|
Bohdan Stupak wrote: Storing large files in DB creates a lot of overhead when scanning table, inserting new rows,
That is true.
But nothing in the OP suggests it will be close to that. The description suggests very few docs and the content of each is small. Plus one might also infer the churn rate is non-existent.
|
|
|
|
|
we5inelgr wrote: The number of documents stored in the first year is estimated between 100 and 500, with about 1000 to 1200 additional each of the next couple of years.
If/when the site outgrows a shared hosting environment
Those statements seem to be contradictory.
You are describing a very small data set. Unless your description is incorrect.
If you go up by an order of 10, and with 5 years the number of docs are 50,000. Which might seem like a bit but your other description suggests that the size of each is pretty small. But if each is a meg then at 50k it is 50 gig of data.
But my sizing might be way over. So if it is only about 6,000 and the size is 10k, then that is only 60 meg. Which is going to fit in anything that you might have.
we5inelgr wrote: in terms of security
Secure why? You mentioned birthday. If you are a business then you need all of that encrypted. But if this is just for you then is the only security that you want is that you don't loose it? If the second is true then you need two different ways to back it up. Online and local would be best.
|
|
|
|
|
The choice between storing files in a filesystem or as blobs in a database depends on various factors, where both approaches have their own pros and cons to consider.
Filesystem -
Pros-
Considered generally faster for read and write operations compared to databases.
Much easier to scale horizontally by adding more servers with shared access to the file system.
Cons-
Handling backups and recovery might be more complex especially if it grows over time.
Keeping file data and related metadata consistent can be challenging.
Database -
Pros-
Easier to maintain consistency between file data and metadata in a transactional database.
Database backups usually cover both file data and metadata.
Cons-
Retrieving and storing large files can impact database performance.
You may face scalability challenges when dealing with a large number of files.
|
|
|
|
|
iam looking for a working sample google maps on blazor web app with loading markers from database.
Using C# and SQL Server Database.
Everything i found i written for example with syncfusion or telerik controls.
or with old asp.net
could anyone help me?
|
|
|
|
|
That seems rather complicated to me. So less likely to find it as an example.
Following at least provides examples on how to use the google API itself.
google maps api markers
|
|
|
|
|
Hi jschell, thanks. But how to include in Blazor i found nothing too
|
|
|
|
|
Again the point is that you are looking for a complete solution for something that contains multiple pieces.
You must look for each piece then put them together.
|
|
|
|
|
I'm at the end of the project finally, and I'm putting the wraps on it.
I started programming headers in PHP for cache, and then it expanded into security as well. I built a system of ECMAScript modules, and my entry point module is being blocked by my CORS header. I can't figure this out, and could use some guidance on the subject.
Here is what I have.
/assets/scripts/core
/assets/scripts/core/coreExternal.module.js
coreExternal.module.js content
window.coreExternal {
setCommissionStartDate,
setCommissionStopDate, and so forth
On the WebPage, I use a script tag to load coreExternal
<script type="module" src="/pcad/assets/scripts/core/coreExternal.module.js"></script>
This call to the module, makes the window.coreExternal functions look like dangerous inlined script.
This is my PHP header for CORS
$nonce = base64_encode(random_bytes(16));
header("Content-Security-Policy: default-src 'self' *.fontawesome.com; script-src 'self' 'unsafe-inline' /pcad/assets/scripts/core/ https://kit.fontawesome.com/ 'nonce-".$nonce."' 'sha256-...'; style-src 'self'; img-src 'self' data:;");
From reading the documentation from Content Security Policy, I added 'unsafe-inline' which should sledge hammer out my modules, but they are still blocked.
Error Message:
Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
Source: coreExternal.setCommissionStartDate(this… assignCommission.phtml
My Questions
I don't do CORS stuff everyday, just once every few years, and this is the first time I've done it in code, and not used the web server to program this. Perhaps I have the concept going but failed in execution, well I'm sure that's it.
- Do I need the access-control headers?
- Did I paint myself into a corner using modules the way I did?
- Is one policy canceling another policy?
