Navigation

    APPDRAG Community

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Popular

    REMINDER

    Please be respectful of all AppDragers! Keep it really civil so that we can make the AppDrag community of builders as embracing, positive and inspiring as possible.

    Do I really have to learn to code to do anything useful?

    General Discussion
    3
    14
    1302
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Academy for Certification - Training Ltd last edited by

      Will there be more pre-built functions and code-snippet that I can access without having to learn to code from scratch?

      I am a content writer, not a coder. and it seems that in order to have features like membership areas, discussion forums, product reviews etc I have to start learning to code and become a fullstack developer. I am missing something or is this more of tool for those who are more technical minded. I like the page builder functions but when I want to add a new feature I really have no interest in learning a whole programming language to do so. Thats why so many people use tools like wordpress where someone else designs the plugins that add functionality. Also I dont understand how building my own account area and membership login functionality is secure. I have no idea if the code that I am writing can be hacked or is vulnerable in another way. Seems like there should be a lot more pre-coded functionality available for me to use in the page builder.

      I welcome your opinions...

      1 Reply Last reply Reply Quote 2
      • T
        Thomas D last edited by Thomas D

        You're right, this isn't a good system for those that can't code.

        The point about rolling our own DIY authentication is a very valid point and concern, even if you do know how to code.

        A 1 Reply Last reply Reply Quote 2
        • T
          Thomas D last edited by Thomas D

          I thought about making an authentication plugin, but that would involve external infrastructure which would make it expensive (Since we cannot wire up a complete back-end when installing plugins in Appdrag).

          It's annoying because Appdrag doesn't seem to want to solve it themselves by building it in from the get-go.

          Joseph Benguira 1 Reply Last reply Reply Quote 1
          • A
            Academy for Certification - Training Ltd @Thomas D last edited by

            @ThomasD Thank you for your contribution. DIY modules are very risky. I have paid for a site to be built on a number of occasions and every time within a few months varios code exploits were identified and exploited. I simply wouldnt trust the security of a secure area that I built myself.

            1 Reply Last reply Reply Quote 1
            • T
              Thomas D last edited by Thomas D

              @Academy-for-Certification-Training-Ltd

              And for good reason, security issues in the Video guide:

              1. The eMail input is not checked for validity.
              2. Token is not payload size checked (Doesn't matter in this case)
              3. Same with Password input (Probably checked on DB Layer)
              4. Token is always the same, should be unique for every session
              5. Token can be stolen via javascript (Example, any script you add to the site, like chat, can grab the token and re-use it to authenticate). Better would be a secure cookie, that cannot be stolen using scripting.
              6. Session lifetime is infinite, it never expires.
              7. Token is in plaintext, should be encrypted and hashed with secret internally to verify it's validity (Preferably use JWT instead).
              8. Protecting secret content with javascript, disable javascript and anyone can access the page content.
              9. eMail is not verified by link (As should be done with a one-time JWT token)
              10. Logins aren't rate-limited, so someone can brute-force it until you run out of API function time - thus, no one can login any more until you pay for more API time, rinse and repeat...

              So why am I still using it?
              Because we've built our own authentication system that we're going to use.

              1 Reply Last reply Reply Quote 1
              • Joseph Benguira
                Joseph Benguira @Thomas D last edited by

                @ThomasD FYI we do have plans to add a premade auth system for Authentication, but as ALL premade components it will be limited in terms of features and customization.

                Our process is to always focus first on having fully customizable solutions with source code and with cloud backend
                then later we do create plugins based on that.

                T A 2 Replies Last reply Reply Quote 2
                • T
                  Thomas D @Joseph Benguira last edited by Thomas D

                  @Joseph-Benguira That's great! When I inquired about it the past xx times, it wasn't on the table. Glad to see it coming up 👍

                  The customization is what what I love most about this system and why we choose it, but the majority of sites we'll create won't need customized authorization.

                  And I'm sure very few in total will need it. For example, being able to check if the user is currently logged in, inside of an API function, goes a long way and don't need custom authorization layer.

                  1 Reply Last reply Reply Quote 0
                  • A
                    Academy for Certification - Training Ltd @Joseph Benguira last edited by

                    @Joseph-Benguira Are user discussion forums on the roadmap? Also is there a link to the roadmap, it might answer many more questions

                    T 1 Reply Last reply Reply Quote 0
                    • T
                      Thomas D @Academy for Certification - Training Ltd last edited by Thomas D

                      @Academy-for-Certification-Training-Ltd

                      Forums is way too difficult to make usable, I'd rather they focus on what's currently in the system.

                      There's basically only two forums businesses host these days, NodeBB, PHPbb with vBulletin still hanging on. I always recommend NodeBB (Like Appdrag is using now), but it has to be properly managed.

                      A 2 Replies Last reply Reply Quote 0
                      • A
                        Academy for Certification - Training Ltd @Thomas D last edited by Academy for Certification - Training Ltd

                        @ThomasD There was a recent request for a How to section to be added to the community. I think the idea is sound for someone like me who is more interested in how to implement a specific feature, even if that means using a third party tool or software solution rather than getting instructions on how to code it myself. Having a learning academy is nice but ultimately I want the end result and not how to get to the end result.

                        T 1 Reply Last reply Reply Quote 1
                        • T
                          Thomas D @Academy for Certification - Training Ltd last edited by

                          @Academy-for-Certification-Training-Ltd

                          Yeah, I have a list of articles I'm meaning to add to the How-To section, that's why I suggested it.

                          Just need to finish the project I'm currently working on.

                          A 1 Reply Last reply Reply Quote 2
                          • A
                            Academy for Certification - Training Ltd @Thomas D last edited by

                            @ThomasD I wait with bated breath 🙂

                            1 Reply Last reply Reply Quote 1
                            • A
                              Academy for Certification - Training Ltd @Thomas D last edited by

                              @ThomasD Does NodeBB also apply to commenting on blog posts or is that something different?

                              T 1 Reply Last reply Reply Quote 0
                              • T
                                Thomas D @Academy for Certification - Training Ltd last edited by

                                @Academy-for-Certification-Training-Ltd That's different, I'd suggest adding Disqus script widget or the Facebook Comments script widget.

                                Facebook adds some advantages like marketing targets and segmentation based on visits, but it could also be blocked by Firefox and Adblockers these days.

                                1 Reply Last reply Reply Quote 1
                                • First post
                                  Last post