I'm pretty new with an Ember so for the start I have a noob question - is it possible to use Local Storage and REST adapter at the same time?
For example, if I want to do a login via API, if login is success the server will return an API key which is used for later communication with a service. Is it possible to store that information locally on the client and to retrieve it when necessary but also, for other models, to use REST adapter?
If this is not a good way to handle such case, which one would you propose and is there any kind of example which would me lead me in the right direction?
Thanks to the people from #emberjs, I found out that there is a wonderful ember-auth authentication framework for the Ember.js which does what I need.
Related
I'm driving myself mad with this and hoping a better method exists.
The scenario is this: I have written a Blazor Web Assembly application with server hosting. The application needs to implement row-level security (using EF Core) but I need some access permission to be looked up in another database via an API (external supplier so have no control) to be used in the security.
Ideally I'd love the permissions to be managed in AAD but that isn't supported in the external application and is too much overhead to manage manually.
On the client side I use a custom AccountClaimsPrincipalFactory to lookup the correct permissions and create the user claims.
What I'm struggling with is to then to manage this server side, I've looked into using IClaimsTransformation to lookup the claims again but this produces too much overhead as it is called on every request.
I've (not imagining it would work) tried adding claims client side, adding a new identity client side and accessing on the server. All I've really got left I can think of is using the AuthorizationMessageHandler to encrypt values and pass to the server that way as a token, it works as a work around but probably not the best method.
Is there a way to somehow lookup the database values and maintain them within the identity/token so they can just be passed around?
If this is a stupid question, feel free to give me a slap, I've just exhausted my google search terms for it.
Thanks
This question already has an answer here:
Why is it okay to allow writes into Firebase from the client side?
(1 answer)
Closed 3 years ago.
If I use the prod environment variables in my App and set the server side rules for Firestore, would my app be completely secure to perform CRUD and authentication? I am asking this because I have been seeing Angular tutorials by pretty famous YouTube content creators (Fireship) and they do not touch server side code and still show how to make a production applications. All the tutorials use only Angular and some libraries to produce the apps and features but then the console on Google says not to expose the API keys. Using only client side Angular even in production environment variables exposes the private keys right?
So in short, should I be using Node to CRUD and Auth with Firestore, or server-side rules on the console works safe?
The configuration that you use on the client to get it to communicate directly with Firebase services is does not include a private API key. Much has been said about this in various forums over the past few years. The thing you see that might be labeled an API key is actually public information. It helps the client library locate the project it's working against. The API keys you want to hide are those that exposed direct access to other billed services, including Google Cloud service accounts.
You limit access to Firebase backend services (Cloud Firestore, Realtime Database, Cloud Storage) using security rules to determine what a user can or can not do with the data stored in it. If you don't do this correctly, you could have problems.
Whether or not you want to let the client access the services directly or make the client go through some middleware you write should be decided by other reasons, as discussed in this article.
I'm working on a school project. We have an AWS server set up with MongoDB. We created some user DB for account verification purposes and communicate with it using REST API. What we need is for the mobile app to send some data to the server side. Run it with an algorithm, then return back the result in JSON format. I've never done anything similar to this, so I have no idea how to go about it. If anyone could provide some lead or guidance/links that would be amazing. Thank you.
First of all you dont need a algorithm for it. It is just a process you have to follow and its kinda lot more easy than you thinking.
If you are doing it in android you can connect to rest webservice via Google's Volley http://developer.android.com/training/volley/index.html.
Or You can use Retrofit 2.0. I have been using it for a long time and i prefer it.
http://square.github.io/retrofit/
I'm writing a game for iPhone, and I want an online leaderboard using mySQL, which i'm very familiar with.
How do I implement this in my app?
I would assume there's a framework/library i need to obtain?
You don't.
You most certainly DO NOT want to expose and publish your database connection to the "live" internet. That's simply folly.
The database listeners simply aren't designed to work over such an unrestricted domain. They tend to live sheltered lives.
Instead, you should front your database with another service that IS designed for the wilds of the internet. This service can handle the authentication, encryption, load balancing, etc. requirements that good internet servers support.
Most folks today use some variant of web service, posting XML or JSON, but you can do whatever you want.
But don't open the DB connection to the live internet. You're just asking for trouble.
You should abstract the DB technology from the app, wrap your MySQL DB with a simple web service and run it on a web server, then you can use standard HTTP requests to interact with your database from your app.
My suggestions (not by any means the only way to do this)...
Use Django (or some other simple web framework) to wrap your database model, you can ever have django generate the code from your existing DB schema.
Write a few basic views to modify your DB using basic HTTP POST calls and send the username and score data in the POST data
Write a few simple pages that return the data you want in an XML format that you app can parse and display however you want, these are essentially just very simple generated web pages.
Now you have a publicly accessible leaderboard server that your app can interface with by posting scores and retrieving data through simple socket HTTP calls.
This may be outside your scope, but have you considered using OpenFeint instead to do Leaderboards and more? There's no actual framework/library from Apple to create a leaderboard in GameKit. You have to write one yourself from scratch. Although, using the OpenFeint library would give you all this for you, but that's if you want to use it.
More information here on a tutorial to do just what you're asking.
http://icodeblog.com/2009/10/29/iphone-coding-tutorial-creating-an-online-leaderboard-for-your-games/
I'm in the middle of working on my first native application with networking and I have a question regarding the best way for interacting with remote storage. In a perfect world I'd like to do the following.
Prompt the user for login information from the iPhone.
Verify the users credentials and connect to a MYSQL database hosted by myself.
Parse MYSQL data into a table view.
Allow the user to add or update information in the database.
I've read some similar questions posted, maybe something's lost in translation, but the two most common means I've come across are.
Create a web service for handling these requests using SOAP/REST/JSON (no experience doing this, but would like to learn if it's a better implementation)
Write PHP scripts (enough experience to get by) that will grab data username/password/requests securely from my NSURLRequest and echo the NSData as XML and parse it with an NSXMLParser.
Are there other options? Is one a better implementation over the other? (web services come up more in searches)
Thank you in advance for taking the time to read my question and possibly clearing up any confusion.
Whoa! Web Services! Oh wait, calling a PHP script that returns JSON is actually also a web service. Well, that makes things simpler :-)
Yeah, so I would go for this:
Write a PHP script that returns JSON data (many tutorials available)
Protect the PHP script by setting up 'Basic access authentication' (Apache documentation)
Tell Apache to take the user database from your mysql database
Run your service on secure (HTTPS) web server (important because basic auth is not secure)
This way you can use almost all standard components on the iPhone side. NSURLConnection will talk HTTP(S) and there are excellent open source JSON parsers for Objective-C.