|
stoops posted:I would like to get into HTML5 a bit, focusing more on canvas, and being able to draw spectrograms. It's more than possible, but I would recommend using a charting/graphing library until you get your feet under you. Trying to make one from scratch will be many hours of investment to solve a solved problem. Here are quite a few: http://www.unheap.com/?s=graph I use flot. It's nice.
|
# ¿ Jul 2, 2013 15:59 |
|
|
# ¿ Apr 27, 2024 17:23 |
|
kedo posted:I've seen d3.js used on some interesting canvas projects as well, though I haven't used it myself. That is badass.
|
# ¿ Jul 2, 2013 16:13 |
|
gmq posted:The beginning of the end of my job if it actually works as advertised. I guess I can always learn and go full stack. That looks pretty amazing!
|
# ¿ Jul 24, 2013 15:31 |
|
hayden. posted:I'm trying to use JavaScript to pull in reddit submissions. It probably isn't sending your login cookie along to reddit with that request to get your stuff. You may have to do some other stuff with the API to get an auth token you can send along with the request to get a user's settings respected.
|
# ¿ Jul 26, 2013 19:39 |
|
Lumpy posted:You must have never designed a website that was supposed to generate revenue. If only that hypothetical business had spent the time to make their site workable with javascript blocked, the story would be: "Hey boss, our company had 24.5M in expenses, the site only brought in 19.1M. Good thing we support MidasWWW!
|
# ¿ Aug 2, 2013 13:29 |
|
Is it common to have the client side javascript hash the password and pass the hash rather than the plain text password to the server for verification against the stored hash? With HTTPS you don't have to worry about man in the middle attacks in general, but it seems like that would be most secure.
|
# ¿ Aug 19, 2013 15:51 |
|
NtotheTC posted:Well the flow for the plugin I typically use is: Whatever you do, you don't want the activation/password reset records to be re-usable. In the same transaction as you set the account to active or apply the new password, you should set the linking record to inactive or populate a date field with the date used and the IP used from. This can be useful auditing information. You can, for example, see that 900 users were activated from the same IP address in 2 hours.
|
# ¿ Sep 6, 2013 13:15 |
|
DreadCthulhu posted:Are there any obvious security practices besides that one that I should make sure to have in place? Couldn't find anything specific on OWASP etc, maybe security stack exchange will have more. 1) If you have a pending activation or password change out there and they request a new one, disable the previous one first and you should probably tell them to check their spam folder before sending out another one. 2) Don't deactivate the account because they used the password reset link. 3) Don't let them specify an e-mail address to send the reset link to, it should be the one on their account that they activated from. There is some debate on if you should tell the user which e-mail you sent the password to if you're using a Login+Pass or Login/Email+Pass system rather than an Email+Pass system. The concern is that if the Login is the same as a displayed name on your site, people can request a password reset and then see the victim user's email address. So consider that. 4) All reset and activation requests should only be valid for a fixed period of time, generally a short one. Probably more, but those are the obvious ones.
|
# ¿ Sep 6, 2013 19:55 |
|
|
# ¿ Apr 27, 2024 17:23 |
|
fletcher posted:I'm curious what you design savvy folks think of linkedin.com. I haven't used it much but my god it feels like such a clusterfuck of a UI. It's specifically designed to make corporate users feel right at home!
|
# ¿ Nov 15, 2013 05:05 |