Highlighted

OT: json data files - open to view

LEGEND ,
Jan 30, 2019

Copy link to clipboard

Copied

I have a question as I'm testing out workflows which will see me now using json data returned from a json file converted from a php file database query.

It seems anyone looking at the source code - process_json_data.php - can be viewed directly, revealing the json data. Don't worry I won't be using json for any sensitive information such as passwords/usernames and email address. However say I have a delivery business and I want to allow users to keep up-to-date with an order progress - aint it infringing the personal information regulations if the json file shows what was ordered, by who, at what time, price, the route of the delivery and the final address of the delivery, I think so.

Is there a workflow which allows the php file to process and convert into json data but show nothing if a user goes directly to the proccesing page?

Humm

Os.

Views

280

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

OT: json data files - open to view

LEGEND ,
Jan 30, 2019

Copy link to clipboard

Copied

I have a question as I'm testing out workflows which will see me now using json data returned from a json file converted from a php file database query.

It seems anyone looking at the source code - process_json_data.php - can be viewed directly, revealing the json data. Don't worry I won't be using json for any sensitive information such as passwords/usernames and email address. However say I have a delivery business and I want to allow users to keep up-to-date with an order progress - aint it infringing the personal information regulations if the json file shows what was ordered, by who, at what time, price, the route of the delivery and the final address of the delivery, I think so.

Is there a workflow which allows the php file to process and convert into json data but show nothing if a user goes directly to the proccesing page?

Humm

Os.

Views

281

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jan 30, 2019 0
LEGEND ,
Jan 30, 2019

Copy link to clipboard

Copied

Only way I've researched is using the below to test the ip address requesting the data.

$_SERVER['REMOTE_ADDR']

But that seems a bit 'unstable' because IF the hosting company just moves a website to another server without first informing the website owner, the data processing will stop working.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 30, 2019 0
Adobe Community Professional ,
Jan 30, 2019

Copy link to clipboard

Copied

Hide the data inside a php file as per

junk.jpg


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 30, 2019 0
LEGEND ,
Jan 30, 2019

Copy link to clipboard

Copied

Just trying to work out how to get  a variable, which holds the json data back into the receiving page? If I echo the data out in the php page using $export it works BUT if I just assign the jason data to a variable I'm not sure how to pass that variable back to the page where the json data is needed.

Php processing page:

$data = $conn->query("SELECT code FROM deliveries WHERE code LIKE '$searchCode%'") or die($conn->error);

$response = array();

while($row = mysqli_fetch_assoc($data)){

$response[] = $row;

}

$exports = json_encode($response);

echo $exports;

Below is in the page where the data needs to be returned and 'response.data' which is fetched from the php processing page is stored in the 'data: code' array so the page can access it.

data: {

code: [],

},

methods: {

recordByCode: function(){

axios.get('get_code_process.php', {

params: {

searchCode: this.searchCode

}

})

.then(function (response) {

this.code = response.data;

})

So somehow, IF I store the jason data in a php variable, which wont show the information if the php processing script is directly accessed, it has to get back to the page where its needed.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 30, 2019 0
LEGEND ,
Jan 30, 2019

Copy link to clipboard

Copied

I guess I might be overthinking this a bit because if you have something like vue dev tools loaded in the browser you can easily see the all the information returned as 'objects' anyway, even if you attempt to hide the data in the php file.

I guess it doesnt really matter if the data is just general non-sensitive information BUT if your search is for sensitive data its best not to return all the data to perform a search through BUT only that which is a match in the database, damage limitation I think that is called.

The problem is its quite scary because how many other devs are using a json workflow which might contain sensitive data which infringes upon the personal data protection act and don't really know what's going on in the background.

Food for thought.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 30, 2019 0
Adobe Community Professional ,
Jan 30, 2019

Copy link to clipboard

Copied

I don't want to seem like I am lecturing, but I do believe that JSON forms a big part of modern web development.

When I started developing websites, I created designs that were based on a 640x480 screen. Then came different screen sizes and devices that required a fluid web design.

Today we are confronted with an internet of things where, not only design, but data storage has to be flexible. Terms like decoupled and headless systems have been widely written about. It all boils down for the need to have an API system of communication. The API has to be written in a language that web browsers understand, namely XML or JSON. Back in the days of Spry (Spry was much more than navigation bars), the flavour was XML. Most modern API's favour JSON.

So, to answer your question, JSON is used when a payment is processed, when you pass a driver-less car and when your fridge tells you that it has run out of beer.

Actually, this topic opens a can of worms ..... (mouth shut and head down).


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 30, 2019 0
osgood_ LATEST
LEGEND ,
Jan 31, 2019

Copy link to clipboard

Copied

BenPleysier  wrote

Today we are confronted with an internet of things where, not only design, but data storage has to be flexible.

Confronted with a lot of confusion really. Back in the days when you actually knew which of a handful of workflows to follow was less stressful and one could designate more time, energy and focus to becoming good in a particular field, instead of spending copious amounts of time trying to decide who, if anyone, or what is right or wrong instead of actually getting on with it.

Back in the days when validation was everything - we'll today if you use a lot of front-end javascript frameworks nothing validates, without having to jump through hoops. It was never me who supported validation but those that did and are now using front end javascript frameworks have strangely gone quite, like is always the case when it suits.

What next, I literally have no idea, neither does anyone else. It's a bit of a mess and free for all.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 31, 2019 0