I am working on a sensible advert exchange system.
Most of the ones out there have crappy interfaces over crappy codes.
I want to do somthing different.
What are the things I need to consider when validating clicks and impressions to ensure the integrity of the system.
Thanks in advance. :)
Define what constitutes a valid click.
Define what constitutes a valid impression.
Ensure that your code can determine which actions pass these definitions and which don't.
Related
Suppose there is an AdaptiveCard that contains some input fields like this.
Normally the inputs made by the user are submitted as json by the AdaptiveSubmitAction which is part of the formular too.
Is there a way to submit the json data using a SuggestedAction?
I suspect not, but I'm not sure...
Unfortunately, no, there is no way to mix the two. Additionally, the adaptive card requires the submit action when inputs are presented, otherwise, the text entered can't be ingested/accessed.
Now, you could use the card for displaying what information you are seeking and use suggested actions to present possible answers. Unlike the choice prompt, suggested actions allows users to enter in alternate responses. Your bot logic would need to know how to handle alternate responses. Meanwhile, in the background, your logic could construct the user responses into a JSON object.
I don't know if this was helpful. Hard to know without knowing your use case and specific needs.
Hope of help!
I'm guessing no. Here's the situation I have in mind:
form action='/12345/destroy', method='POST'
- if #current_user.kind_of? Admin
button
- else
span You cant do that
What's the better way to go about constructing a page like this? Create a controller for those "in charge" and have the buttons there? What if the admin chooses to disallow some users from using the delete button, are we back to square one? Thanks
Your example is perfectly fine IMHO, but it really depends on your requirements. If you think that someday there will be the need for more kinds of users and you're afraid the views could get messy, I'd recommend looking into an ACL library. Alternatively you can always roll your own authorization layer.
Your view is fine, but obviously, it is in no way secure. You have to check the privileges in your "controller" (if you have one) or in that request's receiving end.
Also, that logic will probably be used in more than one place. You might consider extracting it into a helper method.
form action='/12345/destroy', method='POST'
= render_destroy_action_for #current_user
Once you have that logic hidden in a method, it will be easier to change later.
We've got a few emails that get sent out by our ASP.NET MVC 3 application.
In one of the emails, we want to add "Did you find this helpful?" to the footer of the email.
If they click "Yes", some action needs to be taken in the database.
What approach should i take for these links?
I don't really like the idea of doing a GET (e.g when they click the link), which then adds something to the database. GET's should never update state. Is there a way i can make it do a POST instead?
I'm using ActionMailer to perform emails, if that matters.
EDIT:
To be clear, i'm how asking "how" to implement the MVC side of things. I know i can create an action which takes the id, etc and saves to the DB, but i'm asking about what is the correct approach from a REST-style point of view.
You can create a form and do a POST in an email but it wont work with certain mail clients. Here is a reference from 2007 that shows where it works and where it doesn't:
http://www.campaignmonitor.com/blog/post/2435/how-forms-perform-in-html-emai/
ETA: A POST would of course fit the REST pattern but probably not a good option in your case. Since you are presumably just incrementing a counter for helpfulness, having this URL exposed shouldn't cause much of a problem.
I use codeigniter as my framework and in the top of my controllers I am going to add a line of code that will send the uri_string (the last page the user requested) to a library which will send it into the users session and possibly eventually into a database.
My question is whether or not I need to validate this uri_string() at all or whether it is safe as is?
Simple answer, if in doubt validate it.
For the short time it will take you to code it you will have peace of mind.
Also, if this is going to happen for all you controllers may I suggest that you either add the function call to the construct of each controller or extend the core controller to include the call in its construct.
Keep in mind that the 'permitted_uri_chars' item in config.php will automatically prohibit any URL that contains non-permitted characters. So, as long as you haven't modified that to include potentially malicious characters, you should be ok. From the comments in config.php:
By default only these are allowed: a-z 0-9~%.:_-
However, as Rooneyl mentions, it probably wouldn't hurt anything to sanitize it anyway.
Are there are any rules for when to use Client-Side validation and when to use Server-Side?
The right answer is probably use both.
Client-Side validation is faster and should be used as much as you can before submitting the form to the server.
BUT! You can't count on client-side validation since there are easy ways to go around it, so you need to repeat all the validations on the server-side and add new validations if you need (for instance: using database to add more validations etc.)
It is ok to use client-side validation for convenience. You should always validate critical info on the server though, since client's can be circumvented.
What happens if javascript is disabled in client's browser?
So go for Server side validation.... I think there is no rules for validating on client/server... Its upto you and your users....
its better to validate both sides for better peroformance and it would be secured , as it avoids duplicate entry , we would know that, data entered is correct at any point of time . Client side is always good and its mainly for User interface for the user to know the what is right or wrong .
One more thing if we are writing our own stored procedures than its better to write validations on proc side so tht message can be passed through output parameter also .