|
Never grant direct database access to your customers, even when they are authenticated. The problem is not that they can run all the SELECT queries, the problem is that they can run all sorts of queries; DROP , DELETE , etc.
Now, the login.html part comes in based on your web framework. In ASP.NET, for example, you can require that the users be authenticated, and the same is the case for Python and other major frameworks. So, read the documentation on how to require only authenticated users to be able to make a request and read the page.
Overview of ASP.NET Core Authentication | Microsoft Docs
Otherwise, always redirect to the login.html page.
Again, tip: even when the user is authenticated, never grant them access to the open database connections. Only return the fetched results in a form of a list.
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
One of various ways to do this:
Use a dynamically created web page for the page that you do not want to be directy accessed.
When page one is accessed, properly, and with your predetermined permission; then page two is made available via a javascript that directs them to page two with it's dynamically created name.
Example:
Page 1 = daPage01.html
Page 2 = [does not exist except in the database]
User goes to Page 2 : Oh wait! There is no Page 2. That page is still in the database.
User goes to Page 1.
There is no link to Page 2.
User does what YOU want them to do on Page 1.
Page 2 is created dynamically with a changable name. Exmaple: daPage12E13F4576496587G5447868764K5P7q84578_02.html
Page 2 is then added to Page 1 for that user to click on and to go to.
Later that user goes to Page 2 via that link. Oh wait! When they were detected of having closed or left Page 1 and *also* closed or left Page 2 then Page 2 was removed from the system. There is no Page 2 for them.
|
|
|
|
|
The actual question is: What kind of tech are Internet search engines using on the front end (it looks like that`s what the part of the Internet that takes place on your computer is being called as).
My personal perspective on things, feel free to skip this part:
Basically a web browser is just a window, everything that takes place inside of it is pretty much just a bunch of other windows. Search engines aren`t using windows (ajax style) from the looks of it. Is it plain html or some other technology?
It seems that there is a parallel between Internet windows(the stuff displayed inside a web browser) and Windows95 windows, the main difference between the two is that Internet windows doesn`t have compile time, whatever is created on the far end (back end) get displayed instantly on the near end.
|
|
|
|
|
The basics of using a search engine, as well as some techniques you can use to get better search results.
|
|
|
|
|
The front end (Browser) is built on various systems, ASP.NET, PHP, some custom web engines. The back end is where the real work takes place, and is mostly custom built by the different companies. The basic system is just a huge database with an interface that can quickly find the items you search for. The details of the architecture itself is proprietary to the search companies. The results of the search are sent to the browser as HTML/Javascript for rendering on the client screen.
The difference between Web windows and Desktop windows is purely in the technology used to build the display. Desktop windows usually work directly with the operating system libraries. Web windows need an interface (the Browser) to translate the HTML and Javascript dynamically into local Windows display code.
If you type chrome://version/ into Chrome's address bar it lists some of the tools it uses. Firefox, Bing etc. probably have similar displays.
|
|
|
|
|
thanks Richard
here is another question:
when a user is using a service like facebook he can complete various tasks with some time passing between the tasks, how does the computer on the far end (back end) responds to that? Is there a line constantly open (from the moment a login has taken place) that the far end computer is listening to, (in the likes of a never ending session), or is there an identifier attributed to every message coming from the user facebook page so that when the message arrives and is being processed it is treated as safe/with no security checks needed (like no need for user to log in for every message that is being sent)?
thanks
|
|
|
|
|
When the user logs in, the system sends a token back to the browser. The browser then sends that token with every further message so the back end system knows which account it belongs to. That is an over simplification and in reality it may be more complicated to ensure security.
|
|
|
|
|
again, thanks for feedback Richard
|
|
|
|
|
"Quote: What kind of tech are Internet search engines using on the front end (it looks like that`s what the part of the Internet that takes place on your computer is being called as). "
That depends upon who owns or operates that search engine.
This can vary a lot depending on which search engine you use and which operating system you use and what is already on your computer.
Two very different examples:
(1.)
If you are on a duckduckgo.com search engine, on a device without any UEFI anywhere on it, and your operating system is pre-Windows XP with service pack 3 (meaning before service pack 3), or your operating system is UNIX, or VMS VAX, or some flavor of Unix without the newly added back-doors, then they probably use cookies for as much as they can, without too much invasion of your privacy.
(2.)
If you are using a Google search engine, on a device with a Google controlled operating system,
then they might be already key logging all of your act ivies (via UEFI),
and using your camera to make a video of your activates (via UEFI),
and using your microphone and/or your device's speaker and/or your device's headphones (via UEFI),
on that device and already sending that data to Google, and they might be using that data to pre-judge what they decide that you should be allowed to ask and what they decide that you should be allowed to see and what they decide that you should be allowed to hear on your device.
Thank you for asking.
|
|
|
|
|
Way back in the day, I used Wolf CMS, which was a fork of Frog CMS. It did require a database but was very lightweight, much more so than WordPress. You had to create your own templates, which then became models for your site's pages. There was no templating language; it was just PHP. Wolf CMS is still around but only because the internet never forgets.