I still have issues with these error messages as well
Quote: Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“style-src”).
Source: --bs-breadcrumb-divider: '>'; viewVendors.phtml
The manual style I added to the table element
Quote: Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“style-src”).
Source: width: 100%; border: none; viewVendors.phtml
These are my headers in PHP. At this point, YES I am throwing darts at the wall on this, plus SMH and
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0");
header("Pragma: no-cache");
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
header("X-Content-Type-Options: nosniff");
header("X-Frame-Options: DENY");
header("X-XSS-Protection: 1; mode=block");
header('Referrer-Policy: same-origin');
header("Access-Control-Allow-Origin: self");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type");
header("Access-Control-Expose-Headers: *");
header("Content-Security-Policy: default-src 'self' *.fontawesome.com; script-src 'self' 'unsafe-inline' /pcad/assets/scripts/core/ https://kit.fontawesome.com/ 'nonce-".$nonce."' 'sha256-...'; style-src 'self'; img-src 'self' data:;");
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
I replaced the script tags on the web pages to this ...
<?php $nonce = base64_encode(random_bytes(16)); ?>
<script type="module" src="/pcad/assets/scripts/core/core.module.js" nonce="<?php echo $nonce; ?>"></script>
So I don't have COR errors, I have Content-Security-Policy errors.
This error is from the input element onchange event, where I wasn't able to add an event listener, because of the data I needed to popular the function call. I'll have to rethink this.
Content-Security-Policy: The page’s settings observed the loading of a resource at inline (“script-src”). A CSP report is being sent.
Source: coreExternal.setCommissionFinishedDate(t… 72 assignCommission.phtml
OK, so this is not easy, and will require me to do way more research on the subject, and rethink some of the code in this project.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
This is what is being outputed by the web server IIS server on server somnething version.
{
"name": "content-security-policy",
"value": "default-src 'self'; script-src 'self' swanpools-pcad-dev.occloud9.com; style-src 'self' 'unsafe-inline'"
},
Not even close to the header I wrote in PHP. I looked at IIS and didn't see any prepared headers. I'll dig down in PHP.ini and expand my search. And run the header in report only mode until I fix it. Chrome is telling me I'm in report only mode, but not Firefox.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
I ended up with this, a compromise between using a hammer to nail it through with no more console errors, and fixing several security issues for the better. By hammering it, I can get the app running for the owner to evaluate and test, and then consider more security fixes and upgrades.
Font-Awesome or the FortAwesome free version
I removed all the Font-Awesome errors, but removing the all.min.js JavaScript file from the header elements. Turns out I don't need that JavaScript, and what it does is this.. Instead of using the fonts from Node_Modules, it fetches the latest version of the fonts and other stuff, to replace what Node_Modules has, and does things like monitor the use of the product, and causes licensing issues where it's no longer the free version. Well, the files it fetched were the free version files at least, so I got something right that I tossed in the trash.
Diagnostics
I used Mozilla FireFox at first, but it gave me generic information back, that never changed. I assume the headers I was inspecting was for public consumption. I ended up having to use Chrome in Developer mode, to see the real headers being returned from the response of the web page loading.
ECMA Script Modules
I used this to solve that issue in CSP. The use of a nonce. Declaring a master module that references child modules on a web page.
<?php $nonce = base64_encode(random_bytes(16)); ?>
script type="module" src="/assets/scripts/core/core.module.js" nonce="<?php echo $nonce; ?>"></script>
Inline scripts
I used this in the CSP rule below, to solve script within a element, calling onclick or onchange
script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes';
onclick="core.setProjectType('<?php echo $apiUri; ?>', 'landscape')"
SVG like spinners and things you embed on the web page
img-src 'self' data: w3.org/svg/2000;
Warning
This is not my best work, and not completed yet, but gets the project back up and running so I can finish it and be done with it. This work does leave me with a little more work to beef up the security some more, but on my terms and not the web server or browsers terms.
If your clueless about this subject, then you can use this as a reference to model something for yourself. Remember I'm not an expert on this subject, but do understand the point. And I spent many hours doing research and reading, plus testing. It doesn't matter that this is PHP, because the principals are the same with most web technologies.
