|
If you're going to down-vote everyone who tries to help you, then nobody will try to help you.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Member 11999597 wrote: Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
The message is quite clear - you shouldn't accept login credentials over an HTTP connection.
You need to get and install an SSL certificate for your site, and only display the login page over HTTPS. Depending on your requirements, you might be able to get away with a free SSL certificate from StartSSL[^] or Let's Encrypt[^] (when it eventually arrives).
NB: It's not sufficient to just post your login credentials to an HTTPS endpoint. You have to load the page with your login form over HTTPS as well:
Your login form posts to HTTPS, but you blew it when you loaded it over HTTP | Troy Hunt[^]
For a SPA, that might mean that you have to load the entire application over HTTPS.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Hello every one, I am working on angular js developing user interface for customer. I need to develop secure authentication for user credentials. While testing my application using (http I am facing this issue: "Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen."
Any help would always welcome regarding secure login.
|
|
|
|
|
what are the steps to learn professional skills in making front-end and back-end of websites? what are the programming languages should i have expertise in? what are other necessary things? And what are sources to learn such stuff?
|
|
|
|
|
programmerinthemaking wrote: what are the steps to learn professional skills The first step is learning how to do your own research. The internet has a wealth of information that Google[^] will help you find. For web development you could start with http://www.w3schools.com/default.asp[^], and maybe http://www.asp.net/[^].
|
|
|
|
|
You will need to start with the basics:
HTML
CSS
Javascript
Here is link that will help you with HTML, CSS and JavaScript - w3schools.
Next you need to decide witch Server-Side framework to use (You need to do some research on which one suit you best), the following are commonly used:
ASP.net/ASP.net MVC
JSP
PHP
After you have good knowledge of the basics, you can have a look at HTML5 (optional)
|
|
|
|
|
- Decide if you want to be a designer or a developer. If you're more interested in look-and-feel, go the design route, learn some graphics tools (GIMP is free) and a little JavaScript to add some bling. If you're more interested in meat and potatoes keep reading.
- Learn ECMAScript (JavaScript). That is the only thing that is common in all web stacks, and it's weird enough that coming to it from another code background is not terribly easy.
- Pick a stack. C# MVC/Entity Framework, Java, or JavaScript(MEAN Stack) are all common contemporary choices. Yes, database is technically part of the stack, but you'll need to learn to abstract someday anyway. Slightly more dated and less optimal choices are PHP or Ruby on Rails.
3a. Do not pick C# WebForms. It will leave you confused by real code. - As noted above: Google. Live it, learn it, love it.
|
|
|
|
|
Crystal report font size decreases when export to PDF in windows 2008 R2 64 bit
|
|
|
|
|
hi
friends I want to Send sms using Gsm modem Through Php in ubantu os how can i am communicate with modem with php
|
|
|
|
|
Hello there! Just wanna ask if how will I be able to create my own sip web phone(PHP, Javascript, etc...) that could run in Mac, Windows and Linux? What things do I need to use like what library or plugin should I be using?
|
|
|
|
|
I don't currently work on the web development side of my business as I work more at the database and client app side. I tend to be very much a roll-my-own code sort of developer - meaning I will write classes rather than make extensive use of opensource or buy-in libraries. This way I know I am in control of what the apps do.
So my question is coming from a certain amount of ignorance regarding current web development practises.
What I am noticing is that the chaps working on the web development side are using a lot of 'plugins' and open source software to get a website up and running.
It appears that when they hit an issue they find a 'plugin' that fixes the issues and invariably need a series of plugins to integrate the 'plugins' with each other to get the website working.
From my .Net client side experience this just looks like asking for trouble, I imagine one 'plugin' failing or not being compatible with an update on another 'plugin' and potentially the whole site breaking.
Am I justified in my concern?
Is it quite normal with PHP and javascript development to rely heavily on external open source 'plugins' or libraries nowadays?
Thanks for your experience and opinions on this.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
modified 5-Sep-15 17:17pm.
|
|
|
|
|
With PHP, JavaScript and many more, there are far, far too many frameworks and related API's. This doesn't mean that programmers can't create their own modules and plugins, but why re-create the wheel when a working example of such a module/plugin exists that you may, if that functionality has been programmed in, then manipulated to some extent. Remembering that to create modules/plugins can be both time consuming and expensive and often the customer wants something created with minimal fuss and for minimal costs and quickly.
It is perfectly fine if you want to write a PHP application from scratch, I'm sure the chaps from WordPress or Magento or Prestashop or Laravel etc would welcome the competition. But answer this, are you prepared to spend a huge amount of time, energy and potential money writing such a behemoth and then give it away as freeware (or as free community versioning) such as the names I used above. And the same arguments are relevant for the many frameworks evident with JavaScript - Angular.js - for example.
Besides, it is not as though in the Microsoft world there are no modules/plugins as there are thousands (perhaps many hundreds) there as well.
Yes, plugins/modules can become problematic when updated, so taking precautions is necessary.
modified 1-Aug-19 21:02pm.
|
|
|
|
|
Sure - I understand in terms of convenience and speed.
