by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Robert Maylie
    @rmaylie9560
    thank you.
    David Castner
    @davidjcastner

    Alright have fun but I'll leave you with a quick example. Let's say you have a database that stores JSON object (example: mongodb) and you have a form for inserting a task for a certain user

    // let's say the JSON looks something like this
{
    taskTitle: "My Task",
    taskDescription: "Blah Blah Blah gotta clean my room",
    taskPriority: "9001"
}

    on both the client you might run a function like this (pseudo code)

    // CLIENT CODE
// assuming that you've grabbed the information out of the html form
var cleanAndValidateTask = function(taskObject) {
    // removes extra properties, limits character count,insures that each field has the right data type, strips out html, etc..
};
// this client side validation is techniquely not required but it limits bad requests to your server and gives feedback to the user faster
cleanAndValidateTask(theTask);

    but before sending it to the server or on the server it will attach some information about whos currently logged in, and then on the server you would run something like this

    // SERVER CODE
var cleanAndValidateTask = function(taskObject) {
    // removes extra properties, limits character count, insures that each field has the right data type, strips out html, etc..
};
//using the same function that was on the client
cleanAndValidateTask(theTask);
checkIfUserIsOwnerOfTask(theTask, currentUser);
// finally is passed all checks, can now be inserted into the database
insertTask(theTask);
    The reason all the checks need to take place on the server is incase someone sends stuff to your server not through your client which can happen. I hacked into the place I used to work by doing that. I hope my example helps example it a little better
    David Castner
    @davidjcastner
    Disclaimer: when I hacked into it, I was working there and testing one of the apps they made. It was ethical and legal
    Robert Maylie
    @rmaylie9560
    Perfect, that cleared things up for me quite a bit.
    Robert Maylie
    @rmaylie9560
    So essentially regardless if the packet is getting tampered with through a bad guys proxy. It still a: see's if the client has entered his password and currently logged on. Then strips all the potentially injections on the json.
    David Castner
    @davidjcastner
    @rmaylie9560 yes except the passwords are best handled via libraries or third party services such as log in with github or log in with facebook
    Lily Romano
    @Lilyheart
    While yes @rmaylie9560 a few new things ended up on my task list today, for the most part I got through a lot of the things I’ve been putting off. Taking a break and then trying to get the last of it done. Looks like I’ve missed some fun convo’s in here!
    @davidjcastner do you remember who asked about which stack(s) to learn? Mouaz?
    David Castner
    @davidjcastner
    @Lilyheart I believe so, he was also asking about backend architecture like aws
    Lily Romano
    @Lilyheart
    Thanks. I found a cool link and I wanted to tag him when I posted. :heart:
    Lily Romano
    @Lilyheart
    I am entertained http://stackshare.io/pepperoni
    Robert Maylie
    @rmaylie9560
    To reroute the ip and skip the MITMs broken connection to the server. That's actually an awesome work around. I always thought of that as insecure for one reason or another. I see the logic behind it now.
    Robert Maylie
    @rmaylie9560
    What's that lik
    Looks like it has some cool stuff in there
    Lily Romano
    @Lilyheart
    @rmaylie9560 http://up-for-grabs.net/#/
    Robert Maylie
    @rmaylie9560
    wow that looks extremely overwhelming
    Robert Maylie
    @rmaylie9560
    are you contributing to any?
    Lily Romano
    @Lilyheart
    in my spare time? hahhahahahhaha
    Robert Maylie
    @rmaylie9560
    well you have to fill that .0005 second slot in the day somehow.
    Lily Romano
    @Lilyheart
    That’s why I have cats!
    Robert Maylie
    @rmaylie9560
    lol
    Robert Maylie
    @rmaylie9560
    I've always had a bad experience with cats.
    Robert Maylie
    @rmaylie9560
    that was weird.
    Lily Romano
    @Lilyheart
    What?
    Robert Maylie
    @rmaylie9560
    My semi offensive anecdote disappeared :laughing:
    Lily Romano
    @Lilyheart
    :grimacing:
    Robert Maylie
    @rmaylie9560
    about my one eyed cat peeing on all my stuff
    he was a bastard.
    Lily Romano
    @Lilyheart
    sounds like a personal problem
    Robert Maylie
    @rmaylie9560
    absolutely, I would get wafts of urine scent every time I turned my head.
    Lily Romano
    @Lilyheart
    Sounds like a boy with boundary issues. I’ve been lucky with these two. They are absolute love muffins.
    Robert Maylie
    @rmaylie9560
    Yea, I guess it's hit or miss. What kind of cats?
    Lily Romano
    @Lilyheart
    basic domestic rescues
    Robert Maylie
    @rmaylie9560
    And he was a boy.
    Lily Romano
    @Lilyheart
    might also have been fixed late in “puberty”. These two boys were fixed super early.
    well, normal early, but you know what I mean.
    Robert Maylie
    @rmaylie9560
    im glad you went rescue. I have a bleeding heart when it comes to that stuff
    yea I gotcha.
    Alex H.
    @Alexander-Huh
    hello!
    Danielle Butler
    @dbutler22
    Hello!
    Lily Romano
    @Lilyheart
    Hello!
    Ya’ll snuck in!
    What programming feats are ya'll workin' on tonight?
    Alex H.
    @Alexander-Huh
    my tribute page !
    i need ideas lol
    Danielle Butler
    @dbutler22
    I'm going through HTML on FCC.
    David Castner
    @davidjcastner
    Hello everyone! @Alexander-Huh is there a fictional character that you enjoy?
    Lily Romano
    @Lilyheart
    I should do my tribute >.> But I'm going to work on algorithms instead.
    Alex H.
    @Alexander-Huh
    deadpool, batman, I like comic book stuff @davidjcastner