we are in one situation where there is one live website of jive for the current client and its new design and changes along with editing and updating the contents to be done on a sandbox jive website. Our issue is how to go live after we edit and update the design and apply the necessary changes? The live website is currently accepting new discussions, posts from live user. So how can we achieve the transition from sandbox to live website? It will be helpful for us if you can provide us any reference to this issue, which is accessible by us. Regards.
Related
I have a bit of a general question. I am in need of advice on how to manage a staging website but change only the design between staging and main website.
What causes me problems is that we're using a job application plugin and so if I were to push a staging website onto the live one, it would erase the new applications on main website and bring it back to whatever is on the staging website.
I am using Installatron with this specific website. I will attach a picture of options that are available when syncing the websites.
I am thinking of two possible scenarios but I'd like another perspective from someone more experienced. Keep in mind I don't have coding knowledge and I just use already programmed builders, systems and programs to make websites.
1st scenario - I test design changes on staging site and then manually do the changes on the live site.
2nd scenario - I sync the websites and turn on only some of the options that installatron offers when syncing (see picture attached)
I hope this isn't too general of a question for stack overflow and I hope I can get some advice regarding this.
Thanks in advance
I am having a developer build me a website that he has been working on for about a month now. He's doing great, and it looks fantastic. Maybe I'm being paranoid, or maybe I'm not, but this is my first venture into an online business. He needed my stripe api key and secret key. Was it safe to give him the secret key for the coding end? He asked for both. Just wondering if I could be scammed somewhere down the line and not know it from the freelancer. Or be scammed and it is too late.....Sorry I'm coding illiterate for the most part. If I have to take any steps to ensure safety of any funds or my website after he creates it; please let me know.
For Stripe, and many other API systems like it, there are two sets of keys. One is for testing/development, and does not do any actual live work. The other is the live set, and that will hit the live API and allow the person with the keys to act as your business.
In an ideal, secure organization you'd have the live and test sides completely separated. The developers would not have access to the live site, and thus the live keys at all. Not in the UI, not in the database, nothing. This limits the vulnerability to only those people who are assigned to keep the live site running.
Since you're working with a freelancer it's a bit murkier. I'm assuming you don't have an internal team to handle the maintenance on the site. If that's the case then even if you were to insert the live keys yourself during the launch, the freelancer would likely be the person you're contacting to address issues, at which time they'll have access to the keys anyways.
However, if the freelancer will not be the person maintaining or supporting the site, then the best course of action is for them to provide you with a spot on the back-end of the site where you can enter the live keys yourself before making the site active to the public. Again, this is only something that provides security if the freelancer will not have access to the website after it is launched.
If he is your developer then he would need both keys. Here is some more information about the keys and what they can do
https://stripe.com/docs/keys
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I haven't visited haskell.org for a while. When I did the other day, I discovered that a company called FPComplete have started offering a number of rather interesting Haskell services. However, there doesn't seem to be much documentation anywhere, and I'm a little bit confused...
If you go in through the "front door", you're required to create a user account before you can do anything. But sometimes you can click on example code and instantly start editing and running it - seemingly without requiring any kind of account. So is an account required or not? Is there some way I can just try stuff out without going to all the trouble of setting up an account?
Also, if I "start a project", is it public by default, or is it private? If I close my browser window, does it go away? Or does it stay in existence forever? If I don't actually want the project anymore, can I delete it somehow?
I'm also a little confused as to the difference between "FP Haskell Center" and "School of Haskell"...
School of Haskell is a community-driven set of Haskell tutorials and articles with "live" code snippets embedded into them.
FP Haskell Center is a cloud IDE for Haskell with full-featured editor, git integration and so on.
After registration you can create both tutorials for School of Haskell and your own projects, which can be private. IDE projects are persistent, until you manually delete them.
What makes you think you are required to create an account if you go through the front door? Yes, creating an account is the biggest thing on the page, but if you just ignore than and go into the alternatives in the lower half, you can create projects, etc, without going through the process of creating an account.
That will automatically create a temporary account. You can turn it into a permanent account by going through the registration process. That requires validating an email address. A google+ or Persona login will do, or you can go through the "here's my address - get email - click validation link" dance.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Tumblr allows users to edit the HTML and CSS of their blogs through a Templating system. In fact, it even allows users to include their own external scripts into their pages. Doing this obviously opens a lot of security holes for Tumblr; however, it's obviously doing fine. What's even more interesting is how Tumblr's team managed to do all these through a LAMP Stack before.