My Work
Cache Rules
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0");
header("Pragma: no-cache");
X- Stuff Rules
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
header("X-Content-Type-Options: nosniff");
header("X-Frame-Options: DENY");
header("X-XSS-Protection: 1; mode=block");
header('Referrer-Policy: same-origin');
COR Rules
header("Access-Control-Allow-Origin: <a href="https:
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type");
header("Access-Control-Max-Age: 86400");
header("Access-Control-Expose-Headers: *");
CSP Rules
$nonce = base64_encode(random_bytes(16));
header("Content-Security-Policy: default-src 'self'; script-src 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: w3.org/svg/2000; object-src data: 'unsafe-eval';");
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
I'm following this tut on js: Arrow Functions JavaScript Tutorial - What NOT to do!!! , and in the part where he explains why not to use setTimeout inside arrow functions, the justification is that they look for scope on the window. and not on the enclosed scope of arrowFunc method. But the tests i made, had the opposite results: the named functions had window, arrow function had the correct one. So:
const dude = {
name: 'dude',
namedFunc() {
console.log('name 1: ', this.name);
setTimeout(function() {
console.log('this 1:', this);
console.log('name 2:', this.name);
}, 200);
},
arrowFunc() {
console.log('name 3:', this.name);
setTimeout(() => {
console.log('this 2:', this);
console.log('name 4:', this.name);
}, 300)
}
}
console.log('namedFunc:', dude.namedFunc());
console.log('arrowFunc:', dude.arrowFunc());
Expected:
this 1: {name: 'dude', namedFunc: ƒ, arrowFunc: ƒ}
name 2: dude
this 2: Window {window: Window, self: Window, document: document, name: '', location: Location, …}
name 4:
Actual result:
this 1: Window {window: Window, self: Window, document: document, name: '', location: Location, …}
name 2:
this 2: {name: 'dude', namedFunc: ƒ, arrowFunc: ƒ}
name 4: dude
modified 16-Jan-24 16:10pm.
|
|
|
|
|
Member 16183444 wrote: not to use setTimeout inside arrow function You say don't use setTimeout inside an arrow function, but your code example is using an arrow function inside setTimeout as a callback. That's the exact opposite. Do you have a timestamp in that video where he speaks of this?
Anyway, to your point, a lot of people get confused about this and lexical scope. I have no idea why there's so much disinformation in JavaScript's ecosystem. But alas, there is. When in doubt, trust what MDN says or, as in this case, your own testing.
From MDN: Arrow functions don't have their own bindings to this Which means, arrow functions don't bind their own scope. They inherit it from the parent one. A regular function will always define its this value. The value of this is determined by how a function is called. To put it simply, the this in the setTimeout function for the regular anonymous function is using the this of setTimeout 's scope because setTimeout is what calls the function.
Don't know what the dude said in the video because I didn't watch the whole 30 mins. But, that's the reason for the behavior you're seeing.
Jeremy Falcon
|
|
|
|
|
Is there a server-side web framework like WordPress but built on Microsoft technologies?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Googling suggests alternatives but I didn't look to see how they were built.
wordpress alternative windows
|
|
|
|
|
You're right! I should have Googled it first.
But thanks for the recommendation.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
If you're looking for a server-side web framework similar to WordPress but built on Microsoft technologies, consider using ASP.NET with Umbraco or DotNetNuke (DNN). These frameworks offer robust content management features and are built on the .NET platform.
For expert guidance on setting up and optimizing these frameworks, you can reach out to Trisync Solutions. They specialize in web development using Microsoft technologies and can help you achieve your goals efficiently.
"The difficult we do right away... the impossible takes slightly longer."
|
|
|
|
|
Can someone help me understand whether PHP is compiled or interpreted?
I googled it and was left very confused.
It sounds like PHP is compiled to some type of bytecode. But, I have never seen another file created (an executable).
I can't imagine PHP would re-compile each script.php every time it is used, but I don't see any .exe files getting created.
