Difference between revisions of "WebFund 2016W Lecture 14"
Jump to navigation
Jump to search
(Created page with "==Video== ==Notes== ==Code== * [http://homeostasis.scs.carleton.ca/~soma/webfund-2016w/code/session-demo.zip session-demo.zip] * [http://homeostasis.scs.carleton.ca/~soma...") |
|||
| Line 1: | Line 1: | ||
==Video== | ==Video== | ||
The video for the lecture given on March 3, 2016 [http://homeostasis.scs.carleton.ca/~soma/webfund-2016w/lectures/comp2406-2016w-lec14-03Mar2016.mp4 is now available]. | |||
==Notes== | ==Notes== | ||
===In Class=== | |||
<pre> | |||
Lecture 14 | |||
---------- | |||
* sessions | |||
* jQuery | |||
To do sessions securely, you need: | |||
(necessary but NOT sufficient) | |||
* session cookies that cannot be guessed | |||
- use a secret | |||
* secure password storage | |||
- need to be hashed at minimum | |||
- see bcrypt | |||
* secure communication with web server | |||
- HTTPS (HTTP over SSL/TLS) | |||
jQuery and client side JavaScript | |||
jQuery is just a standard library for client-side JS | |||
- far from the only one | |||
I could teach you the standard browser interface | |||
- but it is ugly and has quirks | |||
How you build interfaces | |||
code versus data | |||
* when you build an interface, you have | |||
- code that determines the behavior | |||
- data that describes the interface appearance | |||
* But code can change the appearance, and data can | |||
describe behavior | |||
* how much do you do with each? | |||
* traditionally, you do most everything with code | |||
* When you want end-user customizability, you do more with data | |||
- theming | |||
* Even when lots of the interface is in data, the code | |||
is in charge...except on the web | |||
* On the web, the data is king, and the code serves the | |||
data | |||
</pre> | |||
Revision as of 17:44, 3 March 2016
Video
The video for the lecture given on March 3, 2016 is now available.
Notes
In Class
Lecture 14 ---------- * sessions * jQuery To do sessions securely, you need: (necessary but NOT sufficient) * session cookies that cannot be guessed - use a secret * secure password storage - need to be hashed at minimum - see bcrypt * secure communication with web server - HTTPS (HTTP over SSL/TLS) jQuery and client side JavaScript jQuery is just a standard library for client-side JS - far from the only one I could teach you the standard browser interface - but it is ugly and has quirks How you build interfaces code versus data * when you build an interface, you have - code that determines the behavior - data that describes the interface appearance * But code can change the appearance, and data can describe behavior * how much do you do with each? * traditionally, you do most everything with code * When you want end-user customizability, you do more with data - theming * Even when lots of the interface is in data, the code is in charge...except on the web * On the web, the data is king, and the code serves the data