One thing that I found out through pinging different Tumblr sites is that the blog sites are dispersed through multiple servers.
Nonetheless, hacking the root of just one of those servers could compromise a ton of data. Furthermore, while some could argue that Tumblr may just be doing manual checks on each of its blogging sites, it still seems pretty risky and unpractical for Tumblr's team to do so because of the amount of data that Tumblr has. Because of this, I think there are still some aspects that checking manually hasn't covered yet, especially in terms of how Tumblr's team filters their user input before it enters their database.
My main question: How does Tumblr (or any other similar site) filter its user input and thereby, prevent hacking and exploits from happening?
What is Tumblr.
Tumblr is a microbloggin service, which lets its users to post multimedia and short text blogs on their website.
Formating and styling blog
Every blog service lets its user to edit and share the content. At the same time they also let their users to style their blog depending on what type of service they are providing.
For instance, A company blog can never have a garden image as its background and at the same time a shopkeeper can never show a beach image; unless they are present at that place or include such objects in their work.
What Tumblr. does
Well, they just keep checking the files for any error!
As a general bloggin platform. It is necessary to allow the users to upload and style them blogs. And at the same time it is a job for the company to keep the control of how their service is used!
So Tumblr. keeps a great note on these things. They also donot allow to upload files that infect the system, and are well-known to delete such accounts if anything fishy is caught!
Tumblr. allows the users to upload files and multimedia that is used to style the blog. They used a seperate platform where to save all such files! So when you upload it, it does not get executed on their system. They access it from the server or from the hard drive which these files are saved on and then provide you with the blog that includes those files.
What would I do
I would do the same, I would first upload and save the files on a seperate place, where if executed they donot harm my system if are infected by a virus. Not all the users upload virus. But once they do, you should use an antivirus system to detect and remove the virus and at the same time block that account.
I would have let the users to use my service, now its user's job to upload content and its my job to prevent hacking.
All this stuff (HTML/CSS/External scripts) does not run on Tumblr machines. So to them it does not matter. One is responsible for the stuff that runs on your own PC. As to Javascript it lives in a sandpit
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
My goal is to create a chatting website. Not so much for the sake of the website, but for the experience so I know how; just something to work towards gradually. I tried long polling, but that always ends up pissing off the webhosts whose servers I'm using. I was told to use nodejs instead. I have some idea of what it is, but no idea how to use it.
I'm guessing that the reason I can't find the answer to this question anywhere is because of how obvious it is... to everyone else.
I've been looking around and all I see are tutorials on installing it on your server when you own the server. I know you can install forums on webhost's servers, so can you also install nodejs?
Yes. You can check the full listing at https://github.com/joyent/node/wiki/Node-Hosting to check each site but it does not categorize it by free hosting..
Some I know of, I personally use Heroku.
Heroku
Nodester
Most standard LAMP hosting companies don't let you run node.js.
I currently recommend you use the Cloud9 IDE to get up and running with not only your tests and development, but also potential deployment. Cloud9 allows you to run your app from their IDE and will provide you with URL to see your app running and get familiar with node.js development.
A more manual way is to find a node.js PAAS (Platform as a Service) such as Joyent or Nodester.
Another one is Open Shift. I use them a lot and they allow you to use your own domain on the free plan. I use Heroku as well and have tried AppFog and Modulus.
But what it comes down to is whether I can use my own domain and how much they throttle my traffic. AppFog and Modulus don't allow custom domains on their free plans and seriously throttle traffic. They will cut your website off if you have one visitor an hour.
Another issue I was concerned about was with the upload of files. In particular, with my website content is added via markdown files. Most node webhosts use a variation on git deploys to update websites, with content supplied by databases. However, if you are trying to run a website without a database, using flat files, then each update must be done by a git deploy. This takes the whole website down and recreates a new website altogether (it just happens to look like the previous one). This will normally take a few minutes. Probably not a problem for a low volume website. But imagine if you are making a blog entry and you deploy it and then notice you've made a spelling mistake. You need to do a deploy all over again.
So, one of the things that attracted me to Open Shift was that they have a reserved area for flat files within your project. You can upload your files there and when your project is re-started these files will be preserved.
Appfog provides a free plan where you can host NodeJS and many other technos.
However, free plans don't allow custom domain name anymore.
There is also the Node.js Smart Machine service from Joyent.