Activity
Mon
Wed
Fri
Sun
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
What is this?
Less
More

Memberships

Snappy Community

Public โ€ข 412 โ€ข Free

6 contributions to Snappy Community
What's your favorite Low-Code tool?
We are tech-agnostic here - my view is that the best tool for the job depends on the job. With that being said, what tool do you find yourself using the most? This could include Zapier, N8N, and more! Which of the following tools do you use most frequently in your work?
Poll
11 members have voted
3
14
New comment Sep 20
2 likes โ€ข Aug 28
@Daniel Migizi What's cursor?
1 like โ€ข Aug 28
@Daniel Migizi Wow, seems pretty cool. Btw, love the music selection f the main video hahaha
I've been learning about web security, here are some tips applied to no-code. (most backend, some frontend)
DISCLAIMER: I'm not a security expert at all, so takes everything I say here with a gram of salt and do your own research! Apart from securing your endpoints with security measures (like Xano Auth Tokens), I found some other concerns you may have when building webapps. The easy and basic (no-brainer recommendations): 1. Xano automatically builds CRUD operations (without authentication) for each table you create. Unless you need them, turn that option off (on the new table menu). If you don't, anyone with your Xano URL (which may be obtained from your frontend) can call them (guessing the table name, such as "user" or "payment" or "property" or whatever you called them) and do funny stuff like read all your records, use the ids to delete them, or edit them, or create new ones without any of your logics. 2. Unless you need them to be public, hide all your API docs; same as the past example. If someone has your XANO URL, and you don't turn off your API docs, they have a guide on how to call your APIs on your behalf. This is especially concerning if you don't set authentication for each API that does sensitive stuff, which takes us to the next tip. 3. Secure all your endpoints that return info or do sensitive operations on your backend, but more than that, only return info to an auth token about the id saved inside the auth token. For example, if you have an API that returns the property of a user, don't query by a given user_id on the JSON body, but by the user_id stored on the authtoken! Xano uses JWT encoded tokens, which means that the auth tokens can contain info, and they contain the id of the user by default, so ALWAYS query by that. If you don't, anyone with an authtoken can trigger APIs on behalf of other users just by changing the user_id on the JSON body. 4. Encrypt any sensitive data on your db (such as card numbers, or user identification documents, etc.), or even better, don't save any sensitive data at all. Research if you can make that save payment method process without actually saving the user card details, the majority of vendors (such as Stripe) allow you to handle tokens that represent user payment data, but they handle the actual payment data (and more than probably, they are better at doing so). 5. Be careful with how you save the authtoken on the frontend and give each token a short life (I think the default 1 day is ok for most, but depending on your project, you may require longer or shorter).
3
4
New comment Aug 26
I've been learning about web security, here are some tips applied to no-code. (most backend, some frontend)
1 like โ€ข Aug 25
Link to the post on LinkedIn if you want to help me sharing it :D https://www.linkedin.com/posts/juan-carlos-barrera-pinilla-16b13419b_ideas-on-web-security-on-no-code-tools-disclaimer-activity-7233409373954318337-tc7j
2 likes โ€ข Aug 25
@Likhika Routray Thanks for sharing, Likhika! I'll give a look to the video you sent
Owen Wilson Wow App Built in WeWeb
Today I spent a lot of time reading the WeWeb docs and then I built this unstyled app that connects to an external api to dynamically render content on the page. Here is the link to the api if you want to play around with it yourself https://owen-wilson-wow-api.onrender.com/
3
3
New comment Aug 23
Owen Wilson Wow App Built in WeWeb
1 like โ€ข Aug 22
I just learnt Owen Wilson is the voice of Mcqueen hahahaha
Me parece interesante esta comunidad... alguno habla espaรฑol?
Hola Grupo, alguno de habla espaรฑol? Me serรญa mucho mรกs cรณmodo y dinรกmico si alguno habla espaรฑol... caso contrario, no hay problema, sigo en inglรฉs. Saludos!!
3
9
New comment Sep 5
1 like โ€ข Aug 22
Hola Alejo! yo de Colombia pero ando viviendo en Sydney jaja
Connecting Webflow and Xano without Wized using custom code generated by Claude
I played with Claude over the weekend and got my webflow form data to send to my Xano backend without using wized. I recorded a video showing the demo and I wrote a blog post that shares the code I am using to intercept webflow form submission so that it lands in my xano backend. I usually use wized to connect my form data to xano but this time I just pasted javascript into the body tag on the page with the form. Here is the blog post with the code
4
7
New comment Aug 22
Connecting Webflow and Xano without Wized using custom code generated by Claude
2 likes โ€ข Aug 22
Pretty cool, Daniel! Recently I had a similar experience, I handled form errors on client side inside a webflow project with some js, it's really basic stuff, but maybe it can serve you web-dev-udemy-course/js playground/contentValidation.js at main ยท Pakas342/web-dev-udemy-course (github.com) At the end, on: // Form submission execute Xano Request if (!hasErrors) { Wized.requests.execute("step2"); } Instead of executing the wized request, add the fetch request to xano I feel like coding on webflow to avoid wized may be a good approach for specific things, the issue is that it implies publishing the project every time you wanna change the code (A solution for that may be host your code somewhere and add the script tag inside the last part of the body tag on webflow)
1-6 of 6
Juan Barrera
2
5points to level up
@juan-barrera-4024
WWX Dev

Active 79d ago
Joined Jun 18, 2024
powered by