i've made some chat application in Node.js with now.js. And now I think up about something.
There are two files.. server.js, and client.js and everyone can steal client.js file and run it on another hosting to get benefits of my server.js work. How can I prevent it?
This is about that client.js connect with host by domain and port:
window.now = nowInitialize("http://address.com:6564");
How make it more secure, for example only clients (js files) from my host(address.com) can connect with my host.
If your concern is that other servers can use your server with the client code:
this should not be an issue because of the Same Origin Policy. Only if your server specifically allows it, will clients from other hosts be able to communicate with it.
Just try it out from a different domain name (or even localhost): you will see your browser won't let you make cross-domain requests.
(As an example, you can see this StackOverflow post were a user could not get Socket.IO working over different host/post combinations.)
UPDATE
It would work like this:
How does your users get authentified into you chat? Is there a registration or anything?
Maybe a token or a secure key would do it? Or a secure cookie ( sorry ... but at least invisible to the user ) with the said token? And without a token you couldn't access your services?
Related
So my goal is to have node.js forward a specific url to an external server hosting a minecraft server.
First of all, how could I go about doing this? When trying to find a means to do this all I can seem to come up with in search results is how to setup node.js server for developing a game, or I find how to forward from one port to another on the same machine.
Secondly, concerning means of doing this, hoping I can do so in a method where the client now goes back and forth directly with the server rather than routing all data through the node.js server. The goal here isn't to obscure the server, just to provide an easier to remember url for the server. Mind you if that's not possible I'll just route it all through the server and see in time if there are any issues with such.
Edit for clarity:
I have a website setup using node.js at mydomain.com, it's a fairly simple setup, I'd like mydomain.com/mine to redirect to a minecraft server hosted by a different company.
I think the easiest way to solve this problem would involve creating an "A" record for your domain in your DNS panel on your web host. With an A record, you would have something like minecraft.mydomain.com redirect to your server's ip. Here's some information about A records: http://help.dnsmadeeasy.com/spry_menu/a-record/
Googling around about domain redirects to game servers makes me believe this should work, but I haven't done it myself.
It sounds like you just want to do a simple redirect.
Assuming your app is itself a node.js app, Here's a quick example redirecting my localhost:9000 to google.
var http = require('http');
var server = http.createServer(function (request, response) {
response.writeHead(301, {Location: 'http://google.com'});
response.end();
});
server.listen(9000);
console.log("http://127.0.0.1:9000/");
I'am searching for days now but could not get an answer.
I would like to do the following:
User connects to editor.html (Apache2 with basic http auth)
User want to open a file (lets say /home/user1/myfile.txt) on the server with his user/pass (same as in passwd)
Node.js Script gets startet with user rights from above and user can edit file
The Node Script will handle the connection via websockets and read/writes files.
I think the biggest problem is that its not possible to run a node script on the server from a web page... and I donĀ“t want to involve any php/cgi scripts... only Apache and Node.js / JS.
Please also comment or answer if you know that it is really not possible...
Thanks!
Kodak
Edit: The workflow should be the following:
User access webpage -> enters his credential (same as in passwd) -> node.js script gets started with the user rights of the logged in user -> files getting read or written with user rights
Biggest Problem: who starts the Node.js script? Apache? How?
I hate to be this person, but...
That is not the way node is designed, it is designed to use the event loop, I would recommend having node serve the static files, maybe using apache as a proxy, then when someone requests a certain page, doing what ever needs to be done, if you really must spawn a child process, use child_process.spawn, as for the rights of the user, I recommend just passing in a code, like 1=admin, 2=user, 3=guest, and the child process can do what is needs.
Use Socket.io - Official Socket.IO Website
You can also use Express with socket IO to create a separate app server. - Express JS Website
You may want to consider security implications of allowing a user to connect directly using their server side account. There are also many applications available that already do this that you might consider implementing instead of writing your own, with all the properly embedded security that will be required.
Let your users GET static auth.html page (via apache) without any authentication.
Let form submit action is some auth.js (Node.js script). This auth.js check if user's authentication is success. If so it starts node.js server, setups socket.io on it and redirects user to some editor.html.
In this case as you can notice that there is an authentication based on node.js scripting. If you want basic apache2 one I can recommend you the next scenario:
There is auth.html and editor.html pages on the server. Last one placed in /private folder and direct access to this folder is denied by .htaccess. So when the user pass apache2 authentication in auth.html he GET this auth.html which is empty document with onload event handler that send AJAX to auth.js (Node.js script). Node.js get private/editor.html and send it to user like /editor.html.
In this case user never has an access to editor without passing authentication. And after authentication node.js server is started and socket.io is setup and everything fine.
