web application – Securing session storage and whether appropriate for Open Banking

I’m currently building a web application that utilises Open Banking through Plaid. This means that it pulls a users banking details through a generated ‘access token’.

I’ve been toying with the concept of how to persist this user data. My reasoning for this is that the Plaid API gets pulled on every web page that requires it, and so it causes a several second ‘loading’ to process – which if you’re navigating round my app is frustrating.

This is a poor user experience in my opinion, and so I’d prefer to somehow persist this data without having to make a server call.

To do this, I’ve initially gone for session storage. I know many people say this is vulnerable to things such as XSS etc, but it’s convenient and works well.

I’m a little uneasy with storing the results of a server call locally though, for obvious reasons.

Currently, the data which is pulled and therefore stored locally is:

  • Firebase user ID
  • Account id
  • Balance
  • Type of account
  • Last four digits of account number
  • Account provider
  • Consent expiration time
  • Transactions
  • Database ID

And a bunch of other status codes.

The actual data itself isn’t personally identifiable, or usable for anything malicious to my knowledge. No passwords are stored locally, the access token is only ever exchanged via my server, and it is encrypted so not publicly visible as plain text should my database ever get hacked.

So I guess my question is, how secure is this? Is it actually a security problem considering the data can’t be explicitly used for malicious purposes? The only time it would be a problem (in my opinion) would be if my server / database was accessed with the encryption key.

Other alternatives are..

  • Encrypt the data that is stored in session storage, but is this pointless?
  • Not use session storage at all

Or can anybody suggest any other alternatives?

I know people on here will be much more experienced than me with this – so open to any suggestions. Please let me know, it’d be appreciated.

aplicação web – Sobre o tema: “Técnicas de integração entre aplicações web e móvel”, quais ferramentas e frameworks se usariam para essa integração?

Estou pesquisando sobre esse tema e ainda não consegui achar algo que pudesse responder de forma clara esse assunto.
O que é usado nesse caso? Web Services? Quais ferramentas e/ou frameworks é possível usar? E quanto a segurança e otimização?
Grata pela ajuda

CHRISTMAS SALE | 60% OFF | Web Hosting | Free SSL

Enjoy 60% flat and 40% recurring discount with this Christmas 2020. It’s the right time to switch with a quality hosting provider where you will get the best resources and cheaper pricing. So now host your websites on our fast SSD server with Unlimited Hosting Plans and 24×7 technical support. Our top priority is to provide the best website hosting experience to our clients at an affordable cost starting from half dollar per month. No contracts or hidden fees also we offer a 30-day money-back guarantee.

Also, our Christmas deals will offer you high-quality services at a reasonable price and our basic plan will charge you for $4/year where you will get unlimited space and bandwidth.

Xmas and New year Promo codes:

XMAS60: 60% Flat Discount for all shared, reseller, and WordPress hosting plans
XMAS40: 40% Lifetime off for all shared, reseller, and WordPress hosting plans

Features offered with hostpoco.com:

~ CloudLinux OS
~ NVMe SSD storage
~ Apache Webserver
~ Raid-10
~ 1GB/s connection speed .
~ cPanel
~ JetBackups
~ Weekly/ Daily backups
~ Auto script installer – Softaculous Pro.
~ 99.9% uptime guarantee.
~ Cloudflare
~ SitePro Website Builder
~ Powerful Attracta SEO Tools
~ Imunify360 – Web Server Security Ultimate Solution
~ Website Templates
~ MailChannels
~ Ruby on Rails
~ ModSecurity
~ MultiPHP Manager
~ SitePad Builder
~ 30 days moneyback guarantee.
~ 24/7 Helpdesk
~ Free SSL certificates- Let’s Encrypt
~ Free site migration

More info: https://hostpoco.com/deals/

Thank you.

web hosting – How do I continuously run and host Node.js script on Heroku?

I currently want to deploy a website ranking API, and for that I need a web crawler. The thing is I want to keep the web crawler running 24/7 so it can continuously update the websites. However, with services like Heroku, after one hour the server stops. So all my crawling progress is gone and I have to recrawl. How do I host a Node.js script that is always alive on Heroku. If it is not possible, what else can I do?

web app – Why red and blue boxes in close proximity seems to shift position vertically under a dark background

At first I thought this was going to be a ‘contrast ratio’ or ‘colour difference’ effect from the 1 pixel darker borders (or maybe it’s just aliasing) around each button. But the coloured border effect is a constant colour all the way round, and the red button looks lower at the top and the bottom when compared to the blue.

