WebFund 2016W Lecture 14: Difference between revisions
|  Created page with "==Video==   ==Notes==   ==Code==  * [http://homeostasis.scs.carleton.ca/~soma/webfund-2016w/code/session-demo.zip session-demo.zip] * [http://homeostasis.scs.carleton.ca/~soma..." | No edit summary | ||
| Line 1: | Line 1: | ||
| ==Video== | ==Video== | ||
| The video for the lecture given on March 3, 2016 [http://homeostasis.scs.carleton.ca/~soma/webfund-2016w/lectures/comp2406-2016w-lec14-03Mar2016.mp4 is now available]. | |||
| ==Notes== | ==Notes== | ||
| ===In Class=== | |||
| <pre> | |||
| Lecture 14 | |||
| ---------- | |||
| * sessions | |||
| * jQuery | |||
| To do sessions securely, you need: | |||
|  (necessary but NOT sufficient) | |||
| * session cookies that cannot be guessed | |||
|   - use a secret | |||
| * secure password storage | |||
|   - need to be hashed at minimum | |||
|   - see bcrypt | |||
| * secure communication with web server | |||
|   - HTTPS (HTTP over SSL/TLS) | |||
| jQuery and client side JavaScript | |||
| jQuery is just a standard library for client-side JS | |||
|  - far from the only one | |||
| I could teach you the standard browser interface | |||
|  - but it is ugly and has quirks | |||
| How you build interfaces | |||
| code versus data | |||
| * when you build an interface, you have | |||
|   - code that determines the behavior | |||
|   - data that describes the interface appearance | |||
| * But code can change the appearance, and data can | |||
|   describe behavior | |||
| * how much do you do with each? | |||
| * traditionally, you do most everything with code | |||
| * When you want end-user customizability, you do more with data | |||
|   - theming | |||
| * Even when lots of the interface is in data, the code | |||
|   is in charge...except on the web | |||
| * On the web, the data is king, and the code serves the | |||
|   data | |||
| </pre> | |||
Revision as of 21:44, 3 March 2016
Video
The video for the lecture given on March 3, 2016 is now available.
Notes
In Class
Lecture 14 ---------- * sessions * jQuery To do sessions securely, you need: (necessary but NOT sufficient) * session cookies that cannot be guessed - use a secret * secure password storage - need to be hashed at minimum - see bcrypt * secure communication with web server - HTTPS (HTTP over SSL/TLS) jQuery and client side JavaScript jQuery is just a standard library for client-side JS - far from the only one I could teach you the standard browser interface - but it is ugly and has quirks How you build interfaces code versus data * when you build an interface, you have - code that determines the behavior - data that describes the interface appearance * But code can change the appearance, and data can describe behavior * how much do you do with each? * traditionally, you do most everything with code * When you want end-user customizability, you do more with data - theming * Even when lots of the interface is in data, the code is in charge...except on the web * On the web, the data is king, and the code serves the data