I’m planning to make an app where a user can add content (like tweets) and I’m just curious what are usually the practices in storing these kinds of data. I wouldn’t prefer seeing what my user posts as an admin so should I encrypt it?
I’m also planning on using either Strapi or Firebase for my app.
Any references or some articles to get me started and better understand how to handle data would be a huge help.
Related
I have a website that uses the YouTube API, and I am looking for a solution to generate unique API keys for each individual user upon login, so as to prevent multiple users from utilizing a single key. Is there a feasible way to achieve this, or is there a more effective approach to consider?
I am not sure how to approach this issue as I do not have enough information or context about the problem.
Creating additional api keys is not the solution to your issue.
Each application you create should have two projects on google cloud console.
Development
Production
You should then create a single api key used by your application, and Oauth2 client credentials if you need them.
If you run out of quota you should simply fill out the YouTube API Services - Audit and Quota Extension Form and request additional quota.
I'm experimenting with these 2 technologies to make a secure web app [Currently learning React (60%) and Django (<50%). This is intended to be like a medical database, so doctors and nurses enters their patients' information. They need to login obviously. I wanted to implement React-based UI (And not using the classic method to create views from django), so I've found many tutorials just like this one:
https://www.digitalocean.com/community/tutorials/build-a-to-do-application-using-django-and-react
It basically turns Django into a restAPI, and then the React frontend uses axios to retrieve data from the endpoint. Sounds not bad at all (comparing to the native method of rendering data in a webpage from Django), but the problem is that I have no idea on how to make this secure, you know, Django provides an auth system, which is pretty good and secure, I have to say, but in a project with this structure, the auth needs to be done in React, so there many questions appear:
To start with, is it a good idea to make a project of this structure? (If no, then what could be a good one)
If it's a yes, how can I protect the API so only logged in users can interact with it? (What mechanisms to ensure protection)
Yes, this is absolutely a good idea to separate the client application and the backend server application.
You can access the backend through the rest api basically with any frontend framework/app/script.
Customers are able to extend their own applications with the abilities of your backend service.
You can create multiple different frontends that use the same backend or different parts of the same backend via the rest api (multi-branding, reselling). Or you can just swap the frontend framework every second year to a new one.
It's also easier to create different automations by using the rest api.
And the list goes on.
For django rest api auth I would recommend Token Authentication which is already included in the Django REST Framework and for React use this tutorial for implementing the login and the token handling.
And don't forget to use TLS on your servers, and create API documentation. (Example)
I am learning web dev and I am planning on developing a simple web app using React: a decision matrix tool.
I need users to be able log in and save their matrices under their profile so I prefer to not use LocalStorage and thus learn more about databases. I am thinking of using JSON as the data format and I will also need to store basics user data for login and their profile.
I wonder how to tackle such a project since so far I have only been using GitHub Pages to host my static websites. Most of what I find by googling seems confusing or irrelevant for such a small-sized project.
My questions are:
What is the simplest way to store, access and edit JSON data as well as user data for a web app?
Are there any simple databases that can be “hosted” together with the app files on a server? Not sure if the question makes sense but I don’t understand where the database is.
What article or resource would you recommend to understand the concepts for data storage?
Ideally you would want to create a backend server using any language/framework e.g nodejs, java, django, php etc and expose the required data through APIs. But, if you don't want to create a separate backend app you can use Firebase database Firestore to save and fetch all of your required data. You can even use firebase hosting to deploy your app. Moreover, firebase also have their Authentication service which you can leverage for your app's authentication.
I am planning to build a react native application, where at some point i should use a database, which database is suitable for online react native and how will i connect db with my react native code?
Databases should be linked to the server, and not directly to the app for obvious security purposes. An App is just like the front-end part of a website: if it's executed in client-side, it's not safe.
So any back-end framework with a SQL DataBase will do (PHP frameworks like Symfony or Laravel or NodeJS) You will have to get your data with react native's Linking fetch API, by adding a token if you want to limit the access to connected users only.
But good news, if you're not very comfortable setting up a server, you could always choose a server-less solution like Firebase .
I definitely recommend it. You could save a lot of time and end up with a very secure and fast solution to manage your app's data. Just be aware that only a limited number of requests per day are free (but don't worry, it's not that expensive and it gets paying only with a great number of request per day). You will have to learn how to use it by reading the docs though, it might take you a couple of days, but trust me it's not rocket science.
(Disclaimer: I'm not advertising for Firebase, I just enjoyed using it so I recommend it)
I have a Laravel + mySQL app that use either ajax or Angular $http service and I want to integrate websockets into that mix.
So I thought of trying Firebase, which is great and easy to use, but am a bit confused about a couple of things. I am seeking for someone's help in clearing that confusion.
is it possible to change the app url name for firebase ?
So instead of something like https://vivid-torch-xxx.firebaseio.com can I change it to https://myawesomesite.firebaseio.com?
how the schema on Firebase should be structured ?
Or better yet how not to use it all and just use Firebase as websocket server instead of ajax ?
I essentially don't want to have 2 databases to manage the data.
there is a Firebase package for php/laravel, but I don't know why would I need it. Or what exactly is the benefit of using it if am already using a REST-ful backend with angular.
The schema will basically be how you want your JSON for your front-end will read it. Are you displaying notifications? Then investigate how that would be structured. Firebase will give you the power to push updates to the front-end which then will no longer have to pull data via the API on what the actual data is it needs to display the notification.