|
|
I have a simple ASP.Net Web API on my home server. This is just for a Proof of Concept I'm working on.
There's one method on the controller called Login which takes a UserEntity:
[HttpPost]
public UserEntity Login(UserEntity user)
{
return Repository.Login(user);
}
the repo:
public UserEntity Login(UserEntity user)
{
var results = new UserEntity();
if (user.UserName.ToLower() == "admin" &&
user.Password.ToLower() == "admin")
{
results.UserName = user.UserName;
results.Password = user.Password;
results.IsLoggedIn = true;
}
return results;
}
So, if you pass "admin" and "admin", I create a new user entity with IsLoggedIn = true. Again, all I'm trying to do is make a simple call with a user object and get a repsonse.
I'm using Postman to test the API. If I make this POST call with HTTPS
https:
and pass this as the body:
{"UserName": "admin","Password": "admin"}
then it fails with "Could not get a response" and
Error: write EPROTO 1432630488:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../third_party/boringssl/src/ssl/tls_record.cc:242:
However, if I change the URL to HTTP then it works fine and I get back the expected result:
{
"IsLoggedIn": true,
"UserName": "admin",
"Password": "admin",
"Id": 0
}
I'm a bit lost here. Could someone help me figure this out?
Thanks
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
|
What is the best combo of technologies and programming languages to use for a custom e-commerce platform in 2022. Please share your opinion and the reasoning behind it.
|
|
|
|
|
|
Nobody here is going to do your homework for you. Do your own research and come up with your own reasoning.
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
It is not a 'homework', I have my own preferences regarding this matter. I just want to see if there are different popular options from experienced people.
It is wrong learning new things from others or listen to different opinions?
|
|
|
|
|
If you don't want to be told "we don't do your homework for you" then don't ask homework type questions. Your original post stinks of a homework assignment, and looks like it was copy'n'pasted direct from a teacher's email ...
If you want intelligent discussion, share your thoughts and reasoning first - don't make it look like you just want to copy'n'paste what we say back as your own work!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I don't want an intelligent discussion or a discussion at all, just some opinions and then I will investigate further based on them...
|
|
|
|
|
Which again comes over as "I want my homework done because I can't be bothered".
Think about it: you are asking others to invest a fair amount of time, effort, and experience, and yet you aren't prepared to give us anything that you have already covered - so we could easily be duplicating your research and thus wasting your and our time.
Make an effort and we're pleased to help.
Look like a lazy student, and why would we? That's not saying you are a lazy student, but that the way you ask for information is the way lazy students do.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Maybe you are right there, I did ask a straight question and did not provide some background behind it. I'm not even a student, I'm a developer trying to find which are some good new alternatives (adopted alternatives) to ecomm traditional (established) dev stacks.
P.S. : I will not profit in any way of your answers, it is just for my curiosity. It is like I'm asking what music do you listen to, to extend my horison.
|
|
|
|
|
There are so many technologies available, like if we talk about PHP frameworks then depending on the business requirements some of the important PHP frameworks for ecommerce development are - WordPress, Shopify, ExpressionEngine, CraftCMS, and Magento and so on... Even ASP .Net is also a Good idea to implement ecommerce projects.
|
|
|
|
|
hello friends I am developing a web application to connect to a mariaDb database. I have 04 tables (table 1, table 2, table 3, table 4)
to have access to the first table I made a coinnection form but my problem is that if a person knows the link of table 2 he can display it. I want to force everyone to connect before having access to my web application... is this method possible?
|
|
|
|
|
Never grant direct database access to your customers, even when they are authenticated. The problem is not that they can run all the SELECT queries, the problem is that they can run all sorts of queries; DROP , DELETE , etc.
Now, the login.html part comes in based on your web framework. In ASP.NET, for example, you can require that the users be authenticated, and the same is the case for Python and other major frameworks. So, read the documentation on how to require only authenticated users to be able to make a request and read the page.
Overview of ASP.NET Core Authentication | Microsoft Docs
Otherwise, always redirect to the login.html page.
Again, tip: even when the user is authenticated, never grant them access to the open database connections. Only return the fetched results in a form of a list.
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
One of various ways to do this:
Use a dynamically created web page for the page that you do not want to be directy accessed.
When page one is accessed, properly, and with your predetermined permission; then page two is made available via a javascript that directs them to page two with it's dynamically created name.
Example:
Page 1 = daPage01.html
Page 2 = [does not exist except in the database]
User goes to Page 2 : Oh wait! There is no Page 2. That page is still in the database.
User goes to Page 1.
There is no link to Page 2.
User does what YOU want them to do on Page 1.
