Facts About HMGSCRIPT
Posted: Mon Dec 15, 2014 7:26 pm
Hi All,
After a little ideas exchange with Angel, I guess that some clarifications about HMGSCRIPT must be done;
1. HMGSCRIPT is a JavaScript library containing a set of functions, that allow us to create web applications, using the same logic as desktop applications.
2. All major web browsers (desktop and mobile) has a JavaScript engine capable of running our HMGSCRIPT apps.
3. HMGSCRIPT is not aimed to create web sites, but web apps.
4. Our application could be in one or more JavaScript (.js) files. These files must be declared in the head section of the html file that will serve as the entry point for our app.
5. The JavaScript code will be automatically loaded, when the user point his browser to our html file serving as our entry-point.
6. Our applications will not have pages. They will have forms (windows) only.
7. Since we will have not pages, will there not page reloads, so, there is no need to use cookies and similar technologies to keep data across server requests.
8. The server requests for data management, are done via AJAX, meaning that the communication works silently in the background, without affecting our GUI.
9. The security scheme is very simple: The user is prompted for an username and password. The data is sent to the server and checked in the users table. If the credentials are ok, the server returns a simple 'OK' to our client app. Then, the username and password are stored in global variables on client. All subsequent requests to the server for data manipulation, will include user credentials, that are checked again in every server data management procedure call, meaning that SERVER PROCEDURES WILL WORK ONLY WHEN VALID USER CREDENTIALS BE SENT WITH EACH REQUEST.
10. In order to enforce security, YOU SHOULD USE CUSTOM SERVER PROCEDURES and not generic ones, since an user with valid credentials, could create a custom client app, to mess with your server, arbitrarily executing data functions like dbquery(), dbdelete(), dbappend() or dbmodify(). THIS IS VALID FOR ANY WEB APP (NOT ONLY HMGSCRIPT ONES). The generic functions mentioned above, must be avoided when security is a concern.
11. Another thing that could be done to enforce security, is to create a 'token' at server login procedure, storing it along the other user data and send it to the client. Then, the client should include it, in all subsequent server procedures calls, along with his username and password, giving an additional security layer. This token should have a limited lifetime.
12. The data management demos are based on Harbour CGI server procedures, but you could use anything you want in the server (ie: PHP+MYSQL). I plan to create a function to make server requests easier, instead of dealing directly with xmlhttprequest, each time, including visual indicators, timeouts handling, etc.
13. I want to keep the library as light and fast as possible, so, I'll try to avoid the incorporation of third party libraries as much as I can, doing only when they do not cause significant impact on performance.
14. Being plain JavaScript, is very likely that HMGSCRIPT work well along other JavaScript libraries of your preference.
After a little ideas exchange with Angel, I guess that some clarifications about HMGSCRIPT must be done;
1. HMGSCRIPT is a JavaScript library containing a set of functions, that allow us to create web applications, using the same logic as desktop applications.
2. All major web browsers (desktop and mobile) has a JavaScript engine capable of running our HMGSCRIPT apps.
3. HMGSCRIPT is not aimed to create web sites, but web apps.
4. Our application could be in one or more JavaScript (.js) files. These files must be declared in the head section of the html file that will serve as the entry point for our app.
5. The JavaScript code will be automatically loaded, when the user point his browser to our html file serving as our entry-point.
6. Our applications will not have pages. They will have forms (windows) only.
7. Since we will have not pages, will there not page reloads, so, there is no need to use cookies and similar technologies to keep data across server requests.
8. The server requests for data management, are done via AJAX, meaning that the communication works silently in the background, without affecting our GUI.
9. The security scheme is very simple: The user is prompted for an username and password. The data is sent to the server and checked in the users table. If the credentials are ok, the server returns a simple 'OK' to our client app. Then, the username and password are stored in global variables on client. All subsequent requests to the server for data manipulation, will include user credentials, that are checked again in every server data management procedure call, meaning that SERVER PROCEDURES WILL WORK ONLY WHEN VALID USER CREDENTIALS BE SENT WITH EACH REQUEST.
10. In order to enforce security, YOU SHOULD USE CUSTOM SERVER PROCEDURES and not generic ones, since an user with valid credentials, could create a custom client app, to mess with your server, arbitrarily executing data functions like dbquery(), dbdelete(), dbappend() or dbmodify(). THIS IS VALID FOR ANY WEB APP (NOT ONLY HMGSCRIPT ONES). The generic functions mentioned above, must be avoided when security is a concern.
11. Another thing that could be done to enforce security, is to create a 'token' at server login procedure, storing it along the other user data and send it to the client. Then, the client should include it, in all subsequent server procedures calls, along with his username and password, giving an additional security layer. This token should have a limited lifetime.
12. The data management demos are based on Harbour CGI server procedures, but you could use anything you want in the server (ie: PHP+MYSQL). I plan to create a function to make server requests easier, instead of dealing directly with xmlhttprequest, each time, including visual indicators, timeouts handling, etc.
13. I want to keep the library as light and fast as possible, so, I'll try to avoid the incorporation of third party libraries as much as I can, doing only when they do not cause significant impact on performance.
14. Being plain JavaScript, is very likely that HMGSCRIPT work well along other JavaScript libraries of your preference.