Yes, this will limit what the malicious agent can do. They can only write certain spurious event types to your EventServer. So basically anything the client can write, a malicious agent can write. We rely on this being highly unlikely. It is a type of “security by obscurity”
When using PIO from an application server there is no way for a malicious agent to get your access key and the client does not need to provide it, only your app server. So I always recommend this approach where possible. On Apr 10, 2017, at 8:32 AM, Donald Szeto <don...@apache.org> wrote: You can also create access keys for existing apps that have write permissions to certain event names only. It is useful for client side event collection, and is how some major analytics vendor JS SDKs limit client side keys from polluting your event log. Please take a look at `pio help accesskey` for details. On Mon, Apr 10, 2017 at 8:13 AM Pat Ferrel <p...@occamsmachete.com <mailto:p...@occamsmachete.com>> wrote: using Javascript from the client is a problem because you will make it possible for some malicious agent to see your access key by examining your client code. Although PIO support SSL it does not have an authentication mechanism so a malicious agent could use this access key to screw up your data. It is only safe to have PredictionIO accessed from a trusted application server, not a client. So though there may be android (Java), iOS, and Javascript SDKs please be aware of the security implications of connecting from mobile devices or browsers. On Apr 10, 2017, at 5:43 AM, Mohamed Zouga <moha...@wizacha.com <mailto:moha...@wizacha.com>> wrote: This code seems as a good start indeed, is this somewhere on GitHub ? so i could put some additional stuff or even some modifications ! 2017-04-10 14:32 GMT+02:00 Gustavo Frederico <gustavo.freder...@thinkwrap.com <mailto:gustavo.freder...@thinkwrap.com>>: You can use this as a starting point. Gustavo var _recommendationInner = { baseAjaxPromise: function (theData, url) { return new Promise(function (resolve, reject) { $.ajax({ type: 'POST', url: url, data: JSON.stringify(theData), contentType: 'text/plain', xhrFields: { withCredentials: false }, dataType: "json", success: function(data) { resolve(data); }, failure: function(errorMsg) { console.error('Error ' + errorMsg); reject(); } }) .done(function(data) { resolve(data); }) .fail(function(jqXHR, textStatus) { console.error("error : " + textStatus); console.error("error status text: " + jqXHR.statusText); console.error("error status: " + jqXHR.status); reject(); }); }); } }; var Recommendations = new function() { this.set = function(accessKey, eventsUrl, queriesUrl) { Recommendations.eventsUrl = eventsUrl + '/events.json?accessKey=' + accessKey; Recommendations.queriesUrl = queriesUrl + '/queries.json?accessKey=' + accessKey; }; /** Events **/ var viewProductPromise = function(user,product) { var data = { "event": 'view', "entityType": "user", "entityId": user, "targetEntityType": "item", "targetEntityId": product, "eventTime" : new Date().toISOString() }; return _recommendationInner.baseAjaxPromise(data, Recommendations.eventsUrl); }; var purchaseProductPromise = function (user,product) { var data = { "event": "purchase", "entityType": "user", "entityId": user, "targetEntityType": "item", "targetEntityId": product, "eventTime" : new Date().toISOString() }; return _recommendationInner.baseAjaxPromise(data, Recommendations.eventsUrl); }; /** Queries **/ var getGeneralRecommendationsPromise = function (number) { var data = { "num" : number }; return _recommendationInner.baseAjaxPromise(data, Recommendations.queriesUrl); }; var getRecommendationsForUserPromise = function (user) { var data = { "user" : user }; return _recommendationInner.baseAjaxPromise(data, Recommendations.queriesUrl); }; var getRecommendationsPromise = function (user,contextProduct,category) { var fields = []; if (category) { fields.push({ "name": "category", "values": [category], "bias": -1 }); } var data = { "user" : user, "item" : contextProduct, "fields" : fields }; return _recommendationInner.baseAjaxPromise(data, Recommendations.queriesUrl); }; /** Events **/ this.purchase = function (user,product,quantity,amount) { return purchaseProductPromise(user,product,quantity,amount) .then(nil => { return nil; }) .catch(error => { throw error; }); }; this.viewProduct = function (user,product, isStrong = false) { return viewProductPromise(user, product, isStrong); }; /** Queries **/ this.getGeneralRecommendations = function (number) { return getGeneralRecommendationsPromise(number); }; this.getRecommendationsForUser = function (user) { return getRecommendationsForUserPromise(user); }; this.getRecommendations = function (user,contextProduct,category) { return getRecommendationsPromise(user,contextProduct,category); }; }; On Mon, Apr 10, 2017 at 8:31 AM, Vaghawan Ojha <vaghawan...