CIS 4339 Final Exam Review

Describe Bootstrap

Front end library with html and css templates for user interaction and user interface

Explain the functions of the following Git commands: Git config Git add Git diff Git init Git commit

Git config - Configure the username and email address Git add - Add one or more files to the staging area Git diff - View the changes made to the file Git init - Initialize an empty Git repository Git commit - Commit changes to head but not to the remote repository

What are the differences between Git and GitHub?

Git is a tool that's used to manage multiple versions of source code edits that are then transferred to files in a Git repository, GitHub serves as a location for uploading copies of a Git repository.

Explain the node.js package, CORS.

Grants us the authority of web resources from different domains.

What makes up a REST request?

HHEB 1. HTTP method - GET, POST, PUT, DELETE, etc. 2. Headers 3. Endpoint - containing the URI, such as a URL 4. Body

What are the common defenses against XSS?

Input validation and sanitization: One of the most effective defenses against XSS is to properly validate and sanitize all user input on the server-side. - This involves checking that input conforms to expected formats, such as email addresses or phone numbers, and removing any characters that could be used to inject malicious code. Encoding output: All output sent to the user's browser should be properly encoded to prevent the execution of malicious code. - This can be done using HTML encoding or JavaScript encoding, depending on the type of data being output.

What does an HTTP method do?

It describes that is to be done with a resource. - GET, POST, PUT, DELETE, etc.

Frontend development: What is the Bootstrap toolkit used for?

It is a collection of templates and functions for user interface and user interactions.

What is the "executor" in a Promise

It is the function passed to a new Promise. It is the "producing code" which should output the result

What is DOTENV?

It's a npm module that loads environment variables from a .env file into process.env

What are Databases in MongoDB? + What are 3 reserved database names in MongoDB?

MongoDB groups collections into databases. MongoDB can host several databases, each grouping together collections. Some reserved database names are: admin local config

What are the basic data types in MongoDB?

MongoDB supports a wide range of data types as values in documents. Documents in MongoDB are similar to objects in JavaScript. Along with JSON's essential key/value-pair nature, MongoDB adds support for a number of additional data types. Null {"x" : null} Boolean {"x" : true} Number {"x" : 4} String {"x" : "foobar"} Date {"x" : new Date()} Regular expression {"x" : /foobar/i} Array {"x" : ["a", "b", "c"]} Embedded document {"x" : {"foo" : "bar"}} Object ID {"x" : ObjectId()}

What is mongoose in node js?

Mongoose is an object modeling package for Node that essentially works like an ORM (Object-Relational Mapping) - ORM is a programming technique that allows developers to map data between object-oriented programming languages and relational databases. Mongoose is a popular Object-Document Mapping (ODM) library for Node.js that provides a simple, easy-to-use interface for working with MongoDB, a NoSQL document-oriented database. Mongoose makes it easier to define data models, create queries, and handle validation and relationships between data. Mongoose provides several features that make working with MongoDB easier, including: - Schema definition: Mongoose allows developers to define data models - Query building: Mongoose provides a powerful query builder that makes it easy to create complex queries and perform CRUD operations on MongoDB. - Middleware support: Mongoose allows developers to define middleware functions that can intercept and modify the behavior of the data operations Overall, Mongoose simplifies the process of working with MongoDB and makes it easier to create scalable and maintainable Node.js applications.

Explain the difference between using mongoose and the native MongoDB driver/connector?

Mongoose provides a straight-forward, schema-based solution to model your application data. - It includes built-in type casting, validation, query building, business logic hooks and more, out of the box. - It is a Object Document Mapper or ODM. An Object Modelling Tool. However, if our collection contains documents with an uncertain schema, the MongoDB driver is the most straightforward alternative. - It allows for more flexibility as one can directly interact with the database.

Describe the difference for SQL vs. NOSQL in terms of Scalability.