Now that I go to look, all I seem to find are the big CMS, like WordPress, Drupal, Django, etc. and a few tiny ones that use text files and no actual database. Did all the rest die off, like all the word-processing apps that died off when Microsoft released Word?
|
|
|
|
|
Ok, it seems the answer is no. There are a few headless CMSs out there, but it seems it's a WordPress world now. Remember when there were half a dozen word processing applications to choose from?
|
|
|
|
|
Unfortunately the Wordpress took almoust all the CMS market. These are 3 of the headless CMS out there: Magnolia, Netlify and Contentful with Gatsby
|
|
|
|
|
Yes, apparently. I also found a German CMS called phpwcms, but I don't think development is active.
|
|
|
|
|
I have a simple Perl script that uploads a file from an HTML form, and it does works. i.e Uploads a file from my local Mac HD to my web server via a webpage.
What I have noticed, however, if I try to upload files from Microsoft's OneDrive I am more likely to get the following info below. I have no problems using my OneDrive via Mac's Finder, or my iPhone, etc.
access.log
[14/Feb/2022:23:36:51 -0500] "POST /cgi-bin/upload2.pl HTTP/1.1" 408 487 "http://example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15"
error.log
[Mon Feb 14 23:37:02.121496 2022] [cgi:error] [pid 3734:tid 140367391328000] (70007)The timeout specified has expired: [client -.-.-.-:58184] AH01225: Error reading request entity data, referer: http://example.com/
My Apache2 settings are:
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
At my slim level of knowledge of Apache, I am assuming that my problem is all about timing. If that's the case, can I change settings above to help? Or am I off base?
*One small thing I noticed, but I don't know if it means anything
My web browser says:
Quote: Server timeout waiting for the HTTP request from the client. and it mentions port 80.
However, in the error.log it mentions port 58184. I don't know if that's normal, due to routers, other routine behavior.
|
|
|
|
|
This is the same question you posted three days ago; please do not repost. If you have information to add or update then please edit the original.
|
|
|
|
|
Honestly, I looked for it here, and couldn't find it. So I thought I must have not hit submit.
I can't post an image here, but when I look at My Questions, it says zero.
Ergo an honest mistake...though why doesn't it show either question?
|
|
|
|
|
Questions in the forums are listed under "My Messages"; the "My Questions" link is for questions in the Quick Answers section.
|
|
|
|
|
Ok, well, I'll say the syntax then is strange. But I understand the wrongs of double posting. I'll wait an hour to make sure you see this...then delete the double post.
Really, an honest mistake out of desperation. Have posted this question to so many forums, I've forgotten which ones...and haven't gotten a single reply. Your reply to me was my. hopes going up, then quickly dashed.
Thanks for understanding
|
|
|
|
|
|
This is crossposted in Stack Overflow but hasn't gotten many views, or any answers.
I have a simple Perl script that uploads a file from an HTML form, and it does works. i.e Uploads a file from my local Mac HD to my web server via a webpage.
When I use OneDrive from any device, through Finder, or Word, Excel, etc.. it acts like just another HD, so I expected the same behavior with my perl . What I have noticed, however, if I try to upload files from Microsoft's OneDrive I am more likely to get the following info below. I have no problems using my OneDrive via Mac's Finder, or my iPhone, etc.
access.log
[14/Feb/2022:23:36:51 -0500] "POST /cgi-bin/upload2.pl HTTP/1.1" 408 487 "http://example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15"
error.log
[Mon Feb 14 23:37:02.121496 2022] [cgi:error] [pid 3734:tid 140367391328000] (70007)The timeout specified has expired: [client -.-.-.-:58184] AH01225: Error reading request entity data, referer: http://example.com/
My Apache2 settings are:
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
At my slim level of knowledge of Apache, I am assuming that my problem is all about timing. If that's the case, can I change settings above to help? Or am I off base?
*One small thing I noticed, but I don't know if it means anything
My web browser says:
"Server timeout waiting for the HTTP request from the client. and it mentions port 80."
However, in the error.log it mentions port 58184. I don't know if that's normal, due to routers, other routine behavior.
|
|
|
|
|
Seems like here it is almost non existent.
Reddit has some, but not much.
Bjorn
|
|
|
|
|
Look up CSS rant ... The day I run into a big purple people eater and he asks me to stand up in his cabinet ... that's the day I'll write an article on progressive web applications.
modified 19-Feb-22 16:02pm.
|
|
|
|
|
There is no separate forum to discuss PWA development
|
|
|
|
|
i am new at express and i went through the documentation and i want to know what are the main usage of the req.route() in express it only gives me information about the route nothing else but what can i use it in real life.
What I have tried:
i have read in the main documentation but there is no details about usage of this method specifically
|
|
|
|
|
app.use() — Routes an HTTP request, where METHOD is the HTTP method of the request, such as GET, PUT, POST, and so on, in lowercase.
|
|
|
|
|