This might sound super crazy but I really want to know if this can be done.
Assume a multi-user site that gives users some tools to build web apps from the site itself (using only HTML/CSS/JS) and share them. Now, if each of the apps were to be assigned a datastore, say just a table for convenience, is it possible to make secure query/insert requests from the app to the backend to write to the assigned table.
Take an example - the app is a small game. The developer wants to record the scores of the users who play the game and wants to use his assigned datastore (see above) for it. Is it possible for the site to ensure that no other app/user can access this datastore? If so, how can it be done?
Edit: Please do note that there are three parties involved - the developer of the app who is a registered user, the app itself which has been granted the datastore and an app user (registered/unregistered) who is viewing the app.
I think this is the same as using any type of backend datastore for any web app. You could assign the user a unique ID (which they have to validate by logging in) and then manage access to the datastore through AJAX post backs.
Related
I am new to web development, but I am building a tool to help us visualize the customers in our database in a more concrete way (basically a CRM of sorts). Its a web app using a node.js backend and Vue.js for the front end.
THE BIG QUESTION - I found a connection.threadId query that can be run. If I save this threadID in a cooke or JSON web token, can I use this to have each user uniquely querying the database? If you need additional information on my issue, continue reading.
Essentially the problem I am running into is authentication. We were able to get a dummy user create that has read only privileges to the database, but this doesnt help the account management team. I am trying to find a way for them to be able to login with their own credentials and then be able to run queries from my node.js (javascript) backend using a series of get and post requests.
I am able to get the user to login with the SQL password and they can run the initial query (that fires upon login) but they then cannot re-query the database if someone else logs in after them (I realized that my variables were all globally scoped on the server.) I then moved everything client side in JSON web tokens, but I had to hash the database password to be safe which leaves me with another problem. My hash and the original database hash do not match, and that is not something I'll ever get access to. Not really sure where else to go with this at this point.
Please ask if you need any additional information to assist.
Thanks!
You probably can't.
You also probably shouldn't use variables on the SQL server for a web app like this. If you can refactor those into variables you can schlep around in the user session (or POST parameters or whatever), you're much better off, being more stateless (as far as the server components are concerned) and all too.
I am trying to build a website that allows coordinators and teachers to be able to login with separate logins and see the same page at the same time on different computers (it is interactive). Do you know what platform we could use to do that? Any insight would be great!!
For example, a teacher would press a check next to a goal they think they met, and their coordinator would see that on their computer immediately, and press a checkbox and their side regarding whether they met the criteria.
The platform could be any web server language. The javascript framework express.js which runs on node.js is very popular.
You'll need some javascript to send the goals to the server.
You'll need a database to store the goals. Mongodb is popular.
You'll need code to set and get the database goal objects into web layer goal objects.
You'll need a template engine to render the web layer goal objects as html and some more javascript to update all clients screens when a goal is checked.
I have been making web applications for around 4 years now, and I have always had troubles setting up the Facebook web SDK.
But for my new application I really wanted to make the Facebook integration.
The problem I am facing now, is that I am using the JS SDK witch was fairly easy to set up, but now I want to build my backend to support it all. The flow I came up with was like this:
The user logs in
The user giving me their FB-id
A call from the back end create the new profile or logs if its a older user
The api gives back a api key for the other requestes.
The problem I see with this flow is, that if another person haves another users facebook id, they can obtain a api key for that user, just by sending the request with that id to the server.
How can I make this secure. I don't really thing that the docs on facebook are great, and the other tutorials on the web dos not cover this topic.
Thanks for the help guys!
This is more of an asking for an advice question. I am trying to implement the web version of my mobile chat app. But as HTML,CSS,JS are the main tools in browsers and there is no local database to temporarily store chat messages on client's UI.
Like in the mobile, all of my notifications, messages and everything are stored in tables and I can query the database whenever user opens up the chat activity(Android), find all the messages related to this user and display it inside the app's display.
What can be the best way to store chat messages as JS objects in client's UI and quickly find what's needed?
The JS structure should also be easy to find messages by name,time,status etc.
I am trying to implement something very similar to WhatsApp Web.
I would look into https://github.com/knadh/localStorageDB. But to be honest it's something I wouldn't do because there is always a security concern. Someone may gain access to your computer and steal the chat data or some malware may get into your computer.
It wouldn't be hard to just query the database for all the chat data when the user loads the web-page. Of course you would use pagination instead of just grabbing everything.
Good luck.
jStorage
AND
store.js
are good options.
We have a new build requirement that needs to work as follows:
the functionality of the App is that the maintains data related to tasks assigned to the User
the App needs takes data in the form of XML via WebAPI, the XML is a list of tasks for the User has been assigned. This would be a task bundle
once the XML is downloaded the User can work offline, i.e. they need to be able to maintain data related to their tasks, the data needs to persist on the phone, tasks would be completed over time in different sessions
there can be a number of current taks bundles "on the device" for the User
when online the App can submit an XML back up to the server, the purpose of this is to communicate the data entered by the user for the task bundle
If this was an online app it would be fairly straightforward, the data resides on the server. I have done a lot of research on the web with regard to the best way to build the app to satisfy the requirement that the App works on all browsers and platforms.
We're thinking of going with HTML5 & JayData. Haven't made any firm and final decisions, so would welcome any suggestions and constructive comment.
I work for JayData. If you have concerns against JayData just let us know and we'll try to answer.
Probably this article will help you to start your online/offline app - How to create a synchronized Online/Offline data application with EntityFramework, JavaScript and JayData