While I'm not new to software development, I'm relatively new to web development. I made a hobby website leveraging React and ASP.NET Core, and everything is functional (for now) and I learned quite a bit. However, I remembered that I was able to access the API from my browser, ala www.mysite.com/api/endpoint?parameter=42, and I've been able to access it from other devices.
There are learning materials on Pluralsight for securing one's website and/or API if said website has user accounts, but my website doesn't have user accounts since any potential users my website would have are just going to be there to look up information. How would I prevent essentially "everyone" but the frontend code for the website from making requests to the API?
Related
I have built a web app (read: a website within a naitive app container) for iOS and Android. I started by adding the website script provided by Google to my app, figuring it would work since it's basically a website hosted within a container. The issue? Well, it doesn't work.
When I access the app from my phone, all I get within the Analytics GUI is that there is a user at page / nothing else despite how many pages I go to. I get the same result if I just browse to the website on my phone. However, if I go to the website on my computer, the script seems to pick up everything perfectly. I can see all pages I've visited and when, for example.
So I guess I have two questions:
Why doesn't the script work as expected through the app on my phone, but perfectly when accessing the webiste on my computer from a technical point of view? Does Google perform some sort of blocking regarding the request headers?
Is there any way to get the website script to work within an app or do I have to use Firebase for long-term and sustainable tracking?
Have in italics since the feeling I get when reading here is that the Google Analytics Services SDK for Android and iOS will probably be phased out sooner or later. According to this post the GA SDK is already deprecated. So using that doesn't really feel like an alternative.
Also, I am not interested in comments like "Why don't you use this analytics tool instead", or, "What's your problem with Firebase? Just use it".
There are two types of Google Analytics accounts. Web accounts and mobile accounts. Web accounts run off of pageview hits. Mobile accounts run off screenview hits. If you insert a screenview into a web account the only thing you will see is page / because its sending the in correct hit type.
The SDK is used for tracking mobile applications so it inserts screen views. You cant use the same Google analytics account for tracking with it your going to need a mobile Google analytics account if you want to use the SDK. You wont of course be able to analyse between the web and mobile accounts.
Cant help with firebase sorry.
I've found out about new Google Firebase Hosting recently and I was wondering if that would work for Wordpress website?
I got a bit confused them talking about static websites & web apps even though as far as I know Wordpress is dynamic...right? on their website it says:
https://firebase.google.com/docs/hosting/#key_functions
Whether you are deploying a simple app landing page or a complex Progressive Web App, Hosting gives you the infrastructure, features, and tooling tailored to deploying and managing static websites.
It looks like a nice Hosting platform for web, especially that they provide SSL certificates, but is it good for Wordpress?
Thanks!
I THINK it would be possible, you still need your SQL+PHP server and you should use it as WordPress backend, you need the WordPress REST API and a plugin with hooks in transition_post_status, comments... and whatever you want to show in your front end, use WordPress API endpoints to send the JSON to the firebase database... after your template should use a Javascript framework in order to make JSON requests to the firebase database and show the data in the browser... It would be difficult but I think it could be the cheaper and best solution ever for a high traffic website (plus all the benefits of firebase).
Nope. Firebase doesn't provide any of the requirements necessary for Wordpress, that being MySQL and PHP on the server side. Firebase provides a JSON store accessible via an API, and static hosting for apps that can access said API.
I am building a web consisting of MediaWiki and phpBB as its subcomponents. Also WordPress may be added in future. My current problem is to choose a single unified authentication method (not to force users to have a special MediaWiki account, a special phpBB account, etc.).
Which approach would you recommend me? The basic limitation is that it is a simple LAMP server (no LDAP database). Possibilities I know about:
Use a decentralized protocol such as OpenID, OAuth 2.0, etc. I would prefer this approach. However, OpenID is not supported by Google any more so OAuth 2.0 would be probably more appropriate.
Use DB of users from phpBB and install some plugin to other subcomponents (MediaWiki extension for phpBB auth.)
Use DB of users from MediaWiki and install some plugin to phpBB.
Use some specialized web application for user credentials management and install plugins both to MediaWiki and phpBB.
I think the main point you already understand: You need one of your new platforms to be the central user store. The problem you know have to find out:
What platform has the plugins to interact with each other? It's possible, that you find plugins, that only works "in one direction", and for mediawiki itself you will find a log of outdated extensions, that maybe won't work anymore with the latest mediawiki versions and updates.
The other point is, that you should think about WordPress now, too. After you selected one central user store you mostly can't change it with a lot of work, so I would check for an integration of WordPress now, too.
Looking at that and a short search i wouldn't prefer MediaWiki to be the central user storage, and i'm not sure, if phpBB is the best solution, too :/
I think one of the best would be to use LDAP, extensions and plugins seems to be supported and working for the latest versions of each software. You yould have a central user store, which could be easily integrated in other applications, too. What is the reason you can't use it, an LAMP stack could handle this, too?
The second solution i would consider to choose is to use Google's user store and access it vi OAuth 2.0. MediaWiki, phpBB and WordPress supports this with plugins and/or extensions.
At the end of the day a login is a login is a login. All the custom fields specific to individual applications can be properly bridged with plug-ins. Make the app that will require the most babysitting your main database and thus login system. In many cases it's the forum, but that really varies by site.
I would caution that many new forum admins eventually want to upgrade from phpBB to something that's more powerful and modern. I was one of those admins. Yes, phpBB is as good as an open-source forum gets, but it just doesn't compete with the commercial forum apps. So keep that in mind if you make phpBB your main database.
I was wondering if anyone can point me to a tutorial / step by step guide / downloadable template (free or paid) / video about adding Facebook connect functionality to a website.
I've created several website but I'm self learned and inexperienced.
I have no knowledge of oAuth protocols simply basic asp.net (VB) of going to the database, getting data and posting it on the site.
I've gone through several posts on the matter but it seems that they changed lots of stuff from before 2012 (so most articles are irrelevant). I also went through Stackoverflow but the questions and answers are above my expertise.
My site is basic and was also built from scratch without using any existing methodology (like MVC etc.). I also tried working on a new site with the ready template Visual Studio 2012 sets up. The built in sign up form seems to work (though I do not understand what it does) and I removed some of the functionality which I think was created to enable Facebook connect since it bounced lots of errors I couldn't understood.
The end goal is to allow easy one step signup and signin while getting the user's email and maybe birth-date.
THANKS!
I have a .net web site(eg: www.mysite,com) and I use some external links in my site that redirect to other sites (like www.google.com). But how I know a user spend time in second site(ie www.google.com)
Assuming you have no control over the external website - you cannot.
You cannot inject your own client-side scripting into external website (well, sometimes you can, but it's XSS and it's bad).
Google Analytics tracks the activity of the users on a certain website because website owner included javascript code.
It may be possible for Google to track user's activity over multiple websites but only if those website display Google Ads. It is not bullet-proof since users can block ads.