does anyone here know how to make an API URL only accessible via GET requests on a specific website and not available by viewing the page itself?
this is what i mean:
if you try to view the page manually, that doesn’t work
anything other than a GET request doesn’t work either
and GET requests only go through on a specific website
the situation is:
im making a social media called bit talk, but the thing is
all the data is held in one big JSON file, including every user’s login info.
since the JSON file is stored outside of the /site folder in my replit project, i cant access it without an API endpoint (i think)
i want to make the endpoint private so nobody can login to anyone else’s accounts
if you know how to get a JSON file from outside the main folder please tell me
../toleavefolders.json
but please just learn a real database, json databases are only for extreme prototypes and really really really small projects that don’t handle login data. Also just making sure, you hash & salt passwords, correct?
would you recommend using google firebase or something else?
not yet, right now passwords are only base64 encoded. i’ll look into hashing and salting though
1: dunno mongo at least
2: that’s a major security flaw in every way possible, make that top of your todo list, and that’s a really big privacy concern
done with hashing and salting!
also, the passwords have been moved to a json file that is not publicly available unless you have the source code for the server itself. hopefully that works.