I am working on a web mobile application. In my application I get a json string from a server, in my java script using:
var xhr = new XMLHttpRequest(url);
then I convert the json text to json object, save it in a local storage, then use it in different java scripts. In my project I am using only HTML and java script files and everything works fine for me. My only problem is how to secure the data I get so it wont be used by another, as the application will be available for people to use, and I am not allowed to make them access that json string I am getting from the server.
Thx for your time
A way you could get the server to verify your connection like that the server checks if you are logged in and if the requirement is met it sends you the data.
And also using SSL.
Avoiding caching the data.
http://www-archive.mozilla.org/projects/netlib/http/http-caching-faq.html
http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Avoiding_caching
Related
I have shared folder between in my server which will allow other server to send XML file to me and I want my script read this file auto without opening any page.
I know how to open and read the file.
But the issue how to auto load in the backhand.
you have to create a one page which will read the provided file and do the required actions , then share this URL and format with the team who will going to provide you the xml file.
It is very much like API Endpoint, Where you have to write the code which will handled request and in this scenario your Endpoint will treat as a server and XML file provider will treat as clients.
I hope this answer helps u.
Thanks
Traditionally, you need your server to periodically execute the script which reads the XML. That PHP will need to parse the XML and handle the changes.
Alternatively, the source of the API can use push notification to avoid polling with your server. The XML will be received whenever a change occurred on the server without the creation of a lot of useless requests, but the XML will be parsed as in the previous approach.
Last, but not least, you can use WebSockets for this purpose, or if both computers are in the same network, you can use sockets. Off course, a lot depends on the data source, whether you have access there, how modern is its technology and what does it allow you to do.
I'm trying to send data from my chrome extension to my .net application using ajax. I'm using background script to send data. Currently i'm unable to get data at my server. I guess there's issue in setting up manifest for chrome. However, how can i post data from chrome extension?
Suggest any other alternatives if possible.
Thank you.
You can send data to the server using XHR, or use jQuery.ajax() if you prefer. The end point will be the web service you have defined on the server. Check out this example, which uses jQuery for it.
For posting data, you pass all the data you want from the client in JSON format. You can use JSON.stringify() to convert your JavasScript object to a JSON string. If your object matches an entity structure on the server, it should automatically populate it, allowing you to specify that entity as the parameter of the web method. Otherwise, you can accept an object parameter and extract the data from that.
In a Chrome extension, make sure you have the correct cross-origin permissions.
There is a specific mechanism in Chrome for communication with local applications: Native Messaging.
There is an important limitation to keep in mind: Chrome cannot talk to an already-existing process; it can only start a new one and talk over STDIO.
So you may need to have a "proxy" process that Chrome can start, which will connect (somehow, but no longer restricted in methods) to your main app and relay data.
I need to have data written to a text file in javascript. I want it to write a username and password to the text file and create a new line every time. Here is my code http://pastebin.com/24Tvdemu.
Can anyone help this has had me stumped for ages.
As Javascript in html is a client side language, you will need to send the files to the server, and save there the file. Anyway, you can prompt the user to save the file in their local machine, but it´s not usefull at least you really need that for any reason.
Check this answer Javascript: Create and save file
Some suggestions for this -
If you are trying to write a file on client machine, You can't do this in any cross-browser way. IE does have methods to enable "trusted" applications to use ActiveX objects to read/write file.
If you are trying to save it on your server then simply pass on the text data to your server and execute the file writing code using some server side language.
To store some information on the client side that is considerably small, you can go for cookies.
Using the HTML5 API for Local Storage.
More details : Is it possible to write data to file using only JavaScript?
I am building software that runs locally on web browser. At first I was using C, but it was really hectic with HTML. So I decided to use JavaScript. This requires saving data and saving texts in plain text format. Can I do this with JavaScript? If not, how to integrate it with C or python so that I can save data?
Linux related answers will be helpful.
It depends on how/where you would like to save the data.
localStorage - A simple key/value store that lives right inside the browser. The data is specific to the computer, browser, and website, but the data persists from session to session with that particular site.
sessionStorage - Similar to localStorage, but the data is removed at the close of the session (when the user leaves your website).
cookies - if you want to instead store the data on the server, the data can be uniquely identified by a cookie stored in the user's browser. The cookie is sent automatically to the server on each request, that the server interpret and send back the desired data.
REST - You could also save your data on the server and implement a RESTful API, and use JavaScript to request the data from the server.
You cannot write to disk directly from JavaScript for obvious security reasons.
I used jQuery Ajax to talk to php script, then it returns JSON. Then, the returned JSON Array Object is assigned to Javascript Variable var myJSON = ajaxReturn;
Normally the returned JSON values are not visible in Page Source or Javascript File, as it is rendered on the runtime only.
But when i open the tools like, Firebug and call that variable in console, like: alert(myJSON); the results are popping out. I do NOT want it to be as this is something secret data.
What is the best way to prevent/protect the JSON at Javascript side?
Everything sent to the client side is public, this is the nature of front end development and you can't change it. It is impossible to hide stuff from the user if he decides to take a peek.
If the purpose of your application is to store the JSON for client use, then you have no way of protecting it from being accessed. However you can do all modifications upon receiving the JSON and then discard it (not store it). Keep in mind that the request can still be intercepted the response can be read simply by using the networking tab of the browser developer tools.
What do you do with the JSON data? In all probability, you are feeding UI controls or subsequent calls to web services. So if you would protect (i.e., encrypt) the JSON, you would still need client-side decryption, and so your JSON would still be vulnerable -- as you can just do an alert(decryptedJSON) too.
There is no real, safe way to protect JSON if you have to be able to decipher the data in the browser.
You can of course protect the data while it is underway over the network by encrypting it, either using HTTPS or by explicitly encrypting the data server-side and then decrypting it using client-side JavaScript. But that does not protect it from being viewed in the browser.
A better option could be to encrypt and decrypt only on the server, if that fits your scenario. So you can get encrypted JSON data from a particular web service call, then feed that data into your next web service call where it gets decrypted on the server. That way, your client-side JavaScript doesn't need to decrypt, making your data safer. But if the purpose is to populate the UI, obviously this won't fit your needs.
You have just missed the game, Once you send the data from your server then its out of your limit. Because browser like firefox can do anything, So the point is everything which renders on the client is Public.
Even if there were some way to block Firefox from displaying the data in firebug, its easy for anyone to write their own web client that pretends to be a web browser and then they can do whatever they want with the data.
If you really want to hide json-data then dont send it using ajax-json. Use diffrent terminology or server-side programming.