Page 2 is created dynamically with a changable name. Exmaple: daPage12E13F4576496587G5447868764K5P7q84578_02.html
Page 2 is then added to Page 1 for that user to click on and to go to.
Later that user goes to Page 2 via that link. Oh wait! When they were detected of having closed or left Page 1 and *also* closed or left Page 2 then Page 2 was removed from the system. There is no Page 2 for them.
|
|
|
|
|
The actual question is: What kind of tech are Internet search engines using on the front end (it looks like that`s what the part of the Internet that takes place on your computer is being called as).
My personal perspective on things, feel free to skip this part:
Basically a web browser is just a window, everything that takes place inside of it is pretty much just a bunch of other windows. Search engines aren`t using windows (ajax style) from the looks of it. Is it plain html or some other technology?
It seems that there is a parallel between Internet windows(the stuff displayed inside a web browser) and Windows95 windows, the main difference between the two is that Internet windows doesn`t have compile time, whatever is created on the far end (back end) get displayed instantly on the near end.
|
|
|
|
|
The basics of using a search engine, as well as some techniques you can use to get better search results.
|
|
|
|
|
The front end (Browser) is built on various systems, ASP.NET, PHP, some custom web engines. The back end is where the real work takes place, and is mostly custom built by the different companies. The basic system is just a huge database with an interface that can quickly find the items you search for. The details of the architecture itself is proprietary to the search companies. The results of the search are sent to the browser as HTML/Javascript for rendering on the client screen.
The difference between Web windows and Desktop windows is purely in the technology used to build the display. Desktop windows usually work directly with the operating system libraries. Web windows need an interface (the Browser) to translate the HTML and Javascript dynamically into local Windows display code.
If you type chrome://version/ into Chrome's address bar it lists some of the tools it uses. Firefox, Bing etc. probably have similar displays.
|
|
|
|
|
thanks Richard
here is another question:
when a user is using a service like facebook he can complete various tasks with some time passing between the tasks, how does the computer on the far end (back end) responds to that? Is there a line constantly open (from the moment a login has taken place) that the far end computer is listening to, (in the likes of a never ending session), or is there an identifier attributed to every message coming from the user facebook page so that when the message arrives and is being processed it is treated as safe/with no security checks needed (like no need for user to log in for every message that is being sent)?
thanks
|
|
|
|
|
When the user logs in, the system sends a token back to the browser. The browser then sends that token with every further message so the back end system knows which account it belongs to. That is an over simplification and in reality it may be more complicated to ensure security.
|
|
|
|
|
again, thanks for feedback Richard
|
|
|
|
|
"Quote: What kind of tech are Internet search engines using on the front end (it looks like that`s what the part of the Internet that takes place on your computer is being called as). "
That depends upon who owns or operates that search engine.
This can vary a lot depending on which search engine you use and which operating system you use and what is already on your computer.
Two very different examples:
(1.)
If you are on a duckduckgo.com search engine, on a device without any UEFI anywhere on it, and your operating system is pre-Windows XP with service pack 3 (meaning before service pack 3), or your operating system is UNIX, or VMS VAX, or some flavor of Unix without the newly added back-doors, then they probably use cookies for as much as they can, without too much invasion of your privacy.
(2.)
If you are using a Google search engine, on a device with a Google controlled operating system,
then they might be already key logging all of your act ivies (via UEFI),
and using your camera to make a video of your activates (via UEFI),
and using your microphone and/or your device's speaker and/or your device's headphones (via UEFI),
on that device and already sending that data to Google, and they might be using that data to pre-judge what they decide that you should be allowed to ask and what they decide that you should be allowed to see and what they decide that you should be allowed to hear on your device.
Thank you for asking.
|
|
|
|
|
Way back in the day, I used Wolf CMS, which was a fork of Frog CMS. It did require a database but was very lightweight, much more so than WordPress. You had to create your own templates, which then became models for your site's pages. There was no templating language; it was just PHP. Wolf CMS is still around but only because the internet never forgets.
Now that I go to look, all I seem to find are the big CMS, like WordPress, Drupal, Django, etc. and a few tiny ones that use text files and no actual database. Did all the rest die off, like all the word-processing apps that died off when Microsoft released Word?
|
|
|
|
|
Ok, it seems the answer is no. There are a few headless CMSs out there, but it seems it's a WordPress world now. Remember when there were half a dozen word processing applications to choose from?
|
|
|
|
|
Unfortunately the Wordpress took almoust all the CMS market. These are 3 of the headless CMS out there: Magnolia, Netlify and Contentful with Gatsby
|
|
|
|