@gmail.com <mailto:vaghawan...@gmail.com>> wrote: Hi, Ok, in that case I am currently not aware of any js SDK like you wanted. Someone else may help. Thanks On Mon, Apr 10, 2017 at 6:14 PM, Mohamed Zouga <moha...@wizacha.com <mailto:moha...@wizacha.com>> wrote: @vaghawan : i don't want to go posting my accessKey allover my requests and writing verbose code when all i might use is a function with one parameter or so. @ Marius : Why have 3 dependencies (3 more files, supposing those files don't have additional dependencies...) when i can use just Ajax to send my events and requests so any JS SDK out there ? 2017-04-10 14:23 GMT+02:00 Marius Rabenarivo <mariusrabenar...@gmail.com <mailto:mariusrabenar...@gmail.com>>: Hello, The NodeJS SDK has the following dependencies : lodash request bluebird You can download them if you want. Regards, Marius 2017-04-10 16:18 GMT+04:00 Mohamed Zouga <moha...@wizacha.com <mailto:moha...@wizacha.com>>: I'am using PredictionIO in a web site, and i want to send the event using Javascript (instead of PHP) is there any know SDK JS for PredictionIO (lastest) ? i found some outdated ones in Github, i didn't want to rush into coding one from scratch until i'am sure there is no existing ones, thank you P.S : I know there is a NodeJS SDK, i don't have npm and i don't want any dependencies. -- Mohamed ZOUGA Stagiaire Data Scientist, Wizaplace moha...@wizaplace.com <mailto:e...@wizaplace.com> | http://www.wizaplace.com <http://www.wizaplace.com/> <https://www.linkedin.com/in/zouga-mohamed-44b02974/> -- Mohamed ZOUGA Stagiaire Data Scientist, Wizaplace moha...@wizaplace.com <mailto:e...@wizaplace.com> | http://www.wizaplace.com <http://www.wizaplace.com/> <https://www.linkedin.com/in/zouga-mohamed-44b02974/> -- You received this message because you are subscribed to the Google Groups "actionml-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to actionml-user+unsubscr...@googlegroups.com <mailto:actionml-user+unsubscr...@googlegroups.com>. To post to this group, send email to actionml-u...@googlegroups.com <mailto:actionml-u...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/actionml-user/CAGRFSSOcpSctEN5up894VAbG_qorUOpUFE5FtA9ZTLFMdyXwGA%40mail.gmail.com <https://groups.google.com/d/msgid/actionml-user/CAGRFSSOcpSctEN5up894VAbG_qorUOpUFE5FtA9ZTLFMdyXwGA%40mail.gmail.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/d/optout <https://groups.google.com/d/optout>. -- Mohamed ZOUGA Stagiaire Data Scientist, Wizaplace moha...@wizaplace.com <mailto:e...@wizaplace.com> | http://www.wizaplace.com <http://www.wizaplace.com/> <https://www.linkedin.com/in/zouga-mohamed-44b02974/> -- You received this message because you are subscribed to the Google Groups "actionml-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to actionml-user+unsubscr...@googlegroups.com <mailto:actionml-user+unsubscr...@googlegroups.com>. To post to this group, send email to actionml-u...@googlegroups.com <mailto:actionml-u...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/actionml-user/CAF%3DHCxR5nr78%3D5%3DwQFpajT%2BOx4XDxJJpf544NU3A%2B8A%3Dvv4c5w%40mail.gmail.com <https://groups.google.com/d/msgid/actionml-user/CAF%3DHCxR5nr78%3D5%3DwQFpajT%2BOx4XDxJJpf544NU3A%2B8A%3Dvv4c5w%40mail.gmail.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/d/optout <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "actionml-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to actionml-user+unsubscr...@googlegroups.com <mailto:actionml-user+unsubscr...@googlegroups.com>. To post to this group, send email to actionml-u...@googlegroups.com <mailto:actionml-u...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/actionml-user/CAD8z1JJRt-0O%3D0FEMoR6w9vjcq7LF5oPOwb5EEYG8QMs-ZP19Q%40mail.gmail.com <https://groups.google.com/d/msgid/actionml-user/CAD8z1JJRt-0O%3D0FEMoR6w9vjcq7LF5oPOwb5EEYG8QMs-ZP19Q%40mail.gmail.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/d/optout <https://groups.google.com/d/optout>.
