Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    David Castner
    @davidjcastner
    @Lilyheart have you done the basic algorithm scripting part yet?
    Lily Romano
    @Lilyheart
    @davidjcastner yup
    Lily Romano
    @Lilyheart
    Issues?
    David Castner
    @davidjcastner
    Just curious, I had an issue but I hardcoded the answer in lol
    Lily Romano
    @Lilyheart
    @_@
    David Castner
    @davidjcastner
    if (str === "0_0 (: /-\ :) 0-0") { return true; }
    got tired of trying to make a regex that would do a replace correctly
    well that’s ugly xD but works
    it should work with that one string, but the \ doesn't show up because it's an escape character
    Not sure if that's a bug
    Lily Romano
    @Lilyheart
    i like your reverse join bbetter than my first last test xD
    David Castner
    @davidjcastner
    love the urls to these pages
    Lily Romano
    @Lilyheart
    easier on database storage i suppose
    David Castner
    @davidjcastner
    your's probably runs faster than mine
    Lily Romano
    @Lilyheart
    maybe. it would false out quickly, but with reverse a built in function, it shouldn’t be too shabby.
    Robert Maylie
    @rmaylie9560
    So you guys have all the regex validations memorized right?? :+1:
    Lily Romano
    @Lilyheart
    Have a book on my desk :smirk:
    Robert Maylie
    @rmaylie9560
    Hahaha, I swear who ever came up with that syntax is a horrible person.
    David Castner
    @davidjcastner
    I keep my regex commands stored on stack overflow
    Lily Romano
    @Lilyheart
    And the next award is to David, for Best Answer!
    Robert Maylie
    @rmaylie9560
    hahahaha.... I might have to follow suit from you two.
    it seems handy...
    David Castner
    @davidjcastner
    In my opinion regex is really bad because it does not encourage well written programs. Code should be easy to read and understand what it does. A better way is to write a function that does string manipulation even if it's slightly slower
    Lily Romano
    @Lilyheart
    regex has a good purpose. And baked into a program is not one of them.
    David Castner
    @davidjcastner
    All my experiences with regex have been where someone tries to do string manipulation with it because there wasn't a string method for it. So I probably haven't come across a good use case for it yet except maybe html input patterns, but I would prefer to be able to use a function for pattern checking (of it were possible)
    Robert Maylie
    @rmaylie9560
    @davidjcastner how many forms of front end validations are recommended before sending data server side?
    David Castner
    @davidjcastner
    There must be validation on the server, so techniquely nothing on the client is necessary, but we run as much validation as possible on the client side as well to keep load off the servers. The pattern attribute on inputs is mainly used for user feedback not for validation
    Most of the validation can be written as shared code between the server and client so it's not as bad as it sounds, so as long as the validation doesn't require server side permissions such as checking if some data belongs to a user, the validation can be done on the client side as well
    Robert Maylie
    @rmaylie9560
    Now by making sure the information belongs to the user you're talking about checking package headers or session id?
    What would be a reliable way to check?
    sorry for the silly questions.
    David Castner
    @davidjcastner
    I'm talking about interactions for a database, so checking if a user has permission or read and/or write certain ino in the database
    all good I'm hear to help :smile:
    Is there a specific example that you had a question about? I might be able to give a more well defined answer
    Robert Maylie
    @rmaylie9560
    You have me curious now. I'm going to research this at some point today. I'm sure I'll have some questions.im not the brightest bulb and often need the process spelled out in laymens terms.
    thank you.
    David Castner
    @davidjcastner

    Alright have fun but I'll leave you with a quick example. Let's say you have a database that stores JSON object (example: mongodb) and you have a form for inserting a task for a certain user

    // let's say the JSON looks something like this
    {
        taskTitle: "My Task",
        taskDescription: "Blah Blah Blah gotta clean my room",
        taskPriority: "9001"
    }

    on both the client you might run a function like this (pseudo code)

    // CLIENT CODE
    // assuming that you've grabbed the information out of the html form
    var cleanAndValidateTask = function(taskObject) {
        // removes extra properties, limits character count,insures that each field has the right data type, strips out html, etc..
    };
    // this client side validation is techniquely not required but it limits bad requests to your server and gives feedback to the user faster
    cleanAndValidateTask(theTask);

    but before sending it to the server or on the server it will attach some information about whos currently logged in, and then on the server you would run something like this

    // SERVER CODE
    var cleanAndValidateTask = function(taskObject) {
        // removes extra properties, limits character count, insures that each field has the right data type, strips out html, etc..
    };
    //using the same function that was on the client
    cleanAndValidateTask(theTask);
    checkIfUserIsOwnerOfTask(theTask, currentUser);
    // finally is passed all checks, can now be inserted into the database
    insertTask(theTask);
    The reason all the checks need to take place on the server is incase someone sends stuff to your server not through your client which can happen. I hacked into the place I used to work by doing that. I hope my example helps example it a little better
    David Castner
    @davidjcastner
    Disclaimer: when I hacked into it, I was working there and testing one of the apps they made. It was ethical and legal
    Robert Maylie
    @rmaylie9560
    Perfect, that cleared things up for me quite a bit.
    Robert Maylie
    @rmaylie9560
    So essentially regardless if the packet is getting tampered with through a bad guys proxy. It still a: see's if the client has entered his password and currently logged on. Then strips all the potentially injections on the json.
    David Castner
    @davidjcastner
    @rmaylie9560 yes except the passwords are best handled via libraries or third party services such as log in with github or log in with facebook
    Lily Romano
    @Lilyheart
    While yes @rmaylie9560 a few new things ended up on my task list today, for the most part I got through a lot of the things I’ve been putting off. Taking a break and then trying to get the last of it done. Looks like I’ve missed some fun convo’s in here!
    @davidjcastner do you remember who asked about which stack(s) to learn? Mouaz?
    David Castner
    @davidjcastner
    @Lilyheart I believe so, he was also asking about backend architecture like aws
    Lily Romano
    @Lilyheart
    Thanks. I found a cool link and I wanted to tag him when I posted. :heart:
    Lily Romano
    @Lilyheart
    Robert Maylie
    @rmaylie9560
    To reroute the ip and skip the MITMs broken connection to the server. That's actually an awesome work around. I always thought of that as insecure for one reason or another. I see the logic behind it now.
    Robert Maylie
    @rmaylie9560
    What's that lik