Simple LUA -> addon site
So I made this simple page:
http://addon.bool.no/ My question to you is, how could I make it better -as in more easy to use? Any ideas are welcome. I know there are many guides how to make macro into addon and such, but I think that many are simply "cba" to do it, too much work, so they ask others to. With a page that does it for you and gives you an zip like any other addon you download, maybe it helps a bit, don't know, that's why I ask for feedback. :3 |
Quote:
one of the things im missing. is this; Nice! one of the things im missing. is this; |
Hide the toc until someone really wants to change it.
The toc is not for beginners who just make a makro into an addon ;) But I like the idea but fear you as a single person will have trouble when the bad guys notice you could give them access to wow users. |
Without login credentials or really info storage of any kind, there's nothing for them to poke around for to cause trouble.
I had an idea on my own site that would do the reverse of this. It would take the addons I created and uploaded, and allow a visitor to browse through the code before downloading it. The addon would be stored in a zip archive and the PHP script would directly read the files inside to accomplish this. |
So the ideas are;
(1) Syntax highlight for the lua code, may be tricky but I'll look into it. (2) Do not show toc until really needed, so I could use the folder name as base for toc title unless it is specifically edited on request, some show/hide button thingy on the toc step. As for safety, the file is automatically created and as soon the zip is either canceled or downloaded, the file is removed from the system. There is nothing to steal, except maybe accessing http://addon.bool.no/cache for the latest interface version, it's automatically updated from Blizzards latest patch note page. ;) |
If you don't want users in a specific directory tree and are using the Apache server (don't know of other servers support it), you can drop the following lines in a .htaccess file in the directory.
Code:
Order deny,allow |
With security I dont mean password or addon informations.
Your site delivers a file that will be opened and placed in a "predictable" path. So if someone manages to break into your site or injects malicious code this could offer possibilities for an attack. Unlikely, I know ... but worth mentioning I thought ;) |
@SDPhantom: I know, but I don't mind anyone accessing the cache file itself, it just keeps and up to date version number and I'd even like to perhaps use it myself for some other projects, hehe. Only a couple of bytes of bandwidth. The other files are only what is essential to the site so not much to hide. No ZIP is stored either so the only way one could download someone elses ZIP is to know their IP and at the exact time of the submit request also start their own request to simultaneously download the file before the original user finishes the stream and the file is removed. :D
@Rilgamon: But isn't that like saying "if the site is hacked they can put trojans in the script so every user gets infected by it" -isn't that a flaw that any download system shares, heck even every website? :P I think we can't all live in fear all the time, you might as well just not use the internet if you are afraid. Every popular site is a target really, not sure how you can defend yourself as a customer... I kind of have to rely on my deliverer to set up the security for me. |
:) Fear is what makes us better ... its driving our creativity ;)
|
But again, what can I do to make it more safe? :P I can only hope that my host does it for me, mean, I pay them for this service. ;)
|
Quote:
EDIT (Cause of Vlad, dammit) There's no reason not to trust WoWInterface as the staff do a great job. |
Wimpface delete that please. It's true, but many other readers may take this the wrong way and start to suspect this site even if it's hypothetical or just an statement... you know how public relationships are... I feel someone from the staff will have to reply to you in a long post just to explain to the every day browser of the site to not be alarmed about this, and it's true, they shouldn't be alarmed, the site is well monitored. :)
|
Quote:
|
Quote:
|
Quote:
|
*Smells the admins lurking around this thread.*
|
So, shall I make that long post you guys are half expecting to show up? ;):p:D
|
Quote:
|
*chuckles*
|
Quote:
Or is that justice? |
Quote:
|
This thread is getting severely derailed. Security concerns are ok, but there's a point where it's just grasping at straws to prove a theory.
The more autonomous a site is, the more difficult a hack would be. Vlad's site would have no backend to hack. There's no need for one to exist. The hacker would either need direct access to the server's filesytem or a method to hijack DNS servers to point to their own server. Packetsniffing is a moot point since the entire infrastructure of the internet is based on devices that route packets that are marked to go to X network specifically through port Y. The only way packetsniffing may be a problem is if the user is on a public wireless network, in which the entire communication is broadcasted with no encryption and no control over what receives it. |
I recently updated the site to use jszip so the whole thing is now done in the browser and nothing is being sent to the server.
I agree that having a site that supposedly does something "as simple as zipping up some plain text" should not need a server to take the request and package the zip for you, but back in 2011 I don't think this functionality was mature enough to utilize. Anyway I did redesign the layout a bit and for now dropped showing the extra TOC fields since it's probably not the biggest reason someone would use it anyway. If you have some suggestions I wouldn't mind to see if I can implement them. |
I for one will miss the ability to see/adjust the .toc "on site".
When sending someone to addon.bool.no (which happens semi-regularly on the WoW UI and macro forum) it's quite easy to describe what they will see/click/do all in one place and not have to add "and now open the addon folder, find the .toc file, open in an editor, yes, notepad will do.......... Which is also a back handed way of saying thank you for keeping the site going, it is greatly appreciated and a great resource to the community :banana:. |
All times are GMT -6. The time now is 08:56 PM. |
vBulletin © 2024, Jelsoft Enterprises Ltd
© 2004 - 2022 MMOUI