Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    David Castner
    @davidjcastner
    There must be validation on the server, so techniquely nothing on the client is necessary, but we run as much validation as possible on the client side as well to keep load off the servers. The pattern attribute on inputs is mainly used for user feedback not for validation
    Most of the validation can be written as shared code between the server and client so it's not as bad as it sounds, so as long as the validation doesn't require server side permissions such as checking if some data belongs to a user, the validation can be done on the client side as well
    Robert Maylie
    @rmaylie9560
    Now by making sure the information belongs to the user you're talking about checking package headers or session id?
    What would be a reliable way to check?
    sorry for the silly questions.
    David Castner
    @davidjcastner
    I'm talking about interactions for a database, so checking if a user has permission or read and/or write certain ino in the database
    all good I'm hear to help :smile:
    Is there a specific example that you had a question about? I might be able to give a more well defined answer
    Robert Maylie
    @rmaylie9560
    You have me curious now. I'm going to research this at some point today. I'm sure I'll have some questions.im not the brightest bulb and often need the process spelled out in laymens terms.
    thank you.
    David Castner
    @davidjcastner

    Alright have fun but I'll leave you with a quick example. Let's say you have a database that stores JSON object (example: mongodb) and you have a form for inserting a task for a certain user

    // let's say the JSON looks something like this
    {
        taskTitle: "My Task",
        taskDescription: "Blah Blah Blah gotta clean my room",
        taskPriority: "9001"
    }

    on both the client you might run a function like this (pseudo code)

    // CLIENT CODE
    // assuming that you've grabbed the information out of the html form
    var cleanAndValidateTask = function(taskObject) {
        // removes extra properties, limits character count,insures that each field has the right data type, strips out html, etc..
    };
    // this client side validation is techniquely not required but it limits bad requests to your server and gives feedback to the user faster
    cleanAndValidateTask(theTask);

    but before sending it to the server or on the server it will attach some information about whos currently logged in, and then on the server you would run something like this

    // SERVER CODE
    var cleanAndValidateTask = function(taskObject) {
        // removes extra properties, limits character count, insures that each field has the right data type, strips out html, etc..
    };
    //using the same function that was on the client
    cleanAndValidateTask(theTask);
    checkIfUserIsOwnerOfTask(theTask, currentUser);
    // finally is passed all checks, can now be inserted into the database
    insertTask(theTask);
    The reason all the checks need to take place on the server is incase someone sends stuff to your server not through your client which can happen. I hacked into the place I used to work by doing that. I hope my example helps example it a little better
    David Castner
    @davidjcastner
    Disclaimer: when I hacked into it, I was working there and testing one of the apps they made. It was ethical and legal
    Robert Maylie
    @rmaylie9560
    Perfect, that cleared things up for me quite a bit.
    Robert Maylie
    @rmaylie9560
    So essentially regardless if the packet is getting tampered with through a bad guys proxy. It still a: see's if the client has entered his password and currently logged on. Then strips all the potentially injections on the json.
    David Castner
    @davidjcastner
    @rmaylie9560 yes except the passwords are best handled via libraries or third party services such as log in with github or log in with facebook
    Lily Romano
    @Lilyheart
    While yes @rmaylie9560 a few new things ended up on my task list today, for the most part I got through a lot of the things I’ve been putting off. Taking a break and then trying to get the last of it done. Looks like I’ve missed some fun convo’s in here!
    @davidjcastner do you remember who asked about which stack(s) to learn? Mouaz?
    David Castner
    @davidjcastner
    @Lilyheart I believe so, he was also asking about backend architecture like aws
    Lily Romano
    @Lilyheart
    Thanks. I found a cool link and I wanted to tag him when I posted. :heart:
    Lily Romano
    @Lilyheart
    Robert Maylie
    @rmaylie9560
    To reroute the ip and skip the MITMs broken connection to the server. That's actually an awesome work around. I always thought of that as insecure for one reason or another. I see the logic behind it now.
    Robert Maylie
    @rmaylie9560
    What's that lik
    Looks like it has some cool stuff in there
    Lily Romano
    @Lilyheart
    Robert Maylie
    @rmaylie9560
    wow that looks extremely overwhelming
    Robert Maylie
    @rmaylie9560
    are you contributing to any?
    Lily Romano
    @Lilyheart
    in my spare time? hahhahahahhaha
    Robert Maylie
    @rmaylie9560
    well you have to fill that .0005 second slot in the day somehow.
    Lily Romano
    @Lilyheart
    That’s why I have cats!
    Robert Maylie
    @rmaylie9560
    lol
    Robert Maylie
    @rmaylie9560
    I've always had a bad experience with cats.
    Robert Maylie
    @rmaylie9560
    that was weird.
    Lily Romano
    @Lilyheart
    What?
    Robert Maylie
    @rmaylie9560
    My semi offensive anecdote disappeared :laughing:
    Lily Romano
    @Lilyheart
    :grimacing:
    Robert Maylie
    @rmaylie9560
    about my one eyed cat peeing on all my stuff
    he was a bastard.
    Lily Romano
    @Lilyheart
    sounds like a personal problem
    Robert Maylie
    @rmaylie9560
    absolutely, I would get wafts of urine scent every time I turned my head.
    Lily Romano
    @Lilyheart
    Sounds like a boy with boundary issues. I’ve been lucky with these two. They are absolute love muffins.
    Robert Maylie
    @rmaylie9560
    Yea, I guess it's hit or miss. What kind of cats?
    Lily Romano
    @Lilyheart
    basic domestic rescues
    Robert Maylie
    @rmaylie9560
    And he was a boy.
    Lily Romano
    @Lilyheart
    might also have been fixed late in “puberty”. These two boys were fixed super early.
    well, normal early, but you know what I mean.
    Robert Maylie
    @rmaylie9560
    im glad you went rescue. I have a bleeding heart when it comes to that stuff
    yea I gotcha.
    Alex H.
    @Alexander-Huh
    hello!
    Danielle Butler
    @dbutler22
    Hello!