Is there anything to be said about being cautious about using free third party software whose dependencies may break one day?
I know it's a case of degree and even the .Net framework could be broken by Microsoft - however I have more faith in the .Net framework not doing this than having a business running on tens of 'plugins' that could have security vulnerabilities or just break one day due to connected libraries that get updated.
I had some experience trying to get Oauth running with .Net and the number of libraries and dependencies I had to include was fairly large. Some of these libraries were also non-functional and I had to go in and fix these bugs myself.
The points you make are ones I have already heard - do you however see any dangers in this practice and a need for caution when avoiding coding php/javascript yourself?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Of course there are horror stories when a badly written/configured/deployed update can kill a website. This is no different from an Android updated application applied to your Android smartphone that subsequently causes problems, but not problems to all smartphones. Equally, you can have different results using Microsoft's offerings from the Windows Operating Systems and so on on different machines, some of same or similar hardware from something that works well to something that makes the computer wholly unusable.
As you know, you have to be defensive before you deploy, alas, many non-professionals (and no doubt some professionals as well) just either don't know/understand or for the many reasons that we all should know of, can't be bothered, let alone the commercial pressures to get the latest and greatest thing "up there yesterday if not before".
The .net framework, written by Microsoft, was a major undertaking that must have cost millions of man-hours and millions of dollars. PHP, for example, does not expect to match Microsoft offerings, it hasn't that corporate structure let alone the finance to do better than it has done on shoestring budgets and, over a period of time, community volunteers.
There are many dangers. An organisation could be severely hurt if their e-commerce offerings suddenly died or becomes problematic if an update fails in some way.
GuyThiebaut wrote: about being cautious about using free third party software
If you look at the repositories of, for example - Drupal or WordPress - you can see quantities as downloaded as well as its star rating as well as if it is still being developed and the reviews. There is some degree of trust that can be placed in many plugins/modules, but a risks always remains...
modified 1-Aug-19 21:02pm.
|
|
|
|
|
Thanks Richard.
Your replies are very helpful and give me some perspective on my concerns
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Don't know if the Microsoft NuGet repository checks and tests plugins/modules before NuGet will include them. WordPress, Drupal, Prestashop and others do not permit plugins/modules/Themes/etc into their repository without testing them. But that doesn't say what testing and how much testing was done.
In terms of security, you can always take the time, if you got the time, to look at the source code of plugins/modules to ascertain how they deal with data before it hits the database, or issues surrounding XSS and other nasties. But the twin enemies of time and money may forbid you from doing much more than a cursory glance.
modified 1-Aug-19 21:02pm.
|
|
|
|
|
A well designed site will not break-down with one or more plugin not loaded - it only will malfunction in some parts, and even there not completely...
For instance - if you use a input box extension to control the input formatting, you will lose only that, but the user still will be able input values...
So, even it is true that there is some risk in calling in plugins, that risk can be calculated and minimized by choosing those plugins carefully...
My main points for that are:
1. The plugin must be tested and reasonably matured...
2. I never use a plugin with tens of features to solve a single problem (in it case I may write it for myself or compile only the relevant parts of the plugin from the source)
The reason to pick a plugin is to shorten the development time...We all have problems (in 99.99% of the cases) that has one or more solutions somewhere...and you can use it as an idea, a copy-paste code or as plugin/library...
I do agree with you, that writing all your code is the best way to stay in control, but think of it...you use the built-in .NET classes with no hesitation...Why? Do you believe, those are better written/tested...Why?
So in my opinion using plugins is not different from using and other (built-in/open or closed source/payed or free) library/plugin/class/feature/function/method - you have to test and pick carefully...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
And this one is for you:
http://www.commitstrip.com/en/[^]
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Hello,
I am wondering if following methods in my script are vulnerable for DOM XSS attack? If yes, what is the best practice to write them. Kindly help if you can guide about it.
1. document.createElement()
2. document.getElementsByTagName()
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
Thank you for your time.
Best Regards,
Supriya
|
|
|
|
|
How to fake or declare a kendo controls in jasmine test. I can spyon the mothod that has the code but now i want to test logic in javascript
javascript/Angularjs
var grid = $("#Grid").data("kendoGrid");
var multiselect= $('#multiselect').data('kendoDropDownList').value();
the errors I get is Cannot read property 'dataItems' of undefined and Cannot read property 'dataItems' of null respectively
MVC
My controls is as follows @(Html.Kendo() .MultiSelectFor(m => m.id) .Name("Test")) in the View
Thanks in advance
Phetole
|
|
|
|
|
I have developed a website by css and html, would you mind anybody to check my site and give me a good suggestion? my site is http:
|
|
|
|
|
|
It needs a lot of work. The UI looks pretty weak. I'd suggest studying CSS design techniques and looking at other sites.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Dear Experts ,
I have developed a web application using asp.net C#.I want retrieve lots of images from database
and show on Datalist control.I tried but it shows only cross mark instead of actual image.
please help me .
|
|
|
|
|