Frontend v/s backend problem isolation - frontend

This is very generic question, still I hope someone will provide pointers.
In a web application, say Facebook or Amazon or any web site, how do I isolate if a problem is on frontend (client side) or backend (server side)? I feel there has to be very basic troubleshooting steps available to find out this.
Thanks in advance.

Well, you need to debug and make sure everything is working properly on the client side. If all the values are right, then it must be the server-side.
Though, nowadays code can get pretty complex so it really depends on your skill-level and experience/knowledge. If you are a beginner then I would recommend learning more and more client-side and server-side in order to know what to debug.
The majority of the time as you are learning you'll probably have to resort to asking other people if you aren't at an advanced level, which is perfectly fine. Just ask away on sites like SO and the more problems you run into, the more tips you'll acquire which will make you a better debugger and developer.

Since server side part is under your control, you can easily enable logging so you'll see where a problem lies.
Client side is a bit more tricky since it's executed on user's browser, so it's not under your direct control.
But, if an exception occurs on client side, you can always catch it and send that information to your server using AJAX with some info like "clientError", where you can log it as that, so with basic usage of grep, you'll know where the actual problem lies.
If there's a client side problem and an AJAX call fails (for example, client has network problems), you can put error info in a cookie and collect it afterwards.

Related

Automatic machine to machine authentication best practice?

I'm trying to find the best idea/practice for my login protocol and I'd like to pick your brains.
I have one server and a few remote computers that are talking to the server using API (RESTful APIs if it matters) we'll call them "units".
Now I want the units to be able to authenticate to the server and start reporting some data.
Last thing is I want the process to be somewhat automatic, somewhat meaning there will be a one time setup when the unit is installed and from there and on the authentication will be automatic without requiring human interference.
My main security concern is I don't want anyone to be able to report data as one of the units, so I want the unit's identifier to be only known to the unit and the server.
What would be to best way to do something like this? I'm not sure my question is clear enough so please ask me to elaborate on anything I've missed.
P.S.
All the backend/server code is in NodeJS.

Hybrid App Development, Database-Driven Content

I've been doing a lot of research, and perhaps just need a few dots connected.
I have an idea for a mobile app/website that contains lists of local eating/drinking establishments along with the deals/specials they offer each day. The idea is to create an app that people can refer to in order to save money on a night out.
I'm familiar enough with HTML/CSS/JS to create a functioning website, but when it comes to backend I'm a little confused. Editing the markup in order to reflect changes (e.g. a new deal starts or new establishment opens up) is a bit cumbersome. Now I know I want a database with my information ready to be displayed on my page. Does this mean that I need to develop my own API for everything, and then make sure it integrates with the hosting website that I end up choosing?
I feel like I'm missing something that should make it obvious what the next step is. Can anyone offer any advice?
The short answer is yes, you are exactly right.
The long answer is that is definetly one way to do it. But, for large projext just using JS can get quite cumbersomoe on your client end. Usually the first level would be using something like ajax. It's a great way to start and you can go a long way with just ajax. This is acutually where most people "start" when using just javascript to make api calls. The next level would be to use a framework like Angular. This will of course do more for you than just help handle api calls and it requires a larger investment in learning.
So that is all client side...
Now for the server side part... When you publish a website you are now dealing with "server-side" content. You have taken your static content and it is served up from the server but it's always the same static content from the server then it becomes dynamic on the client when all the javascript starts getting parsed.
The API is another server side component. But instead of being static like your pages, a bunch of files just sitting there, it is an actual application on the server. It takes a command via an api request and then does its thinking and then spits out a response object dynamically to the requester, which in this case will be the JS on your site.
Now, if you don't like the idea of learning to make your own API there are resources out there that will host an api for you and give you a gui to build your own API. I can't recommend one because I have never used one, but I do work with businesses that do and they love the fact they don't have to hire a dev to make thier apis. The downside is they are tied to that service and limited to the functionality that the service offers. It's not a big limitation as the services are quire powerful but if you are going to be managing complex data sets then it would probably be better to learn to make your own api.
Hope that clears things up a bit for you!

How do BAAS solutions both allow custom code and keep things secure?

Baas, backend-as-a-service, solutions like Parse.com and StackMob allow application developers to add and use custom code to run server-side business logic. I'm interested in learning how you could add functions to the app server without disruptions to other applications and keep malicious code from accessing the system or data they shouldn't.
I've searched for any posts or disclosures of how Parse or StackMob might have built up their architectures and have come up empty.
Take a look at how Kii Cloud provides custom server side code that you can add to the backend. It basically runs in a sandbox with some access to the server side API (but it's well defined, the user can only access what they are intended to access). An there are also resource limitations such as time constraints (a piece of server code can take do processing forever).
This is not exactly the internals of Kii but I think server side code in most MBaaS providers reflects on what's the correct way to add server side logic on a running system without disrupting the system.
Please head to community.kii.com if you want to discuss internals with the engineers (we're happy to chat with you).

