I am little unclear on the ‘secure sever code’ section of the meteor guide as to how code remains secure and accessible. I understand that you can place code in a server directory and call it from a place where code it shared, but how does this work with imports?
Won't you need to import the secure function into the shared code location so it works on the server. Yet, that secure code is not available on the client, as expected, so will create an error. Is there some sort of conditional import you have to set up (depending on whether the code is run on the server or client) to make this work?
Could someone let me know where my understanding on this topic is lacking?
Many thanks.
Related
I have to put into a mysql database on a remote server an int 1 and 0, depends on an external request.
I wrote two php files and put them on the remote server.
on.php
off.php
I can trigger them through my web browser like: "https//www.anysite.com/temp/on.php"
I have to do the same on my android app what I'm writing in Android Studio.
I tried many possible options to achieve my need but without any success.
In my Android app I have two buttons, one is the "On" the second is the "Off" button.
Depends on which button is pressed that php file should be loaded/triggered.
I don't have to pull any data out.
Practically I need help to make a working http request what in my case looks like a horrible nightmare to achieve.
Any help or suggestions or example I would really appreciate.
Thank you.
I tried various libraries but all of them are failed.
Most of time I focused to use Retrofit and Fuel libraries.
So, here is my situation. I have a JavaScript application where I'm appending the hashes to the filenames, as is the standard for Webpack output. This way the content can be safely cached by the browser, with the fresh load controlled by the changing file hash.
My problem is I have a situation where I need other applications to access mine, and they won't be able to be updated every time the hash changes. So I need a request like this:
https://my-domain.com/assets/js/app.js
to be redirected to
https://my-domain.com/assets/js/app.ab12cd34.js
My application currently uses nginx to serve up the pages, but nginx is static. I don't know how to configure it to dynamically identify the hashed file name and return it.
The app is being deployed to a Pivotal CloudFoundry environment. PCF supports evaluating dynamic Ruby code in an nginx.conf file, so that seemed like an easy way around this. Unfortunately, my company requires that the nginx.conf go through a special parser to enforce security headers. This parser only knows nginx syntax, and mangles any Ruby code there.
So, that leaves me with Webpack. I started investigating ways for Webpack to modify files during the build process, and I discovered the transform() function in the copy-webpack-plugin. It has the ability to modify the files exactly how I need. What is still a challenge, though, is getting the hash filename.
So, I'm hoping there's some way to gain access to what the hash filename will be in this plugin, so that I can inject it into the nginx.conf.
Alternatively, if someone knows another way to get around my core problem, I'm all ears.
You can use the webpack-manifest-plugin to create a manifest file with a filename -> chunkname/bundlename mapping.
This manifest file can then be consumed by any piece of software that needs it.
Many tutorials say to place some code in lib/file.js where it can run on both client and server.
Does that also allow the client to modify the code as they like? Thanks
Updating my answer to clarify what David is saying below:
You can change the definitions of any client-side accessible code you want. Server code itself cannot be changed while it's running unless you're using eval() or are able to mess with the file system from the client. This is important because even if you change the client code to do something that would potentially look malicious, the server code wouldn't execute that code as such since they are defined in two completely separate places (your machine on the client versus the actual server) If you mean can the client can see the code being executed, then yes, they'll be able to see the minified version of anything in lib/file.js.
I'm using minimongoid on my meteor project and I don't know if before Create and validations are done server side or client. Does anyone know ?
From its package.js file it looks like both! Also mentioned in the github readme.
So you can share the model files between the client and server. I'm not absolutely certain however that if you insert a model on the client and its been fiddled with by a hacker or something that it will be validated on the server automagically.
You might have to also validate it on the server too. The best place to do this would be in your collection's .allow method. Looking at the source of minimongoid there isn't anything tied up to .allow or .deny so you will need to validate it on the server with these.
I am publishing an AIR app in debug mode using FlashDevelop and have included a database in the files/folders to be published.
When the app first launches it checks whether there is an instance of this db in the applicationStorageDirectory, if there isn't it copies the included one from the applicationDirectory to the applicationStorageDirectory.
This should mean that the referenced database dbFile = File.applicationStorageDirectory.resolvePath(DB_FILE_NAME); should now be writable, however when i run the app i can read the records from the table but when i attempt to write using an SQL statement I get an SQLError: 'Error #3122: Attempt to write a readonly database'.
I know that this would be thrown if i was attempting to write to the read only location of the applicationDirectory but i'm certainly using the File.applicationStorageDirectory location which should (as far as i know) be writable.
The location of the db on my Windows 7, 64bit = C:\Users\sean.duffy\AppData\Roaming\FishFightAppData\Local Store\db this is found using the dbFile.nativePath property so again i'm sure i should be able to update the db.
Anyone got any ideas? I have tried everything i could think of and searched all over but the only common cause seems to be when people try to write to the asplicationDirectory and not the storage directory....
UPDATE::
My bad - have just realised that i've misread the API of the 3rd party library i'm using! I should have been calling executeModify(statement) which can modify the contents of the db, instead i'm calling execute(statement) which doesn't/can't overwrite the db.
The source code is compiled into a swc and there was no documentation to point out you needed to use executeModify, although i should have guessed from the name i suppose!
Sorry about that and thanks for your help
(As a public courtesy to get this off the unanswered list, I am reposting the apparent solution. As usual, the asker is more than welcome to ignore mine and post it themselves and accept their own answer.)
In this API, you need to call executeModify(statement), not execute(statement). The latter does not overwrite the database.