Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I want to request a list of sizes from a database on my server (which is obviously not on ebay.co.uk's domain). I could do it entirely through flash... but it seems clumsy for a simple form. I think the ideal solution would be a javascript + flash solution. The problem is all of the sites I have found seem to have very complete solutions and ebay does not like huge chunks of javascript (I am not sure exactly which functions it allows and doesn't... but the less javascript the better).
So what I am looking for is a very small and simple cross domain ajax solution that will allow me to make requests from my server. Anyone any ideas?
TIA
Read Ways to circumvent the same-origin policy for many ways of circumventing the same-origin policy.
In your case, I would suggest http://anyorigin.com - it's simple to use and (unless you're sending volatile information) perfectly viable. It could all be done in a couple of lines of js!
eBay will not allow including javascript or even iframes in item description.
The only solution for that will probably be using Flash object(that is allowed by eBay) that will communicate with server side scripting page(php/asp) which will make the request to your database.
The cross-domain communication will be between the flash and the server side page, this issue can be easily solved.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
i'm really new to these things. Normally in making website it's easy to secure it becasue everything is actually local. Just PHP or someting like that process data and shows up in a static page. But when we got desktop app i don't know how to do it. How can i make app <-> server relation? Like Instagram or Facebook or something like that. At the first i think JSON might work for that, but it think it's not secure for all information.I hope i explained good.
Little bit late but if someone comes here, here's the answer you're looking for; HTTP. Yeah It's that simple. Learn how HTTP works. For making security tight, look for cross origin resource sharing (CORS), two-way encryption, server-side validation and so on. Have a good day!
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 years ago.
Improve this question
I read about Spectre (CVE-2017-5753) but it is unclear how it actually affect the everyday programmer? I read a couple articles but I am still not sure if it may break any of my old project or existing code. It would be great to know what I should look out for when trying to adapt to the changes Spectre introduced about how browsers processes JavaScript.
After researching I found some recommendations here.
Best practices summed briefly:
Prevent cookies from being loaded into the memory of the renderer using options present in the Set-Cookie header.
Make it hard to guess and access the URL of pages that contain sensitive information. If the URL is known to the attacker, the renderer might be forced to load it into its memory. Same-origin policies alone do not protect against these attacks.
Ensure that all responses are returned with the correct MIME type, and that the content type is marked as nosniff. This will prevent the browser from reinterpreting the contents of the response, and can prevent it from being loaded into the memory of the renderer when a malicious site tries to load it in certain ways.
References:
https://www.scademy.com/recovering-from-spectre-javascript-changes/
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
I'm trying to solve a problem similar to the ones in this question and this one, basically tracking a sub-session for users by browser tab. The thing I'm trying to accomplish, though, is finding a way to set a request parameter to send back to the server with each request, whether it's a simple synchronous link click, a form post, or an ajax request. What occurred to me as a hopeful solution would be if I could set something in the html head that would be sent each time, though I haven't seen anything to suggest that it's possible. I'm hoping to find a solution that doesn't require wrapping all server requests in some sort of javascript to include the desired parameter.
We're using Rails on the backend.
Difficult question to answer without knowing which server side language you are using. Regardless, using php, perl, python, or any other language, you could generate a unique ID and append it as a query string to your links. If you don't want the ugly links, you can:
A. use .htaccess to perform a mod_rewrite to clean up the URL
B. use an additional cookie to track the sub-session
C. use pure javascript, not very reliable depending on the client browser though..
the method used to track depends on what capabilities you have, database, text file, etc.
Again, not much info to go on.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
If you don't want to read what im trying to do just skip to the "My question" part :)
My goal:
developing an application that saves as much server performance as possible.
There is no such thing as 100% secure, the app of course should be as secure as its coded.
However the founder of http://lavabit.com/ actually managed to take his security as far as making it NSA-safe (which obviously is the reason he had to shut it down).
My Progress:
I already discovered the BackboneJS Framework, which has saved me a lot of server-side coding,
using javascript templating, routing, input validation,client communication using websockets.
My Question:
since installing node or php on the server is a security risk in itself (which is the reason security issues need to be patched on newer versions.).I would like to know if there is a way to authenticate users without being forced to install nodeJs or PHP.
If you're able to use HTTPS then perhaps you could look at just using Basic access authentication? The web server itself would do the authentication - more information on Basic Auth in Apache can be found here.
I really think the experience you get from using a server-side language and cookies etc. is far richer and offers a much nicer user-experience. I'm not sure I understand the security risk[s] which you allude to. Alternatively if security is something which you are hesitant about, and feel that it will slow your app down, then perhaps you should consider designing your programme in such a way that security is not an issue.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am trying to redirect users to a specific page after a login. Are both equally effective? or is one better than the other?
Thanks
You cannot compare both methods!
JavaScript will only run on the client side, therefore you need to send HTML first, then execute the redirection.
Using PHP, you can directly forward the user. This is not only faster, but also the only applicable choice in terms of usablity.
You will also have a problem if JavaScript is disabled or you have got an error in your JS scripts (for whatever reason). Well, you could counter by using HTML meta redirects, but the pros of using server-side redirects just predominate.
Compared to client side JS, an HTTP redirect will:
Require less data to be send to the client for it to process the redirect instruction
Not cause the browser to behave badly when the back button is pressed
Work in browsers with JS blocked / disabled / otherwise failing
An HTTP Location header is almost always the better approach.
They are different.
One is server side (php) and the other is client side (js).
Usually it's done server side, so it's a transparent redirection (doesn't pollute browser history, back button, etc). I repeat: usually but it's not a rule.
PHP is faster - the whole page doesn't have to load first. You can just send the header and exit the script.