So I suggest this is an effect called Chromostereopsis. It is usually observed using a target with red and blue bars and an achromatic background – exactly as you have here. You can perceive a positive or negative chromostereopsis when the red bars are perceived in front of the blue or vice versa, explaining why some people might see the red button higher or lower than the blue.

The visual effect may be a result of chromatic aberration resulting from “the differential refraction of light depending on its wavelength, causing some light rays to converge before others in the eye”. But you can read plenty more about it below, rather than me pasting chunks of the internet! 🙂

Ref: https://en.wikipedia.org/wiki/Chromostereopsis

web scraping – Is there a publicly accessible API for credit card rewards data?

I’m trying to create a credit card comparison tool similar to Ratehub’s and Greedyrates’

https://www.ratehub.ca/credit-cards

https://www.greedyrates.ca/

Do major card networks like Visa, Mastercard, American Express have APIs that I can use to retrieve up-to-date data for comparison? How do the sites above get their data to compare credit cards?

[Dreamwebhosts] – $1 Linux Web Hosting | Free SSL & Domain

DreamWebHosts is a premium hosting provider that provides web hosting solutions of all types. We make sure your website is fast, secure, and always up so that you stay focused on what you do best. We offer everything that you need to build, host, and manage a website. Our top priority is to provide the best website hosting experience to our clients at an affordable cost.

Quote:Save 50% on Linux web hosting plans. Enter promo code DWHSTARTUP50 during checkout. Renewal would be at a regular price.

Server Locations: United States

Below is the list of SSD Hosting plans:-

Starter Plan:-
Host 1 Domain
5 GB SSD Space
50 GB Bandwidth
Free SSL Certificate
Softaculous (One-Click App Installation)
10 Databases
>>>> Price: $1.00 /month – Buy Now

Advance Plan:-
Host Multiple Domains
10 GB SSD Space
100 GB Bandwidth
Free SSL Certificate
Softaculous (One-Click App Installation)
30 Databases
>>>> Price: $2.99 /month – Buy Now

Ultimate Plan:-
Host Unlimited Domains
Free Domain (For Annual Subscription)
25 GB SSD Space
Unlimited Bandwidth
Free SSL Certificate
Softaculous (One-Click App Installation)
Unlimited Databases
>>>> Price: $4.99 /month – Buy Now

Free Add-ons provided with all plans:-

SSL Certificate

  • Sectigo Domain SSL – $7.80 /yr
  • Let’s Encrypt SSL – Free


Website Backup Service
Contact us: (email protected)
Payment Methods: Paypal, Credit Card and Master Card
Billing and Guarantee: No contracts or hidden fees. We even offer a 30-day money-back guarantee.
__________________
DreamWebHosts | Best And Affordable Web Hosting Provider
Hosting: Shared | Reseller
VPS Server: Linux VPS | DirectAdmin VPS | Plesk VPS | cPanel VPS | Storage VPS
Addons: Block Storage | SSL Certificates

Dreamwebhosts is Best and affordable Web Hosting Provider. Get Unlimited Space, Bandwidth, Free Domain, SSL, 24×7 Support and 30 days Money Back.

web crawlers – Could allowing our images to be indexed hurt our web search rankings?

We are trying to solve some issues related to our SEO. When we compare ourselves to our competitors who are higher that us in SERPS, other than more backlinks (not much more), we don’t see any significant differences. One thing that caught our attention, though, is that images are not being indexed for our competitors and they are for our site. So, we don’t really know if it may be affecting our rankings.

So, the question is, is it possible that having multiple images and not preventing them from being crawled is affecting our rankings because, for some reason, our crawl budget is exceeded due to the images?

For video playback from cloud, would a properly written native mobile app be faster than a web app run on Android?

I want to develop a backend cloud service that delivers full color compressed videos (as high def as possible) to Android smart phones for streaming playback. Would I get better playback if I properly develop a native mobile app or if I simply use the browser, maybe with some scripting, to access and play the video? I want the highest bandwidth playback I can get. Thanks!

architecture – Is it a good idea to have separate instances for the public API Server and API Server used by the Web App?

I’ve built a React Web application with an Express REST API server and Firebase Auth. Also, Nginx is set up as a reverse proxy, so API calls from React to https://mydomain.com/api are routed to backend http://localhost:8002.

Now I want to publish part of my APIs under https://api.mydomain.com with an API Key scheme. I’ve modified the Express server so it can handle both auth schemes based on Authorization header (i.e. Bearer for Firebase, ApiKey for API Key).

The question is: Is it a good idea to have separate backends serving Web App and Public APIs? What benefits could it bring? Or should I direct API calls from the Web App to api.mydomain.com to keep setup simple?

Thanks in advance