I am developing a website in node.js and I am using Parse.com to handle the user registration and the Facebook users.
To handle the Facebook login with Parse, I have to use the line of code:
Parse.initialize(APP_ID, KEY);
which can be accessed by anybody by just looking at the source code of the website.
So my question is: if somebody has access to this information, can he access the data that I stored in Parse? he would just have to create some simple query, no?
I already initialize on the server side so is there a way to tell the template(jade in my case) that Parse has been initialized by passing some kind of parameters?
Thanks
If you set up ACLs and class permissions correctly in your app, then there should be no concern with handing out your JavaScript key. See this page for more information: https://www.parse.com/questions/javascript-sdk-security
Related
I have create a route that showing openAPI documentation in expressjs using the #wesleytodd/openapi package. The route successfully showing my documentation but I want to set a form that if user wants to see my documentation they must have to log in first (I set for them).
May be it looks like in this question: HTTP authentication cpanel
Welcome to StackOverflow 👋
you can make use of a button, it will depend on your SecuritySchemes authentication as well the generator you are using
and when pressing the button, you will get
images above are from SwaggerHub platform
So i am making a social media like site where i use react for frontend and expressjs for backend...
I was using public api till now but now i need private api to control some login info. So, i cannot understand how to do it. Because the link where it will request can be viewed by doing Ctrl+Shift+I and can be used by anyone
I still have methods to do but just wondering, if any way to know where does the request comming from
Let assume that the api site is api.some.site and the main site is some.site, so the request should only come from some.site else send 404 response and i need to do it with expressjs...
I don't know how to do it but I wanted to give you some information to think about. If you want people to be able to log in, on your site. That api end point has to be unprotected, because a logged out person does not have any credentials yet. When logged in the user would be able to access protected end points right? End points like password change of viewing specific pages. So all the data an user should or should not have access to should be handled by the server. You website is only a mechanism to make your data look pretty and easy to handle. So in a way you shouldn't care about people using your open end points from another location because their open anyways.
Authentication should never be handled client side. It should always be handled by a server.
This is my opinion, hope it helps. Sorry if it's not what you are looking for
I want to create a web application using react in which I want to load a page based on the link used, But I know that in react whenever you visit a direct link the entire app is reloaded and you have to navigate to that page using buttons or links provided in the app, I want to generate a temporary link for users which will contain the information about the data to be provided which the back end will check and retrieve from database and provide to the front end, This link will have a duration like for 24 hrs or something and will have an auth token, Can anyone please help me with how I can do that?
React Router is a library that can handle this type of operation and is used in many, many apps. Among other things, it can parse URLs and render different content based on the URL, query parameters, and more.
My ArangoDB server contains a database (mydb) with a collection (thiscol) and in the collection sits a bit of data. I can login with a user Thijs and look around using the web interface.
I cannot have user Thijs use the REST API, I have tried setting the password, granting access, restarting and making a new user.
The REST interface always returns 401 Unauthorized. I have obviously quadrupple checked the password.
If I use the user root it all works fine.
And I rather not start with Foxx services at this point because it seems to be an enormous amount of work to implement a REST service that allready exists but is not 'available'.
So is the REST API only implemented for a single hard-coded username or am I missing something here..
REST call example: http://localhost:8529/_api/collection
per request
failing GET
Ah, you need to specify the database to use in the URL, without specifying a database it will default to _system. Try localhost:8529/_db/vbo/_api/collection see this documentation page for more info.
Glad to help get it resolved.
I am writing service using NodeJS + Restify. I have split each actual service into separate file (what, I assume, everyone is doing). They all are going to be using mysql database so I thought I could open a single connection to database which could be used by each service rather than opening connections every time a request is done.
The problem is that I don't seem to find a way to pass user data. By user data I mean any custom data that would be accessible by every service callbacked by the server.
I primarily use NodeJS + Express, but having looked through some of the documentation of Restify, I believe you could use the authorization parser (under Bundled Plugins on their site: click here to go there)
I think that would be the most basic way to pass user data.
I haven't tested it but, I believe you'd just add this to use it:
server.use(restify.authorizationParser());
You could then access the user data with:
//This is based on the structure of req.authorization in the documentation.
req.authorization.basic.user
I believe you could set new user data (when the user logs in or something) like:
req.authorization.id = 'id'