If I want to save a response to a query on a website I'm coding to a server, how would I do that?
Here's an example. If I had a site with a "Rate us" form, and a person answered with a "AWFUL SITE!" how would I be able to save & retrieve that information?
There are several ways to do what you want to do. I'll describe two of them.
You could append each rating to the end of a file on the web server. This would be done in a server-side scripting language usually, such as PHP or ASP.NET, and you would probably want to set the permissions on the file so that it's not readable to everyone.
You could set up a table in a database (MySQL or otherwise) and add a new row for each rating given. Again, this would be done in something like PHP or ASP.NET and you would want to make sure you take precautions against SQL injection attacks (not much of a problem if you use PHP Data Objects rather than the deprecated mysql_* functions).
I would personally go for the second option as it's easier to manage and change, and it's easier to set it up so that you can store IP, name, optional email and message in every row. And like I said, you can add a new field later down the line without running into the obvious problems.
Related
At https://www.conzoom.eu/find-dig-selv/?default there is a form to enter an address and a postcode, when you search you get a code; A1, D3, E2 etc defining which segment this address is in.. I have a lot of addresses in an excel sheet of my customers that I would like to look up - is there an easier way than doing this manually?
Selenium might be what you are looking for. It is made to simulate a user on a website, so it can the inputs, read the outputs, and wait for the site to be ready before entering the next address.
The tricky part is about reading the excel sheet, depending on its format. But you can always write a macro to make the input more "readable".
It is not impossible to do this in Javascript if the data can be moved to a format that the Javascript on the page can parse.
This is not best solution, but it is an approach I have taken in the past when the web server can only server static files, no server side processing.
From what your question suggests the data set is this may not be a practical solution, due to its size and complexity.
If the data was something like POSTCODE, LOCATION_CODE and there was a one to one mapping such as all postcodes starting with MK had a LOCATION_CODE of 83 then the data can be serialised into JSON or XML(JSON prefered).
Now when the user enters the postcode on the form the Javascript retrieves the data from the server as a static file and parses the results. Compares the users inputed POSTCODE against the data and returns a corresponding LOCATION_CODE.
This only works for simple data that changes very infrequently. Alternatively you need a server backend that will connect either to your excel spreadsheet (not good practice) or to a central database with the logic running to perform the search. This logic will need something like #Todd Motto suggested Java or any number of technologies such as C#, PHP, perl
I have to implement custom search in my application for android 2.3.I have some EditText in which user type one letter and then I send response to the server, retrieve all the results matches this one letter and then I need to display them in a list. When user types second button I also need to send new response and refresh data and so on.
The question how can I do this in Android 2.3? What should i use?
This seems to be too open ended with too many questions to give a really helpful answer.
What you use in your app will heavily depend on how the server's API is expecting you to communicate. I, for one, am all for hiding the specifics of what a server does from the application and put all the "smarts" behind the API. So a query like:
http:/blah.com/getresults?search=a
would result in whatever matches 'a'. If it is searching a MySql Db, processing a Google search, or accessing files on the system doesn't matter.
Your code needs to worry about the interface to the API to make queries and processing the results, whether they're free formatted text, JSON objects, or whatever.
Maybe rewording your question or provide information on what you know would help.
I have a list of users across various companies who are using one of the functionality that our website provides. Whenever they contact our business group , we need to send a url via email to the requestor in order for them to upload some data. All these external users do not have any dedicated account. However we do not want a static link to be provided to them as this can be accessed by anyone over the internet. We want dynamic links to be generated. Is this something that is usually done? Is there an industry accepted way of doing this? Should we ensure that the dynamic link expires after a certain amount of time - if so , are there any design options?
Thanks a lot!
Usually, parameters to urls and not the actual urls are what's dynamic. Basically you generate params that are stored somewhere, typically on the database, and send email with the url and the parameter(s). This url is valid for only a limited period of time and possibly only for one request.
Answers to questions:
yes, this is something that is quite commonly used in, for example, unsubscribing from a mailing list or validating an account with a working email address
I'm not aware of any single way that is "industry accepted", there are many ways of doing it, but the idea is not that complex - you just need to decide on a suitable token format
normally you should ensure that the link expires after a certain amount of time. Depending on the use case that can be some days, a week or something else. In practice, you'd remove or disable the generated parameters in your database. However, if this data is something that might be needed for extended periods of time, you might want to think up a functionality so that it can be retrieved later on.
