Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed last year.
Improve this question
I would like to give web designers autonomy to publish web pages but letting them to edit aspx files is a serious security risk as they don't have the required programming skills.
I was thinking about two approaches:
They are only able to edit html files and call services with ajax;
Let them to edit xslt files associated to services that return xml.
But both have a drawback: limited use of templates.
How would you deal with this situation?
If the developer is on his own domain then its safe to give him full access to JavaScript. However if he is sharing this domain then by giving him access to javascript you open the door to XSS. This allows the publisher to hijack other user accounts (usually by access document.cookie, but there are other same-origin policy abuses). One possilbity is to use Html Purifier, which prevents javascript all together.
There is a better alternative and that is a Google-Caja, which places restrictions on the javascript a developer can execute. This is important for apps written for social networking sites.
This is an issue that's already been addressed in most CMS systems. Have a look at joomla, drupal, SharePoint, etc etc.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I have just started out doing web development projects for clients and I have done two so far using NextJS, NuxtJS along with headless WordPress for the CMS. As I also have a full time job these projects take a fair amount of time and I end up working constantly.
I have recently come across Webflow and have messed around with it to see how it works. It seems like if I used Webflow and the CMS is provides I could get through projects much quicker than I would currently.
Do you think that for freelancing using a tool like Webflow is a better idea than what I am currently doing?
I currently use Webflow for client projects and I use Next.js at work. I would highly recommend using Webflow for the following reasons on most web dev client projects.
Speed of customization (You can create components in Webflow and copy and past them into new projects, which allows you to reuse standard parts in seconds)
CMS already integrated.
Ability to easily give clients access to edit their own content if they need
Easily edit SEO settings
Easily connect other tools like Zapier and Memberstack if you need
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
Apologies if this is in the wrong category. I'm currently developing and application in ASP, due to my inexperience with ASP I'm worried about vulnerabilities that a user can exploit.
My application is being coded from scratch, no templates used or defaults from Visual Studio, completely blank projects. The user is greeted with a login page where depending on there user access in active directory depends on which pages the user can access.
The exploit I'm worried about is if the user will be able to commit a directory traversal and access a page in which they're not allowed to access and change critical information.
I'm afraid my inexperience has caught up with me. Could someone explain to me how I could limit the access to the user or, If I'm over thinking the process, correct me? Constructive criticism is accepted.
Microsoft does try to help protect your application through their defaults, so if you're running in IIS, make sure the user the application pool is running under only has write access to the folders it needs to write into.
This is a very open-ended question and depends on many factors such as version of .net, server OS/IIS version, other handlers installed, etc. But a good start is to review the OWASP Top 10:
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2013
Here's a list of some automated tools you can use for testing your implementation:
https://geekflare.com/online-scan-website-security-vulnerabilities/
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Currently I am working on multiple projects as a third party (outsourced) where I have no control over the hosting. My application is modular enough to be changed on the fly, all that's required is slight edit in Html / CSS and it'll become a brand new site.
I do not want my proprietary codes to leak on the web without my consent.
Since I'm contracted to only work on a few particular domains, I wish to "lock" them down in the sense there won't be multiple instances of the same application running in the wild.
Domain locking comes to mind, but this will be rather restrictive as my client will no longer be able to change domain in the future.
Any other inexpensive ideas?
You could try having a registration server somewhere that requires various libraries in the system to register infrequently.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I wanted to crate an mobile app (using Flex) that let user upload some user generated content (eg. Text, Picture) to my website and also able to display/view it on the website as well.
I don’t much on the back end (web programming, website database, cloud).
What is the best way to do this or is there any ready build solution out there?
Thanks.
Look at httpService for your user upload and tie it to a back end web service using POST or GET parameters. Personally, I recommend PHP but any web capable service would work. Then, tie that service to store your images on your web server or in a database. Reverse the process to get it back out. Can this all be done in Flex? No. Can you tie it in with a web service easily? Yes. Good luck.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have never programmed web sites. I know that I can create web sites using ASP.
So is it possible to create full web site with Silverlight? Or does Silverlight only support web forms?
Yes I suppose you could.
However, would it be the right choice for your target market?
Silverlight market share : 65%
Flash market share : 95%
Javscript - pretty much everyone
HTML - everyone
If you're tarketing the whole world, personally I wouldn't use silverlight for the whole site, just for features that required it (and even then, I'd write a HTML only backup version for people who don't have silverlight).
However, if you're writing it for a company that you know has silverlight installed and you're familiar with silverlight then go for it!
theoretically it's possible, but I don't think it's really recommended when some environments stop supporting plug-ins as java/flash/silverlight...
I suppose Html5 is the best choice for web development.
Here is a flow chart to help you in your decision
Pick your platform