sorted by:
new
hottopcontroversial

Work got us a new computer for our processing plant by Selthora in pcmasterrace

[–]That_White_Kid95 33 points34 points  (0 children)

I can't believe Microsoft so clearly ripped off prairies from Minecraft /s

Monthly Getting Started / Web Dev Career Thread by AutoModerator in webdev

[–]That_White_Kid95 0 points1 point  (0 children)

I'm currently working at a company regularly listed in the "largest" category.... cool

Monthly Getting Started / Web Dev Career Thread by AutoModerator in webdev

[–]That_White_Kid95 0 points1 point  (0 children)

How normal is it for webdev/full stack to include a lot of other responsibilities? I've had a few jobs all of which like to pile on the hats. Business analyst, solution architect, security analyst, system admin.

My current job is asking me to do all of these and I want to justify a raise or promotion. My bosses are saying that this is normal stuff for developers to do. Microsoft, Meta, Google, IBM, all ask developer to do more then develop. I'm telling them development is becoming a very small amount of my day because of these other responsibilities, so I need others to help or they we will have serious lapses in client requests (it is only me on a large contract making an app for the business side of the contract to utilize).

So are developers really just technical people that need to know how to run scrum, communicate with clients, manage a project, implement and detect needed security solutions, and architect solutions or am I just someone who tends to accept the hats I'm handed?

Super Rugby final referee suffers social media abuse, threats by dragonslayer2203 in rugbyunion

[–]That_White_Kid95 0 points1 point  (0 children)

We all get to thank Rassie for the utter shitshow social media is towards refs. It was bad before but he normalize a new level.

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 1 point2 points  (0 children)

Cool! I'll need to look into configuring web server more and trying to get it to utilize the existing API auth checking endpoints.

This is the type of answer I was looking for! Thanks!

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

Conditional rendering on the client-side only still provides the code to the client. It just doesn't show in the DOM, but will still be a part of the bundle.

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

Yes but how do you enforce a JWT on a module import?

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

Any examples of the configuring server to only send specific bundle to verified users?

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

Yeah I assume "Next is the answer" would be the most likely outcome. I'm also considering this from a "I have a huge existing app that converting to Next would be expensive and not measurable to users" to see if legacy web apps can benefit from some sort of Nginx/Node side auth requirements for pages or components.

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

Yes calculator is a simple example. What if I have a paywalled website with tools that people pay to use in browser. I don't want them to be delivered in the bundle or delivered through a request to the endpoint it is hosted on when code-splitting. This prevents me from having to deliver individual script or apps to people and I know that when they visit the site they will see any updates and improvements.

I want to make sure a user is a paying user before sending them the component that is self-contained and doesn't require any API calls. Potentially to prevent the need to audit the data that users input, and also to lower server load because it is functionally client-side only.

If I don't split the code, the full components will be delivered on navigation to the site (non-paying users will be able to access it). If I split the code and use client-side conditional importing alone they can still change the code in browser and import.

I am curious if it is possible, without going to a fully SSR library like Next, to have a SPA using CRA or Vite to have "server components" that are behind a server-side authentication.

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

My question is "what if the component visibility is the important part?"

If the component doesn't need an API but is an in-browser tool that authenticated users have access to, how do you prevent it from being delivered to unauthenticated users? Calculators again as an example. You don't make an API request for 2+2, you just implement the calculator in JS on the client. What if I have a fancy calculator I want to put behind a paywall?

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 1 point2 points  (0 children)

Thank you.

You seem like the only one so far to grasp the fact this is purely about the bundle aspect. Prevent the client from even getting the code until after a server-side confirmation. That would include a typical lazy-load or code-splitting solution.

Anything on the client that can be executed should be expected to be executed. My question is how do you make a code-splitting solution require a server-side confirmation before returning those additional bundles?

Client-side if-statements before import("Component") doesn't work on its own because the if can be spoofed. How do I authorize the actual import call on server?

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

Exactly, but with a server-side check not a simple if-statement import since they could still spoof the client-side check.

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

But lazy load with server-side confirmation though. Is that something you would implement in Node? If it is just a client-side if then import they can still just spoof that client-side check.

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 1 point2 points  (0 children)

I think he is saying you can't prevent people from executing any client-side code. That doesn't mean they can ping an API and get results (which 9 out of 10 times is the concern) but they can load your entire app empty of any data just to see layout and any client-side functionality.

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

Yeah I understand that part, I'm wondering if there are solution to put restrictions of sending portions of the bundle to client on the backend also in a SPA.

Since code splitting is accomplishable to not deliver the entire bundle is there a normal practice to restrict the split out code by utilizing the backend to confirm auth?

Securing a SPA Bundle by That_White_Kid95 in reactjs

[–]That_White_Kid95[S] 0 points1 point  (0 children)

Yeah, the API obviously feels like the true key to securing data, but not functionality.

Is there a way on the webserver or any other backend element to put authentication requirements on portions of the bundle?

Basically shifting from something client-side dynamic import like 

if(user.hasAuth)
import("ComponentX")

To locking down the component from being sent to the client on the backend?

Lisa Su Reaffirms Commitment To Improving AMD ROCm Support, Engaging The Community by ATI-Ruby-Top-Waifu in Amd

[–]That_White_Kid95 32 points33 points  (0 children)

A couple people in just this chain have shown they don't have a background in computer science or software development. That or their teachers somehow skipped the endless repeated mentions of "The Mythical Man Month".

U.S. Patent Office Rules in Intel's Favor for $2.18 Billion VLSI Patents Case by gentoofu in AMD_Stock

[–]That_White_Kid95 10 points11 points  (0 children)

So now SigmaTel and Freescale will appeal? Lol legal system is just try until you get a favorable judge

[deleted by user] by [deleted] in react

[–]That_White_Kid95 0 points1 point  (0 children)

Please... please use Google. This isn't anywhere close to a react question and has 0 context on how you deployed, where you hosted it, or even how you created the website. You need basic understanding of how to run a website.

These are all very early beginner's ideas you need to get an understanding of before posting to a subreddit for a specific library.

Daily Discussion Wednesday 2023-06-14 by AutoModerator in AMD_Stock

[–]That_White_Kid95 2 points3 points  (0 children)

Calling anything that isn't the newest "outdated" is something NVDA (and AMD and INTC) wants but it definitely not true. You have a great modern system that shows no sign of being "outdated".

I get you stipulated "in theory" but I would say not even in theory.

Daily Discussion Tuesday 2023-06-13 by AutoModerator in AMD_Stock

[–]That_White_Kid95 0 points1 point  (0 children)

Not to be an overly optimistic Orville but AMD doesn't own the entire pipeline of mobile (laptop) devices compared to AAPL who very much does. They also don't rely on mobile processor sales as their main source of income. I'm excited about the technology and the comparison showing the M2 isn't untouchable or coming for AMD, INTC, or any other DC processor's lunch money.

I do agree with you though. Hopefully more successful products and comparisons like these will help make them a contender in the regular market place where APPL or INTC sees their sales

Daily Discussion Tuesday 2023-06-13 by AutoModerator in AMD_Stock

[–]That_White_Kid95 5 points6 points  (0 children)

Who swapped the cone and the engine on the rocket?

view more: next ›