Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
I think I know the answer, but I'd like more opinions.
Imagine a scenario...
You create a new website using angular 1 or 2 where basically your front end application consumes services from a server that's send you results in json - The trivial scenario.
Then a competitor decide to create one web site to compete with yours. It's pretty easy to open Developers Tools on the browser and check the address of the rest server including api parameters. So, the competitor decides to create a migration tool to make easy for people to abandon your web site and adopt the competitor web site.
CORS cannot protect you because it's much more a browser feature - also you can use JSONp to consume api of different domains.
So, the question: Is there any solution for a scenario like this ?
You can obfuscate your API, but you can't hide the calls that are made to it.
There's a single good reason for this : the browser of the final user needs to know what requests to make, and make them.
Even if you found some way to hide the requests made from the Developper Tools, someone could still retrieve them by listening for them on the network.
However as I said, you can still obfuscate your API so that trying to replicate it would require non-trivial work. That way, an understandable request like
GET /user/id1234/profile?history=true
could become the less talkative
GET /1/id1234/p?x=1
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I've designed my app in Xcode
But , it doesn't have any data ! And I want to get data from a database .
I don't know where to start ? And what should I use ?
*php , sql , json ?*
Your app needs to request data from the server, the easiest way would probably using a http request. You could either transfer the data in a json format, or just use the GET part of the HTTP Request.
You then need a simple API, written in any language the server can run, which will most likely be:
python
php
ruby
The choice of the language is up to you, it depends on personal preference and how scalable your API needs to be. The API has to deal with the request parameters and do the database work accordingly - this is up to you to design. It then needs to send a response - you can use plain text but json would be easier to deal with, as you can parse it with any language.
The app can then take that data and display it. There are lots of tutorials on the internet, here's a basic one I've found, it doesn't tell you how to build a proper API, but you'll learn how to get started.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I have a moderate level experience on HTML, PHP, CSS, Javascript and WordPress development. So I decided to create my own theme for my personal blog. I'm writing tutorials, snippets and tech news on my blog.
In fact I prefer using new design trends like single page apps. Letting users to navigate between homepage to a post or a post to another post without reloading whole page. I think using WordPress Rest API and AngularJS would be adequate.
My actual question; is it creating a SPA theme for a simple blog is sensible? Can using WP REST API for this purpose increase or reduce my server load and page load time?
Is it sensible? Sure, if that's how you want it to work.
Can using WP REST API for this purpose increase or reduce my server load and page load time? Yes it can either increase or reduce your server load time. It comes down to your actual implementation, which until you implement it wont do either.
Most blogs are fairly simple with very little html/css/js and most of the content (i.e. bytes that must be transferred over the wire) is in any media that is included as part of your articles. If you are only considering it for the purposes of reduced server load or page load time, there are a lot of other techniques that would probably prove more beneficial than converting your entire app to SPA (e.g. optimizing your static content or serving it from a CDN). Of course I don't know your exact situation and without knowing more, no one is really going to be able to help you much more.
If you have a specific change to an existing you would like for us to compare, that's something Stack Overflow would be much better at for you. Right now we're just guessing what your situation is.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am not able to find a concrete answer yet on this forum or other's that, whether spring web flow can be used with Extjs 4.2 or later release of Extjs.
In case some one has integrated then kindly let me know the basic steps or guide to a specific example will be really helpful.
Thanks in Advance.
Rohit Dwivedi
The short answer is: "Yes".
Yes, because ExtJS does not need to (and does not) know how the server side is implemented. In its very essence, Ext sends a request to the server and expect a response, usually containing pertinent data.
In real life, you need to make decisions what part of the application logic will run on the server and what on the client and what the interface (API, request/response) will be between the two.
From the Spring site:
Spring Web Flow: Supports building web applications with controlled navigation such as checking in for a flight or applying for a loan.
So, if you want/need the server to be responsible for such flows, then go ahead.
If you want to implement the application logic (flows) at Ext client, then continue looking for the server side language/platform as you do not need the Web Flow functionality.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
I am new to Heroku and playframework.
trying to create a project where i can update and read DB via android / ios app i am developing.
I would like to create some sort of service using play framework that when requested by android/ios app will update db (security here is important).
how do i create such service ? if answer is to complex is there a tutorial i can be flowered to ?
appreciate the help.
EDIT:
I realize my question might be general/unfocused (due to my own lack of knowledge).
i will try to elaborate.
my purpose is to build an app for my kids kindergarten where the caretakers can update messages to parents in the website interface and the application will read these messages from the data base. i understand it is not recommended that an application read directly from DB but use a service. as my web site is built with playframework and hosted on heroku i was wondering how do i get this all to connect ?
Actually it's hard to guess what are you asking about...
I'd suggest to build JSON API with Play application which handles JSON requests, from your mobile apps. Quite simple case, however you ned to put some effort for planning.
Although we don't know much about your approach, most probably hmac signature for authentication will be good enough for this kind of job.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
We've made this monitoring tool at our company.
It's not in our line of business so we might as well opensource the tool, and maybe someone else likes it as well, maybe they'll contribute.
The tool runs on AppEngine, so there are so the are some paths in the appengine configuration, that might be a good idea to keep hidden. Unless someone else wants to start using our appengine qouta.
Is there a best practice for open-sourcing AppEngine applications?
Does anyone have any experience to share regarding opensourcing appengine sites?
You can get some ideas from excellent gae-init. The way its working in order to avoid exposing sensitive information, is moving it in a stand alone project, you can even use gae-init for that ;)
As part of the model is a Config class which holds all the information as it concerns the service and its dependencies. There are some default values there but it can also be easily customized from a web interface called admin. Have a look.