I found a solution:
It is possible to write a custom authentication program for apache with mod-auth-external:
https://code.google.com/p/mod-auth-external/
With basic authentication enabled the webserver would pass the credentials to a script/program and this can then run the node app.
Is there a way to hide credentials, such as password or authentication header tokens from user 's eye in a pure HTML/Javascript app?
The AngularJS App communicates against a rails backend via CORS running on a different domain.
Beside setting up CORS being more restrictive or checking against Domains in request on backend side, I wish to send auth tokens or add tokens to headers.
Does anyone know?
kind regards,
Alex
You can only restrict what your user sees by obscurity, which is not a very good Idea.
The key here is to set up your authentication in a way so it does not matter what the user can see or manipulate. One way to do this, is to send generated keys to your client and to your second server app every time your app needs to be authenticated. Restrict usage in a way that makes sense for your app. Another possibility would be registration.
A possible workaround would be to use one server as the only node the client is talking to while the server does all the work of talking to your other server. Especially if you don't want to give your user the possiblity to call the api of your second server outside of your app logic for some reason.
I don't think there is any way out. A smart user can get to it anyways.
My project i'm doing now is getting the weigh from the scale that use RS-232 port and post it into the website then press submit and the data will be saved into the server.
I also study how to get the value from these port using the java API called javax.comm. However, I think it just work on the server, and could be work for one computer. that's the problem. therefore, I want to make a website that the client computer can access to the website and weigh the scale then save it into the server. So, how can we do it? Does javascript work on it?
thanks :)
Of course you amy do this with a browser plugin, but that will make the application browser specific. Instead what you may do it to create a simple desktop agent (windows service, taskbar app) that will be installed on the client machine itself.
Now this agent should respond to HTTP requests from your web page that are directed to http://[localhost]:[port]. This might need to embed a simple HTTP server inside the agent. The other complexity you will have to handle is on Cross Origin Requests. You may either use JSONp OR CORS in handling that.
I'm wondering if its possible to do what I'm thinking, and if it is possible, does anyone know of a flash object that does what I need?
I know a Flash object can provide a javascript API to interact with it, what I dont know is can Flash send an email directly without the need to talk to the webserver to do so? If thats possible would it not be possible to write a flash object that did nothing but provide an API to send emails? Has such a thing been created that is out there for others to use?
I'm looking to create a email form on a web page but the site is static (no server scripting). In my situation server scripting is not possible as there is no server, the site is 100% client side on a CD/DVD/USB Stick.
No, flash nor JS can do this alone as they are client-side technologies. You need to create a server side script to send the email and then request it from your client.
It doesn't matter if the swf file is on a USB stick or wherever, you can still connect to a server. Most web hosts support php so that would probably be the easiest way. Check out this Google search.
EDIT: if you can't use a server then you could use a mailto link, this opens the users default email client.
var mailto:String = "mailto:email#example.com";
navigateToURL(new URLRequest(mailto), "_blank");
You can also add a subject and body. See http://www.ianr.unl.edu/internet/mailto.html for the syntax.
Yes, this is possible using flash, although I have not done so myself and I wouldn't advise it. The general strategy would be to connect to a specific mailserver using sockets.
The server would need a "Socket Policy File" available on port 843. See http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html for more. It would give permissions for connecting to the chosen port for the mail relay (e.g. 25).
You can then use the flash Socket library in order to, in effect, create a telnet client. See http://help.adobe.com/en_US/ActionScript/3.0_ProgrammingAS3/WS5b3ccc516d4fbf351e63e3d118a9b90204-7cf7.html
Construct your email as a payload for the socket, and send it. See http://www.yuki-onna.co.uk/email/smtp.html
Of course, if you are distributing these CDs to the entire world, your mail server socket policy would have to accept connections from anyone on any machine, you'd be running an open mail relay, chaos would ensue, dogs and cats living together...
Now it's unlikely that you'll find a public SMTP server that lets you do this, and if you really don't have access to anything server-side whatsoever (no webserver, no control over any SMTP server) then you'll need to rely on the client-side mailto: links instead.
Since it runs off of a CD in the user's computer and you have no server, your best (only?) option would be to run the user's own mail client.
Try creating a mailto link dynamically with JavaScript and then clicking it. It should run the local mail client (Outlook, Thunderbird, etc.) with the input you specify. The users would have to click "send" themselves.
You can not send an email if there's no internet connection, doesn't matter if you use JavaScript, Flash or anything else.
Edit: http://code.google.com/p/smtpmailer/
This is written in ActionScript and might fit your needs.
http://flashflex.com/sending-mail-in-actionscript-using-smtp/
This is some background information.