Reputation: 137
A simple data storage schema to restrict public access
I have been working on a library which enable a website to add a comment section to their website.
The idea was to keep it as lightweight as possible thus I preferred to use JSON for basic data storage like comment's message, website and username. All of these data is public and can be access directly via JSON. I don't mind this since comments are going to get display publicly anyway.
However, the problem arises when I want a user to be notified when someone replies to their comment. Email is there in input field but I don't want it to be stored in the public JSON file. Is there any other server side data storage schema where I can store the email privately and at the same time use those emails from server side scripts to send email?
MySQL and others will make the library clunky, so that's out of the list.
Or even beside these conditions is there any other possible way to do this?
Upvotes: 11
Views: 235
Answers (5)
Reputation: 6933
Assuming there will be a mail server involved, can you host a web service with two endpoints?
Endpoints:
- sends emails; takes an sender guid instead of an email address
- stores an email; takes an email address and returns a sender guid
This web service could then be used by your library from any www accessible server. At the web service host the emails could be stored in the format of your choice. You will also want to secure you web service to prevent others from triggering mail notifications.
Upvotes: 1
Reputation: 23
Why not just use a .htaccess in a directory where the data is stored and use something like "Deny from All"?
Your scripts could access then, but no user's browser.
Upvotes: 1
Reputation: 978
What you need is APIs and not a data source. A data source is a truth where all data lives. Like in your example, if you have email in your data, it will always be there. Unless you keep email field separately.
The way is to create api that will output required data from JSON files (or database). You can choose to hide the data that you don't want to show. This way, you only expose the api, instead of the file name directly, which has risks of being modified or altered or hacked very easily.
Other way without using API is to have multiple JSON files. One file will have basic data, and other will have confidential data, along with a foreign key like unique key that'd map the confidential or other data with the main record.
Example: Comments.json:
{
"comments": [{userId: 1, ...},{...}]
}
CommentDetails.json
{...}
Users:
[
1: {"username": "", "email": "[email protected]",...}
]
Upvotes: 4
Reputation: 575
Create a second JSON file, or CSV file for that matter, which is kept private, that maps users to their emailIDs.
Interesting project you are attempting, btw. Good luck!! :)
Upvotes: 1
Reputation: 6302
You can use a database like MongoDB, that stores JSON documents, to keep the data of users and comments.
Then, the users collection will not be sent completely to the user, filterint the emails and other sensitive data.
Upvotes: 1
Related Questions
- Storing JSON objects without local storage?
- Hidden html table for data storage
- JSON Data Storage
- Best Server-Side Data Storage Method for Simple Data
- How do I store JSON data on a disk?
- JSON vs DATABASE
- How can I make the JSON data accessible only to my java script?
- Using a JSON file to store a small database persistently, in javascript
- Best way to use JSON as a database?
- The Javascript Datastore Problem