i just don't understand what use for the Group .

General Discussion

Suggested Topics

  • 0 Votes
    6 Posts

    The sidebar widgets I believe are custom HTML blocks.

  • 0 Votes
    6 Posts

    I too have problem with uploading and could you find a solution for this

  • 0 Votes
    1 Posts

    Could have some NobeBB sessions so we can all join 😉

  • 0 Votes
    1 Posts

    While browsing the 'net, I found a neat little IETF draft standard called JWT (JSON Web Tokens).

    Basically, the idea is that instead of having sessions on the server and a cookie to match a HTTP request to one of those sessions, one or more claims (i.e. user ID or admin status) are stored in a JSON object which is then signed by the server. (currently through either HMAC, RSA or ECDSA)
    The client then stores this in usually either localStorage or sessionStorage and sends it along in an HTTP header with any request requiring authorization.

    For example:

    client logs in with username "Example" and password "password" server if user and password match, issue a JWT containing the payload { 'userId': 47 } and send it to the client client stores the JWT in sessionStorage (later) client creates a new topic and sends the JWT along in the Authorization HTTP header server validates the signature in the JWT from the Authorization header with their own secret/key and if it's OK, uses the data from the JWT in the processing of the request
    (in this case, the userID of 47 is used as creator of the topic)

    Pros of JWT:

    The server doesn't need to store sessions!
    => less load on the server
    & no shared session store is needed when scaling horizontally as long as all instances share a secret or public/private keypair No cookies => no CSRF!


    XSS becomes more dangerous - any malicious script with access to the client's localStorage or sessionStorage for a site can fully impersonate the user until the token expires or is deletes

    There might be more cons & pros, I am neither good nor experienced enough to fully understand everything 😛

    ("everything" is a lot though, I do have trouble with way less than that 😒 anyway, don't take my words for granted, do your own research, etc. etc. you know the drill 😛 )

    Some links:

    General introduction: http://angular-tips.com/blog/2014/05/json-web-tokens-introduction/ Slightly more detailed introduction with INFOGRAPHICS(ish): https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/ Web-based token decoder: http://jwt.io/ Express middleware: https://www.npmjs.com/package/express-jwt
  • 0 Votes
    11 Posts

    @kimmanuel what I meant that it's too fast for the user to see it.

    just use the Custom JS and try it out. It'll work, i already edit the menu items here: http://forums.afraidtoask.com/

    Right click and view-source (or if you're in chrome click here) and you'll see the Custom JS script tag that reverses the menu items, hides the icons, shows the text instead and it adds a new item called "Home"

    <script> $(function() { var ul = $("ul#main-nav"); var items = ul.find("li"); items.each(function(i, li){ li = $(li); li.find("a>i").addClass("hide"); li.find("a span").removeClass("visible-xs-inline"); }); ul .append(items.get().reverse()) .prepend('<li><a href="http://www.afraidtoask.com" title="" target="_top" data-original-title="Home"><i class="fa fa-fw fa-home hide"></i><span class=""> Home</span></a></li>'); }); </script>