Anyone know how PHP really works? It seems like almost no one knows.
Thanks.
|
|
|
|
|
|
There is not a clear, absolute distinction. Old style interpreters would interpret the statements of a loop from source code on every iteration of the loop, and similar with other constructs.
To speed up execution, interpreters began (at least 25 years ago, maybe earlier) when analyzing a statement, to leave the analysis in a memory cache. So for a loop, the analysis was done the first time through. Following iterations skipped the analysis step, and rather picked up the analysis from the cache.
As this became more common, the analysis results became more formalized into some variant of P-code, suitable for direct interpretation. When done as a separate step, for an entire program or program module (e.g. the classic Pascal compiler from ETH Zürich), it is always called a compiler. So when the php runtime system does the same thing for a loop, you might say that it is a compiler, compiling that loop.
Another change over time: The first interpreters to save analysis results for later use did it line by line, or statement by statement. More recent interpreters compile larger units, e.g. a complete method, in order to apply optimizations such as moving invariants out of loops, calculating common expressions once only etc.
If the generated code follows a well defined grammar, the runtime compiler may save it to a file or cache. Compare it to dotNet: The IL code(*) of an assembly is compiled to binary machine code by the "jitter" (Just In Time compiler) first time it is run. The jitter also saves the binary code in a (persistent) disk cache that is usually not seen by neither programmer nor user; it is in a file space managed by the jitter alone. Next time the same assembly is run, the jitter first looks in its cache: If an already compiled version is found there, it is loaded, and the JIT compiling is bypassed.
A similar (persistent) caching (of P-code) might be employed by an interpreter. It should not affect the source language - the same source may be interpreted on one machine, compiled to P-code on the fly on every execution on another machine, while a third machine may have an interpreter looking in its cache for an already compiled variant.
This may be applied to a lot of different languages: You could make an interpreter to P-code on the fly, for subsequent immediate interpretation by an interpreter. Usually, you think of Java as a compiled language, but if you integrate JVM with the compiler, they might appear externally just as 'interpreted' as, say, PHP.
(*) dotNet IL code and P-code are at comparable abstraction level. The difference is that P-code is designed to be directly interpreted by a virtual machine; it is complete and ready for running, like a binary machine code (although not the machine code of the real machine you are running). IL code has a lot more 'loose ends' that must be tied up; there are more final decisions to be taken, but then there is more freedom when generating final binary machine code for that specific real machine. You cannot move this binary code to another machine; it may have a CPU missing a few instruction set options (the jitter makes binary code to make use of anything that is available), or maybe a completely different binary instruction set. P-code (usually) can be moved to other machines of arbitrary architecture and instruction set.
Note that P-code (or bytecode) is not a single firmly defined format. There are different P-codes, Java bytecode is not identical to the classical Pascal P4-code (although it is said to be heavily inspired by P4).
Religious freedom is the freedom to say that two plus two make five.
|
|
|
|
|
Sorry, why atre you telling me this?
|
|
|
|
|
Because a public post is intended for the entire reading audience, not just for you alone.
I wrote my post to expand on your WDYJFGI style reply; that is why it came as a follow up to yours.
I had a coworker who was a real nuisance in informal conversations: All the time he interrupted "You have told that earlier!", and I had to reply: "Yes, to you, but this was John asking, and he hasn't heard it yet!" This guy never learned; it happened again and again.
For some reason, your reply/question made me think of this fellow.
Religious freedom is the freedom to say that two plus two make five.
|
|
|
|
|
Well maybe so, but it would have been better posted in reply to the question, as the OP is the one asking for the information. I suspect that very few people will actually read your response as it does not appear to be an answer to the question.
|
|
|
|
|
PHP is a scripting language, which basically means there is an "exe" somewhere reading the php script every time there is a request.
For php that will be Zend Engine.
|
|
|
|
|
I'm working on a web development project and I'm struggling with optimizing performance for my website. Are there any best practices or specific techniques that developers recommend to improve website speed and performance, especially when dealing with large amounts of data or complex interactions?
|
|
|
|
|