I am trying to make an ecommerce project with react and django for college and i am trying to make it as real as possible and i am confused where to store user's data like id,token and cart data, etc..
i tried to use local storage but i've seen articles saying it is not safe and vulnerable to cross-site scripting attacks
so where should i store data ? is it on the frontend or backend ?
Related
I have created an application with Laravel 7 that contains users that can log in.
In parallel, I create a showcase site for the application (another domain) and essentially html/css.
I would like on this showcase site to propose login and registration buttons if there is no user connected to the laravel.Otherwise I would just like to propose a "Dashboard" button if a user is connected to the Laravel application.
How to do that? I confess that I'm a bit lost. Thanks for your help.
You need to create an API on the laravel app which will be used by the "showcase site".
To login and authorize themselves you can use JWT
to keep user data and use it on the showcase site you can either save them in
localstorage (just be careful not to save any sensitive data there as people can take that information in case of XSS vulnerable)
indexdb
cookies
None of these methods are safe. They can be exploited using XSS so i advice on using JWT to secure sensitive data.
I am currently working on a Vue JS + Vuetify + Axios + Laravel architecture where I am making a dashboard. Currently I am working on the user profile where they can upload a picture for their avatar but also can upload their business licence (via a different uploader).
User need to be able to modify update those documents later on.
What is the best strategy to implement this requirement nicely and with proper security ?
Store the files in a private area of Laravel or a public one after renaming it with a random + user name?
Store the file as a blob in mysql directly and retrieving ?
Store the path of the file in mysql only while storing the file in a public/private folder under Laravel tree ?
For authentication I plan to use jwt and websanova.
Where you store the avatar depends on where it needs to be displayed. Will it be shown only to that user? Other logged in users? Non-authenticated users?
Regarding the user's business licence, I would store that in a folder that's not publicly accessible and access it via an API endpoint. This way you can implement the necessary security rules via your Laravel controller.
Generally speaking, I'd avoid storing files in a DB. You're bloating the size of the DB, which impacts on doing backups/restores, among other things. Having files stored on the file system also makes it easier to move to cloud storage (such as Amazon S3) at some point, if you need to scale your app.
We have a Firebase database connected with an APP which we want to convert to a website now. Laravel is nice frame work but unfortunately unable to sync the existing database to show up on the website as is. End goal is that any changes through an APP should reflect on the website and vice versa. Existing database include the product price, picture, ability for users to message each other , user authentication. In essence it is almost a complete market place.
If you want to use data from the Firebase Realtime Database in a web app/site, consider simply using its JavaScript SDK in your web application.
Doing so allows you app to directly read data from the database, instead of having to set up a web server in Laravel.
To ensure that your users only get access to data they're authorized for, you'll want to use Firebase's security rules. These are enforced on the Firebase server, so once you configure them correctly, there's no way for anyone to bypass them.
just finishing up building a vehicle and customer management system for a car sales. Everything is pretty generic so was exploring the possibility of creating a service from it.
What sort of options are there for keeping and managing a single code base and database but only retrieving client specific data.
The app is API driven using Laravel and a VueJS front end.
My aim would be for a client to purchase a domain and then be able to point this domain to the Forge server IP as normal.
I would still have the site created on Forge, but would just have an ENV file within it that contained specific requirement data.
But they how could I get all these sites to use the same codebase? As in, I would want a single site set up that contained all the code but the various sites could use this?
Hope some of this makes sense, any information into keywords or links would be great for what i'm trying to achieve.
Initially I would like to inform you that I am using ember 2.10.
Can anyone tell me how to make a login system without a token?
I am developing an offline application with Ember and Electron and I need to make the login system without using external APIs.
If I understand you right, you want to create an application that will support few users. It is possible. You will need to perform following steps:
Install ember-simple-auth plugin. It makes auth-related things much easier
Create custom authenticator that will take a login and password or something from your users and save some identifier in session
Create login and register routes, where users will be able to login or create new credentials
Most probably you will not need an authorizer, because you don't have server api and don't send requests to it
Bear in mind that this will be zero-security system, even if you will use some encryption, because js code is not secured well from exploration. Also bear in mind that electron most probably stores user's data in user's home directory (I can't say for sure as I didn't work with electron, but node-webkit does that). In this case having different windows (or what OS your users will use) users is enough to separate data and you actually don't need any login system.