementing this technique in almost all known languages (PHP, NodejJ, Python, .NET, and Java) in just 10 minutes.
Backend server or used language should not be the issue as much as you should understand the technique itself.
If you want to use Amazon Cloud, you can totally depend on their authentication services they provide, its name is AWS Cognito
If you need to implement social based authentication, then you should use OAuth protocol for integration with different sites like Facebook/Twitter
If you're using JS for your website then I would suggest using Node.js for your database. What you'll be creating is an authentication front to your app to protect the data within. Here is a good link on getting started with authentication.
Check this out
You probably would like to take a look at PHP.
If you want good security for your database, you will want to take a look into hashing passwords so in case your database gets hacked, it's not so easy for a hacker to get everyone's information. Not only that, but you're not a safe site if you're not hashing user's passwords, you'd be a phishing site considering you'd be able to see their passwords. (DON'T DO THAT) Here
You will also want to learn SQL for handling the information that will needed to be saved to a database for access through queries. SQL
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I developed a Node.js Application that I would to like to sell to my clients on monthly charges.
I'm looking for solutions to:
Keep my source code safe
Easy client installation
Serial code solution for activation
Application update method
Any advise will be appreciated.
Similar Question: Secure distribution of NodeJS applications
Your goals
Keep my source code safe
The only way you can do it is by making it a Web application that is used as a service instead of being distributed to the client. Don't trust anyone who tells you about code obfuscation or encryption as this is inherently impossible.
Easy client installation
Nothing easier than a Web application.
Serial code solution for activation
For a Web application you don't even need that. And for any application that you distribute to the client it will be trivial to circumvent and there is no way around it.
Application update method
Web application is always up to date. For a distributed application you can take a look at the Electron auto updater.
Any advise will be appreciated.
General advice
My general advice would be to keep in mind that any Node application that is distributed to the client will be very easy to analyze the source code and to circumvent any activation features that you implement. The only thing you can rely on in that case is law, not technology. Make sure that the licence is enforceable and the terms are clear. Distributing the source code doesn't mean that it has to be open source. The license is what's important, not the visibility of the code.
Your options
Depending on what the application does and how the interface looks like, something that you said nothing about in your question, you have few options:
Distribute the application as is and rely on the license to protect you but understand that anyone could be able to analyze your source code no matter what you do. Here you need to manage updates for every change. People will be able to circumvent your activation code feature.
Make it a web application and keep its inner workings completely to yourself. Here you have no updates problems or source code visibility. No need for activation code, you can give access only to paying customers.
Make it a service and keep all the important logic in your backend API and distribute only a thin client that uses that API. You only need to manage auto updates of the client, the backend code is always up to date. You don't need to implement activation codes, people can just log in to the account on your system in the client program and your backend will know who is a paying customer and who's not. The only source coude visible to the client is the client side code which can be minimal and doesn't have to include any critical logic.
Of course it all depends on the nature of your application which you said nothing about.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am currently developing a site to track credits gained from exams, and how these stack up against the user's goal credits.
I know JavaScript fairly well, but don't know any PHP.
What would be the best option to use as a database? Please, I am a beginner and I will be getting answers from advanced programmers. To me, your opinions count so please don't close this as asking for opinions.
MySQL
I could use this on a PHP site, but it would involve me learning PHP. What are the benefits and would they outweigh the hassle of learning a whole new language?
JSON
Would it work if I used JSON files for data storage, and used xmlHttpRequest() to read and write information?
Firebase
Would Firebase work as a fully operating database?
If you know javasript very well and aren't willing to learn a new server side language, I would recommend using Firebase. They way it works is very similar to if you had built your own REST api and just made ajax calls to it.
I wouldnt recommend using json to store data. Anytime you want to read there would be more data sent over the network than necessary and when you get enough data it would be impractical. Databases exist to avoid storing data in a file and simply reading/writing to the file.
Using php wouldnt be the best idea. It is a very powerful language, but it is incredibly easy to write major bugs with it. If you were to use it I would recommend learning a web framework because it would fix most of the bugs that you would write yourself. Heres a list of a bunch of php frameworks http://www.phpframeworks.com/. I think that there would be more benefits to you actually learning php. For starters, every developer should have more than 1 language in their toolbox. You should be able to approach a problem and know what the best way to solve it is and that starts with the exposure to different languages and technologies. Learning another language will take a decent amount of time, but you will get much more out of it than releasing your site a little bit earlier.
So to sum it up, I would use php(or any other scripting language for that matter) with a web framework. Your site would be more secure with the web framework and you will become a much better, more valuable developer by taking the time to learn something new.