I'm an enthusiast on web-technology. I want to know where does the code of a website resides? Is it hosting in all possible cases? Do usually people give access code to source code from admin panel? What if I want such functionality in my site? Will it be secure enough?
The site's code lives on your web server. The security depends on the web server itself.
It highly depends on the features of your hosting environment. If they provide ssh or ftp access, then yes, you can most likely access and modify the source code of your sites. Otherwise you are at the mercy of the control panel(s) of the hosting or the admin area of your particular website.
Related
I want to allow content creators access to admin page and let them create and edit blog posts. This as far as I know is currently only possible if Lektor is running in development mode - then one can open admin end edit in CMS.
Is there any way someone can manage blog without running their own instance?
what you are asking for defies the purpose of a static site generator. Lektor explicitly generates static content so that you do not have to host a CMS.
That being said, you can host the development mode on your server to allow editing. Though I am not sure what the limits are, especially on concurrent use. And you want to add an authentication layer to prevent unauthorized users from editing your website.
TLDR: no, you can not. You have to run a dev server instance.
I'm new to web developing and had to design a website for college. I decided to make it from scratch. I am currently hosting the website on Google Drive and it's working fine. Does this mean that it will work fine on a hosting company's web server? The main reason I ask is because of the many errors I get when using Markup Validation!
There's a lot of variables involved in this decision. The main assumption I'll make is that it's a flat site with no server scripting involved. If that's the case, you shouldn't have any issues copying them over to another web server. Though you should fix up those Markup Validation errors.
When I mention server scripting, I'm referring to PHP/ASP/Coldfusion/etc code that may be in your pages.
A client of mine is running an ecommerce store on godaddy shared hosting.
They are trying to pass pci compliance and the only issue is the default apache icons folder by allowing it to be indexed.
This folder is NOT in my web root. So I don't have access to it.
I've tried htaccess rewrites, but it's not working.
Anyone know of any other solutions?
I am sorry but Go Daddy shared hosting is not PCI Complaint. You can review the last part of this page to verify that: http://support.godaddy.com/help/article/4265/quick-shopping-cart-pci-compliance-faq?locale=en
turns out the scan is not required at level 4 with the amount of annual sales this client processes. So, we opted to leave it as-is.
I'd like to host some php or perl/cgi script, without having a full blown web site, does anybody know someone is offering this kind of service, free, hopefully.
Thanks,
David
you can sign up for a developer account with Amazon Web Services and get a server instance of your choice for free for one year - http://aws.amazon.com/
You could run your own Linux or Windows webserver - both are completely capable of hosting as simple or complex a site you want. Unless you want to make this script available for others to use as a service, there's no need to find an "outside" provider.
Hmm, Free File Hosting. Or, if you don't need to actually access the files from anywhere, and you just want them hosted somewhere, gist might work well for you.
I want to be able to synchronize several text files on a user's PC in real time from my web application. Basically I want a few data files on the local PC to mirror the state of a user's data in my web application so if the web application or the user's internet connection is lost he can use those data files to get some critical info (possibly using html/javascript code stored in with those files that would run in offline mode on those data files.)
I know that google gears has a lot of interesting tools for working with offline state, but I'd prefer an even simpler application in html/javascript that wouldn't be as reliant on google gears. I'd rather use google gears to just create those files and slowly keep them in synch with the web application's version of data throughout the day.
Update on answers:
PersistJS is a good suggestion I will look into, but I was hoping people would direct me towards really good Google Gears tutorials resources.
You can save data on the browser using PersistJS, which uses the best client-side persistent storage mechanism it can find, supporting:
Flash
Google Gears
HTML 5 storage specs
browser-specific extensions
cookies
When your app reconnects, you can resync. Creating and reading text files is something the browser will generally block your web site from doing.
Risking of stating the obvious; if you want to store user state locally, isn't cookies the standard way?
maybe more then one cookie will be needed, but that sounds like the simplest of ways.
You're going to need to make an ActiveX control and a FireFox plugin to get these permissions. Short of that I agree with orip try using PersistJS
You can ask the user to download a subversion client that is predefined to interface with your subversion server only. Then write your web application to interface with the subversion service from your side only.
There is a good deal of security harm associated with granting access to a user's file system so you will want to lock down all possible points of exploitation. You will want to ensure that the user cannot access the subversion server except through the client that you ask them to install. You will want to ensure the connection between the application server and the subversion server is extremely secure so that the transmission path cannot be compromised and that malicious logic that may be loaded onto the application server cannot access the subversion server. I would say to encrypt the transmission path between those two servers and put the subversion server behind the firewall separating your network DMZ. I would also suggest use a challenge/response mechanism between the application server and the subversion server to prevent malicious code from appearing to be legitimate decisions made on the application server. Also, ensure that data only flows form the application server to the subversion server in a unidirectional fashion only, because if there is malicious logic planted on your application server then any data that comes from the subversion server is compromised without even accessing that server.
you could use the File System Object FSO through javascript, however it is dependant on Microsoft as it is an ActiveX control, it would also require permissions in the browser, or perhaps a HTA (HTML Application).
http://www.webreference.com/js/column71/
Its a real security issue so most avenues are closed down inhrentley.
Inherently the web model was designed not to authorize upstream from server to client. Now things are changing slowly maybe could you do this with Websocket ?