You may have a static URL taking a token as parameter. Eg. http://www.mycompany.com/exchange/<UUID> or http://www.mycompany.com/exchange?token=<UUID>.
The UUID could have a validity in a time range or be limited to a single use (one access or one upload).
Other variant is to use exists cookies on that site in web browser (of course, if they are).
But there are some drawbacks in this solution:
User can open link in different machine, different browser. User can clean all cookies or they can expire after it was visited your site last time when user try to go on granted URL. In these cases user won't access your page.
There is this site wich in the address bar only shows like "http://example.com/examplepage.aspx".
Normally if it would have parameters behind it you probably could just copy that one.
But since it doesn't, how do i bookmark this page.
It doesn't necessarily have to be a bookmark, but at least an easy way to access the page.
(fyi I know basic HTML and Java, maybe it's only possible programmatically).
thnx
Generally dynamic pages (taking in context with the question) are not book mark friendly.
You could probably sniff the incoming request, and create a fake form which you can then submit later.
However there may be situations where there are parameters such as session id which are valid for only small periods of time.
You should read up on sessions. In really simple terms, a session is assigned to users accessing a website. They have an expiry period. IF you stay idle beyond set time (determined by the developer) you will not be able to get in. And every time you log back in, you may be assign a new session.
You would have noticed, that some websites automatically log you in, this is mostly done with the help of cookies. Cookies work in tandem with sessions, they store very basic information, so the next time you come back to a website, it will be able to identify you as a returning user and provide you with access.
Then again, some pages don't use sessions, they might have their own custom way of identifying users.
Bookmarks can be used in dynamic pages, if the code allows you to send GET requests, if they don't have any other extra parameters which will block you.
To Summarize:
Dynamic page not very bookmark friendly.
There may be parameters used to access a webpage which change constantly, which you cannot really save.
You may be able to get into dynamic pages using bookmarks, if they don't use any of the dynamically changing parameters.
Since you know Java, you should probably read up on JSPs/servlets to get an understanding of what happens behind the scenes in dynamic pages.
Hope this answers your questions.
I'm developing a web application, and facing some security problems.
In my app users can send messages and see other's (a bulletin board like app). I'm validating all the form fields that users can send to my app.
There are some very easy fields, like "nick name", that can be 6-10 alpabetical characters, or message sending time, which is sended to the users as a string, and then (when users ask for messages, that are "younger" or "older" than a date) I parse this with SimpleDateFormat (I'm developing in java, but my question is not related to only java).
The big problem is the message field. I can't restrict it to only alphabetical characters (upper or lowercase), because I have to deal with some often use characters like ",',/,{,} etc... (users would not be satisfied if the system didn't allow them to use these stuff)
According to this http://ha.ckers.org/xss.html, there are a lot of ways people can "hack" my site. But I'm wondering, is there any way I can do to prevent that? Not all, because there is no 100% protection, but I'd like a solution that can protect my site.
I'm using servlets on the server side, and jQuery, on the client side. My app is "full" AJAX, so users open 1 JSP, then all the data is downloaded and rendered by jQuery using JSON. (yeah, I know it's not "users-without-javascript" friendly, but it's 2010, right? :-) )
I know front end validation is not enough. I'd like to use 3 layer validation:
- 1. front end, javascript validate the data, then send to the server
- 2. server side, the same validation, if there is anything, that shouldn't be there (because of client side javascript), I BAN the user
- 3. if there is anything that I wasn't able to catch earlier, the rendering process handle and render appropriately
Is there any "out of the box" solution, especially for java? Or other solution that I can use?
To minimize XSS attacks important thing is to encode any field data before putting it back on the page. Like change > to > and so on. This would never allow any malicious code to execute when being added to the page.
I think you are doing lot of right things by white listing the data you expect for different fields. Beyond that for fields which can allow other characters which can be problematic encoding would fix the issue for you.
Further since you are using Ajax it gives you some protection as people cannot override values in URL parameters etc.
Look at the AntiSamy library. It allows you to define rulesets for your application, then run your user input through AntiSamy to clean it per your rules.
The easiest way is to do a simple replacement for the following
< with <
> with >
' with \'
That will solve most database vulnerability.