You might not need to store plaintext email addresses

Earlier this year, when I went from having only Facebook-login on Wishy.gift to allow registrations with email address and password, one of my concerns was how to implement this is a way that protects the data and privacy of my users. I don’t have any ads or analytics on the site, the users can select whatever display name they want, and I never stored the email addresses I got from Facebook when a user registered or logged in - only a hashed[1] version of the ID. Email addresses and passwords, on the other hand, are a whole other beast, and the consequences of a database breach much worse.

read more ...

Using React, Redux and SSR to acommodate users without JavaScript

Whether or not something works without JavaScript (JS) is something that pops up in Hacker News comments from time to time - mostly when they don’t.

Who are these people with JS disabled, and why aren’t things working without it? The former are surely a minority, but even so, with NoScript being the 7th most downloaded Firefox Add-on and other browsers and ways of disabling JS existing, these users aren’t negligible. For the latter - I don’t know. Maybe modern web developers are lazy. Maybe they’re overworked, and pressed on time with too low budgets. Maybe supporting noscript is too hard. Maybe they don’t even know JS can be disabled or why anyone would do it.

I don’t claim to have the answer to these questions, but for some time I’ve had an idea on how to accommodate these users in a way that isn’t too much of a burden on the developer. The following is a short exploration of a method to do that, along with a demo showing it off. It’s something I hope to implement for my Wishy.gift, my side-project, at some point in the future, but more importantly, I hope someone can come up with something better.

read more ...