I have a question to the stackoverflow community. I'm working with some payment stuff which has given me an private key that I would need to use in order to call their endpoints.
Storing the keys in environment is quite easy and I've done it before for smaller projects. But my question is.. Is that really the best way of doing it?
Since the project is built in NextJS (react), would you store the private keys in the environment and then collect them via the getServerSideProps function or?
I'm just interested in hearing your opinions and what would be the best way to solve this. My goal is to have it as secure as possible. I'll therefore be more than happy to take an extra step or two to solve this.
What does the stackoverflow community think about this? How are YOU storing your private keys.
(I am googling in the backround and reading some blog posts. If I find something that makes sense, then I'll share it here for the next person with same questions as me)
Storing sensitive keys inside the application is a no no. What you can do is inject them into your application using environment variables. Then whenever you deploy your application, pass the keys as env variables.
Storing it in db is also wrong cause you do not want anyone with an access to db to also have access to your payment provider.
Refer this for more info
https://12factor.net/config
getServerSideProps is the backend (to call APIs) in NextJS so it is secure to reference your environment variables here. Just ensure private keys don't appear in any client rendering. getServerSideProps are server rendered. I assume your blog searching pointed you in this direction -- but in case anyone else ends up here.
There is also this tool to confirm what code the client sees.
Related
At our studio, we're struggling with understanding good usages of stores in react/fluxible. Essentially, how do we store temporary information (like success and errors) required to proceed through UI flows without keeping that information around forever? We have always understood stores as keeping persistent information. In a multi-page registration flow, step1Complete doesn't seem like a good candidate to track in a store.
Another option we've seen is to use AJAX calls in the component to make these simple calls that just grant you the data you need in the moment in order to proceed. Is that a common practice? Does that break an isomorphic app?
Are we overthinking?
success for a step can also be classified as a state of the step, is it not? I would keep it as a prop for the step.
Or as #Cory pointed out, router2->Action-> store update->emit change->step 2
with great power comes great responsibility.Dont use ajax calls for boolean state values
I'm trying to provide a chat like environment game for kids to detect if the person speaking to them is human or not (similar to what Eugene did).
I'm looking for an SDK or api that would provide me with replies for sentences (either with context of the entire conversation or without). An alternative would be a an entire database of sentences that I'll be able to search for myself and implement my own logic.
Another option is to integrate some kind of open source solution if possible.
Does anyone know of such a service \ solution can could point me to the correct direction?
If you want some database of discusions then try to found some Corpus of dialogs this is the first one which i found. It is the corpus of movie dialogs:
http://www.mpi-sws.org/~cristian/Cornell_Movie-Dialogs_Corpus.html
And if you want some chat-bot to use in your program than is probably easiest way to use some public available api of one. There is again something which could work for you:
http://blog.program-o.com/chatbot-api/
Good Luck
I have a forum with >400 registered users. It's powered by vBulletin-4.0.4. I want to build up several websites with kohana-3.1, but keep existing forum users too. I will use seperate databases for each application (I want to keep apps as independent as possible).
So my solution is:
step 1. create special app users.mydomain.com where each user can register and update their details (birthdate/email/password). This app will catch all changes and write them to forum database and application databases.
step 2. modify default auth module to handle forum authentication. vBulletin uses algorithm: $hash=MD5(MD5($password)+$salt) for pass hashing.
Am I in the right direction? Is it OK?
Someone has already done this: Kohana vBulletin Bridge. You will need to contact the author of the module as the source code is no longer online. It wont be too difficult to upgrade it to 3 if you get it.
I haven't used vBulletin so I can't give you much advice on the subject, but you're right about the hashing algorithm. You'll also need to make sure your session is read and written as they are in vBulletin.
A quick search of vBulletin SSO to get you started.
I'm asking your opinions about my next project..
I'm planning to make website which offers services where all users would be have own subdomain (user.mydomain.com) and own website.
First I was thinking to really make real subdomain, generating automatically website code into their folder, creating own database etc..
Question #1: When I need some information from all subdomains databases in my main page (mydomain.com), how can I fetch those?
Would it be better way just use one database and dynamic code what all users are using but then re-write address like it would be subdomain (mydomain.com?user=myuser -> myuser.mydomain.com)
If someone have experience with something like what I was planning, would be nice to have tips and tricks do it right! :)
Thanks!
It will be alot of less code to maintain in you have one common codebase for all users, that just reads the domain name and uses that information.
Imagine that you discover an error in the code that was generated for one of the subdomains.
Either you would have one place to correct, or you would have 1 place + the number of users to correct.
You'll probably want all of the subdomains to point to the same codebase and treat the subdomain as an argument that is pulled out and identifies which instance of this application it is. You'll need a table in your db that will store information about each instance and then user accounts, user data, etc will all be tied back to a specific instance.
When I was setting up an account with gmail few years back (probably this is still a case, haven't check) I've noticed that system doesn't allow to register common terms, nouns as username, it seemed that it used a sort of dictionary for screening. I would like to implement similar feature in my app, anyone have idea how to tackle this? App is written in PHP but understand I'll have to hook it up with online service.
Thanks
Wordpress MU has such feature too, you fill a list of possible usernames that you want to avoid and they become unavailable for users. You can check its source to get their approach...
Sinan.
Well the API will vary from service to service so I'd suggest you find one, look at their developer docs and then if you have a question ask it here.