Javascript: escape() vs. encodeURI() vs. encodeURIComponent() – Alan Ristić.
Security Services. Install Comodo PositiveSSL Certificate with Node.js at A Waage Blog. So today I tried to install the cheap Comodo PositiveSSL certificate to use on my Node.js / express.js server.
Unfortunately, all the documentation and examples of installing an SSL certificate on a Node.js server only mention two options in the createServer() method (See my full example here) : var https = require('https');var fs = require("fs"); However, with the PositiveSSL certificate, Comodo will actually send you 3 files: 1) PositiveSSLCA2.crt 2) AddTrustExternalCARoot.crt 3) mydomain.crt This is quite confusing for someone who doesn’t really understand (nor want to understand) all the details of how an SSL certificate works.
Which one do I use for the cert: option?? Naturally, I started with the mydomain.crt file. So, a bit of googling found that when installing the PositiveSSL cert on Apache servers, you must use a chain file (mod_ssl option: SSLCertificateChainFile). COMODO SSL Analyzer.
Cookies vs Tokens. Getting auth right with Angular.JS. Introduction There are basically two different ways of implementing server side authentication for apps with a frontend and an API: The most adopted one, is Cookie-Based Authentication (you can find an example here) that uses server side cookies to authenticate the user on every request.A newer approach, Token-Based Authentication, relies on a signed token that is sent to the server on each request.
Express.js Sessions – A Detailed Tutorial. I am making a part of this chapter available in the form of a tutorial on Express.js sessions for those who haven’t bought the book yet.
There are two broad ways of implementing sessions in Express – using cookies and using a session store at the backend. Both of them add a new object in the request object named session, which contains the session variables. No matter which method you use, Express provides a consistent interface for working with the session data. Cookie-based Session Using the fact that cookies can store data in the users browser, a sessions API can be implemented using cookies.
Load the cookieParser middleware with a secret, followed by the cookieSession middleware, before the router middleware. The cookieParser middleware should be initialized with a secret, because cookieSession needs to generate a signed HttpOnly cookie for storing the session data. The following is the code for enabling sessions in Express using the cookieSession middleware. How to do authentication with Node.js, Express and Mongoose. Building a Login System in Node.js and MongoDB. This past week I finally got around to playing with Node.js and am really impressed with how simple it was to get a server and database up and running in literally minutes.
Once there, I thought a good first project to explore the platform would be to try building a simple login system analogous to what I feel like I’ve built a million times in mysql & php. So after thinking about it a bit, I knew these were the basic features I wanted to implement : Login Panel Just a simple login panel with the ability to reset a lost password and of course the ability to create an account for first time users.An option to “remember me” that saves the user’s data in a local cookie allowing them to bypass the login screen whenever they revisit the site. New Account Screen A simple form that allows a new user to set their username & password,as well as some personal data such as their real name, email and location. Account Update Screen Password Retrieval If you’d like to jump ahead : Application Structure. Passport - Simple, unobtrusive authentication for Node.js. Easy Node Authentication: Setup and Local.
This tutorial has been updating for ExpressJS 4.0.
Read more here. Authentication and logins in Node can be a complicated thing. Actually logging in for any application can be a pain. This article series will deal with authenticating in your Node application using the package Passport. What we’ll be building: Node-js-is-cancer. URL: If there's one thing web developers love, it's knowing better than conventional wisdom, but conventional wisdom is conventional for a reason: that shit works.
Something's been bothering me for a while about this node.js nonsense, but I never took the time to figure it out until I read this butthurt post from Ryan Dahl, Node's creator. I was going to shrug it off as just another jackass who whines because Unix is hard. But, like a police officer who senses that something isn't quite right about the family in a minivan he just pulled over and discovers fifty kilos of black horse heroin in the back, I thought that something wasn't quite right about this guy's aw-shucks sob story, and that maybe, just maybe, he has no idea what he is doing, and has been writing code unchecked for years. Since you're reading about it here, you probably know how my hunch turned out. A Scalability Disaster Waiting to Happen Almost no function in Node directly performs I/O, so the process never blocks. Tl;dr. » CORS Middleware for Node.js and Express. X-HTTP-Method-Override. While not normally an issue with thick clients, accessing full RESTful capabilities of available services via browsers often is problematic as many (if not all) browsers only allow a form to GET or POST.
They don't allow for other HTTP methods, like HEAD, PUT, or DELETE. Google realized this and offers a solution, which is to add a header to the HTTP request, X-HTTP-Method-Override, that is supposed to be interpreted by the service and acted upon regardless of the actual HTTP method used. The header syntax is as follows: X-HTTP-Method-Override: PUT You can learn more about it from As it happens, ASP.NET MVC, version 2, supports this out of the box with the HttpHelper.HttpMethodOverride method. Be the first to rate this post.