Apple encourages people to register apps with the reverse URL scheme to avoid name collision with other developers.
For instance, if I owned example.com then I might name my app: com.example.my-app.
How can I prevent other developers from hijacking my name space?
Related
I have a website on my personal domain that I would like to password protect securely. This website has two parts. One is a static website I have created with the SSG Eleventy and copied into the web directory. The other is an installation of MediaWiki. My site is hosted on Dreamhost shared hosting and is currently password protected with Apache .htaccess and .htpassword files for basic authentication. This is mostly fine, except for the fact that it isn’t easy to “log out”. I would like a way to password protect this site that gives me more control over logging in/out.
I want to be able to create my own log in page that looks more like the rest of the site (instead of the default Apache login page). I would also like there to be an easy way to create new users and passwords, though I want the ability to create new users to be restricted to the admin account (my login). I want users to be able to log out whenever they want, and have the site properly protected from any logged out users. I would like this password system to also protect the part of my site that is built with MediaWiki. This means that, if I navigate to a page within the wiki, I want it to redirect to the site-wide log in page, before allowing access to MediaWiki. Once the user logs in, they should have access to the whole site, including the wiki section without being prompted to enter the password again. (I am aware MediaWiki has its own login page, but I want to be able to use a single password for accessing the entire site. Also, I am NOT looking to integrate MediaWiki’s internal login with this site-wide login.)
I do not intend this site to ever have that many users. Really just me and a few others I want to invite (via their own username and password). So I really just need a simple way to manage these user accounts and prevent access to others.
What is the best way to do all this? Is it even possible to do any of this for a static website? I know I probably have to use php to make this work, which I don’t know too well, but am willing to learn. It also probably shouldn’t be too hard to create and manage a database to store the usernames and passwords if necessary. I would just like to know if all this is possible and what the easiest way to do it would be.
I am pretty new at web development and this is the first real website I have built and deployed. I would really appreciate any suggestions and help.
I am about to implement a reception screen view of some data my product holds. This data is not extremely sensitive, but enough so that my customers do not want it just out there on the internet for all to see.
The concept is a smart tv with a built in web browser that displays a webpage hosted by my application. My application requires authentication for all other interaction, but the smart tv does not support authentication. So I would like to secure the page somehow, so it isn't just available for all to see.
The only options I see are:
Security by obscurity. I would really like to avoid this one.
IP Whitelisting. This I could do, but not all my clients have a static IP.
Enter credentials on screen. This is not really feasible and the credentials are lost on reboot. So we cannot do this.
Are there other options I just don't know about.
For límited input devices like TVs where is not easy enter credentials there are some Open Source options like CPA (developed by EBU for Hbbtv Use Cases) than can work for you and you can control the e2e
CPA
Reference Implementation
The autenticacion token can be stored into your SmartTV app until its expiration or client's logout, etc.
There is also
After some research I found that the best option is the OAuth 2.0 Device Authorization Flow.
The gives the user an experience like the one used when setting up Google Chromecast or AppleTV.
https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow
I am about to start building a mobile site which is dynamic, working from a lot of dynamic content which must come from the database.
I have already written a REST API for the site which the IOS and Android applications are using to interact with the information.
My question is what would be the absolute best practise for building this site, would it be:
1- Make the mobile classes an extension of the existing site functions
(The downside I see here is that the mobile site would be dependant on the main site library meaning that any bad heat on the main site would also affect the mobile site)
2- Make the mobile site a completely stand alone site running from itself
(The downside I see here is that any change to the main site library will need to be reflected here so in essence we would almost be writing code twice)
3- Make the mobile site run from the REST API and standalone
(The downside i see here is just increased number of HTTP requests for the information rather than communicating with the server directly)
Each one would function normally and there wouldn't really be any problem there, coding is really not too difficult, though if I make it standalone I would need to recreate a lot of the functions from the main site and adapt them for the mobile site which isn't ideal.
Look forward to your comments! Thanks
I would go with 3rd point, but that needs to be architect well.
We will prioritize standalone application after that API, also we can have 2 way communication, any content changed on server it will coordinate with clients to get that updated.
Also I would also suggest go with Bootstrap framework, its an awesome framework and have responsive and adaptive design
I have a Youtube video set to private so nobody can watch it via Youtube or the embedded player. However I do want people be to be able to watch it on my website. The goal is to make the video available exclusively on my website for a while before I open it to the world. I was thinking to login to my Youtube account seemlessly using Youtube's API and log out after the video's finished but that doesn't make security sense. What's your take on that?
I agree with your intuition. Making the private sharing secure seems tricky at best. Although the Data API has procedural authentication options, I don't think Player API has that facility. Furthermore even if it did, it's hard to see how it might work without exposing your password.
Your best bet is probably to directly host the video on your website. You would use your website's authentication for restricting access limited release video. Then when your ready for the public release you can either switch to YouTube hosting or relax the authentication of your self hosting. The Video for Everybody site has examples of several options for self hosting of videos.
I'm building a custom CMS for my clients and i've implemented the Facebook API for posting on Page Walls as admin. All works well but I do have one question. Let's say the FB app name is 'CMS FB APP'.
The CMS will reside on my clients' servers, is it possible to use 'CMS FB APP' for all of my clients? Or do I have to create an application for each CMS that I install on every different server?
In the app settings I have to set a Site URL and Site Domain but this is for each client different, I don't seem to find a solution for this problem.
If you are using authentication, you have to create a separate app for each url where your app will be hosted. You will receive an error when the user tries to log in with facebook. Facebook requires that your 'next' and 'cancel' urls in the authentication return urls be on the same domain as your app's Site Url. One solution would be to setup an app with a base url such as example.com and have each client on their own subdomain like client1.example.com, client2.example.com, etc. Short of that, you are stuck making separate apps.
It worked for me when using App domains options in facebook app settings.You can enter multiple domains as App domains
The redirect_uri you use in your code must have the same base domain as that specified in the App Domains.