Ensure exclusive access to webservice

Just to be on the safe side, what's the best practice to ensure that only my application has access to my webservice, which is hosted on a public server? Should I implement I shared key or something?
My webservice is hosted on Googles App Engine and my Application runs on iPhones and iPads.
If you need further information, just ask.
Thanks,
Henrik
some sort of challenge/response authentication would be your best bet, but you could use something as simple as a key that's sent with every request. it might be quite easy for someone with a packet sniffer to reverse engineer that security though - i guess the amount of time you spend on it will relate to how much you really care :)
If you require your iphone app users to enter a loginid/password, then it is trivial to achieve what you want. But I assume you don't want that ..
Without that, there is no way to ensure you app has exclusive access to your web-services. People can always sniff HTTP traffic and spoof it. People can decompile/reverse-engineer your app to figure out the key/password.
See other discussions on StackOverflow - How to restrict access to my web service? and How can I create and use a web service in public but still restrict its use to only my app?
You could program your app to only serve requests that include your iPhone's unique identier - see StackOverflow question [Unique identifier for an iPhone app]. The id could still be sniffed, so depending on your needs, you may need methods to counter that.
Well, i had similar problem. What i realized, there is no 100% solution. What i did is, i used different approach. I have implemented OAuth and SSL, of course and than make algorithm for my web service to learn behavior of my app.
I try to put that algorithm in some kind of pattern, template, so it can be used in more scenarios. It's still in developing, so here is code of simple console app that will simulate that algorithm. Hope this can help:
https://github.com/vjeftovic/LearningRESTSimulation

Real time browser game server

I'm mostly looking for setup advise and pointers on how to go about going about this. I'll explain in as much detail as I can think and also note possible approaches that may be plausible.
The aim of this is to create a real time browser game, the best method that I have found for my needs would to use "long polling" with ajax, which will basically setup a request with the server that will "hang there" til the server has something to send it, then re-establish the connection upon receipt for more data. For my purposes this will handle a chat system aswell as character movement, IE: if a player enters the same area the clients there will recieve a response to inform them and thus update the browser client to show this.
The above is relatively easy to implement and I have already made a test-case for it, however I want to improve on it, on the server side it runs a loop for X amount of time before it'll auto timeout and send back and empty string, so another connection can be made, this is to prevent infinite loops and use up resources in cases where it shouldn't. Instead of looking up the database on each loop cycle (would be expensive I believe) for messages that need sending to the client, I use flatfiles, if a file has a modified timestamp greater than the last message sent to the client, then there is something new to send. However I believe this would also be expensive (not as much as using a mysql database though?) when done a couple of times per second.
My thought process on this was to have a C++ program (for speed) constantly running, and use that for very fast lookups in memory for new messages and so fourth, this would also give me the added bonus of being able to have bots within the game that the server can control for a more real-time feel/approach, however I have no clue if this is even possible and my searches on google have been fruitless.
The approach I would most love to be able to do, is to continue to use PHP to do the rendering and control of the page etc, and have the ajax requests go to the C++ application (that will always be running) that can handle all the real-time aspects.
CGI defeats the purpose of the above approach, as it creates a new instance of the application on each request, which is both slow and exactly what I do not want, I have php for that and don't want to switch one perfectally running language for another that would be better suited, PHP however (to my knowledge) can't store things in memory (ram) and so fourth.
Another approach that I have thought about was to use php sockets to connect into the C++ application, though I have no idea how feasible this may be. The C++ application only basically will need to control bots (AI) and the chat system messages.. I have absolutely no idea how to go about handling bots via PHP.
I hope this fully explains what my intentions and goals are, so if anyone has any pointers or advise then please reply and help me out, it would be very much appreciated. If you need any extra information (for if I didn't cover something or something very well) then I'll be happy to attempt to better explain.
How fast do the reactions need to be? For anything approaching real-time action games, AJAX/Comet is going to be much too slow. The overhead is also really depressing.
The way forward for that kind of thing will probably be WebSocket, with a custom server on the backend. But I don't think that means you need to resort to C[++] for this; the bottleneck is most likely going to be the network and not server processor power.
I'm using a Python SocketServer with a trivial message replication system — all the game logic in my case is on the client-side, with some complicated JavaScript maintaining a consistent game world in the face of lag — but even for a more complex server-side I think a scripting language will probably be just fine.
WebSocket isn't ready yet; there are no mainstream browser implementations. In the meantime I'm using a Flash Socket backup that emulates the WebSocket interface. Flash Sockets have their own problems in that they fail to negotiate proxies, but they are fast and hopefully the need for them will diminish as WebSocket arrives properly.
Reading your post sets alarm bells ringing.
How familiar are you with multi-threaded code? With C++? If the answer is "not very", then I fear you might be biting off a quite a large chunk. Why not take advantage of some existing (tried and tested) COMET server implementations rather than this barebones approach? Whatever application you have in mind, it should be quite separate from the comms implementation.
As someone who has implemented a such a server, I can tell you that it will take many design iterations and a helluva long time to get right. Testing such a product realisticly is also a very tricky process.

Resources