A simple data storage schema to restrict public access

Asked 17/10, 2017 at 5:17 Answered 27/10, 2017 at 20:4

Solved javascript json database server-side data-storage

I have been working on a library which enable a website to add a comment section to their website.

The idea was to keep it as lightweight as possible thus I preferred to use JSON for basic data storage like comment's message, website and username. All of these data is public and can be access directly via JSON. I don't mind this since comments are going to get display publicly anyway.

However, the problem arises when I want a user to be notified when someone replies to their comment. Email is there in input field but I don't want it to be stored in the public JSON file. Is there any other server side data storage schema where I can store the email privately and at the same time use those emails from server side scripts to send email?

MySQL and others will make the library clunky, so that's out of the list.

Or even beside these conditions is there any other possible way to do this?

Quintuplet answered 17/10, 2017 at 5:17 Comment(9)

Firebase may work for you. (You can use the Realtime Database to store your JSON and Cloud Functions to send the emails) – Requisition 21/10, 2017 at 17:53

What I am creating is actually a library that can be used by anyone on their webpage. In this situation using Firebase is quite complex. – Quintuplet 22/10, 2017 at 4:25

LevelDb looks promising. From the readme, the raw size is around 110.6 MB. – Moule 22/10, 2017 at 17:43

If you don't want to use a database and you prefer just simple json files, create 2 json files. One is public and doesn't include emails. You will need to add a comment id to each of the comments. Then, in a different json file, that will be private, you will have a list of ids related to emails. And thats it. – Extrovert 22/10, 2017 at 21:25

@RomanCortes I do want to create a separate JSON for emails, that was the plan from beginning. Although now you said about making this JSON a "private" I did some readings and found that this indeed is achievable with php.ini and .htaccess etc. There are several ways but can you suggest any ideal way which might suit a library? – Quintuplet 23/10, 2017 at 9:11

Oh, now I fully understand what you are trying to achieve. So, I have a solution for it: instead of creating a json file for storing the passwords, create a server script file! If you are using php, the file would be passwords.php, and you would be generating php code on it, so it would not be visible if you run it from the client, but it would be visible when included in the server side. – Extrovert 23/10, 2017 at 9:22

I guess you mean email by passwords. And yeah, I guess I can update a PHP file with Dictionary (alternate of JSON) with another PHP script and it won't be needing any kind of access configuration unlike alternate JSON file. – Quintuplet 24/10, 2017 at 6:2

be warned that, except on really small sites, using files in that way you will have a lot of problem with disc IO bettleneck, file read/write concurrency and similar... it's not a really good practice – Dayledaylight 27/10, 2017 at 13:39

You should consider a plug-in like disqus.com where you have the functionality but the 3rd party takes care of the details. – Chaunce 27/10, 2017 at 19:45

What you need is APIs and not a data source. A data source is a truth where all data lives. Like in your example, if you have email in your data, it will always be there. Unless you keep email field separately.

The way is to create api that will output required data from JSON files (or database). You can choose to hide the data that you don't want to show. This way, you only expose the api, instead of the file name directly, which has risks of being modified or altered or hacked very easily.
Other way without using API is to have multiple JSON files. One file will have basic data, and other will have confidential data, along with a foreign key like unique key that'd map the confidential or other data with the main record.

Example: Comments.json:

{
  "comments": [{userId: 1, ...},{...}]
}

CommentDetails.json

{...}

Users:

[
  1: {"username": "", "email": "[email protected]",...}
]

Sigismondo answered 27/10, 2017 at 13:24 Comment(0)

You can use a database like MongoDB, that stores JSON documents, to keep the data of users and comments.

Then, the users collection will not be sent completely to the user, filterint the emails and other sensitive data.

Sapir answered 21/10, 2017 at 20:35 Comment(1)

I have already mentioned my issue regarding the databases - "MySQL and others will make the library clunky, so that's out of the list". Besides if nothing really comes up I have decided to go with SQLite since it suits best with PHP anyway. Thanks for the suggestion btw :) – Quintuplet 22/10, 2017 at 4:22

Create a second JSON file, or CSV file for that matter, which is kept private, that maps users to their emailIDs.

Interesting project you are attempting, btw. Good luck!! :)

Lido answered 23/10, 2017 at 7:35 Comment(0)

Why not just use a .htaccess in a directory where the data is stored and use something like "Deny from All"?

Your scripts could access then, but no user's browser.

Demoralize answered 27/10, 2017 at 14:11 Comment(0)

Assuming there will be a mail server involved, can you host a web service with two endpoints?

Endpoints:

sends emails; takes an sender guid instead of an email address
stores an email; takes an email address and returns a sender guid

This web service could then be used by your library from any www accessible server. At the web service host the emails could be stored in the format of your choice. You will also want to secure you web service to prevent others from triggering mail notifications.

Munition answered 27/10, 2017 at 20:4 Comment(0)

Recommended topics

Hot tags