Most SQL databases can be scaled vertically, by increasing the processing power of existing hardware. NoSQL databases use a master-slave architecture which scales better horizontally, with additional servers or nodes. These are useful generalizations, but it's important to note: - SQL databases can be scaled horizontally as well, though sharding or partitioning logic is often the user's onus and not well supported. - NoSQL technologies are diverse and while many rely on the master-slave architecture, options for scaling vertically also exist. - Savings made using more efficient data structures can overwhelm differences in scalability; it is most important is to understand the use case and plan accordingly.

What Is Node.js?

Node.js is an open-source, cross-platform, JavaScript runtime environment for building scalable, high-performance web applications. It executes JavaScript code outside of a web browser. Is is sometimes also referred to as a web framework. It allows developers to write server-side code in JavaScript, which can reduce development time and make it easier to switch between client-side and server-side programming.

What is Express?

Node.js web framework for web and mobile applications.

Define OWASP

OWASP stands for Open Web Application Security Project. It is an organization which supports secure software development.

Name and describe the basic HTTP methods

POST is to Create a resource PUT is to Update a resource DELETE is to Delete a resource GET is to Retrieve a resource

Which software-development methodology would be best if an organization needed to develop a software tool for a small group of users in the marketing department? Why?

Rapid application development (RAD) is a software-development (or systems-development) methodology that focuses on quickly building a working model of the software. This methodology is much better suited for smaller projects than SDLC and has the added advantage of giving users the ability to provide feedback throughout the process.

Explain the difference between embedding and referencing (linking) for MongoDB data modeling.

Similarly to a relational database, MongoDB allows you to use schemas to define the fields and data types within your collections. - One of the powerful schema options available in MongoDB is to relate documents to one another, either via embedding or referencing. Embedded documents are stored as children inside a parent document. This means they are all stored under one collection, and whenever you retrieve the parent document, you also retrieve all its embedded documents. Unlike embedded documents, referenced documents are stored in a separate collection to their parent document. Therefore, it's possible to retrieve the parent document without retrieving any of its referenced documents. In storing the addresses of the child documents e.g. via a linked field using references.

How do you perform queries in MongoDB?

The find method is used to perform queries in MongoDB. Querying returns a subset of documents in a collection, from no documents at all to the entire collection. Which documents get returned is determined by the first argument to find, which is a document specifying the query criteria. Example: > db.users.find({"age" : 24})

What does the git push command do?

The git push command is used to push the content in a local repository to a remote repository. After a local repository has been modified, a push is executed to share the modifications with remote team members.

Are REST messages self-descriptive? If so, explain.

They are self-descriptive. - They contain information on how to interpret and process them.

How can you call a rest API from VUE JS?

We can use various HTTP libraries to call REST Api's from Vue JS. One of the popular libraries is Axios. It simple to use and lightweight. To include it in your project, execute the following command (shown in image). Then, you can implement a GET method using Axios in Vue JS (shown in image) We can send an HTTP request using Axios with a promise. - If the request is successful, we'll get the result.

When does Callback Hell occur?

When too many asynchronous functions with callbacks as a return parameter are nested within each other.

What does the --save option do when performing npm install?

When we do "npm install", it will install the modules. If we need to update the version of module in package.json, then we have to do it manually. BUT when we do "npm install --save", then it install the modules and update the package.json automatically.

What is the difference between dependencies and devDependencies in package.json?

dependencies are modules your project depends on. devDependencies are modules you use to develop your project. Dependencies are packages that the project requires to run in production. - they are installed when running the npm install command without the --dev option. DevDependencies, on the other hand, are packages that are only needed during the development and testing of the project. - They are installed when running the npm install command with the --dev option. Examples of dependencies are request, through2 and concat-stream. Examples of devDependencies are grunt, mocha, eslint, tape, and browserify.

What command do you use to install mongoose in node js?

npm install mongoose

What are the arguments used as callbacks in the executor aka the producing code?

resolve(value) and reject(error)

What does CORS stand for

Cross-Origin Resource Sharing

What is Nodemon?

Developer tool that helps Node.js applications by automatically restarting the node application when file changes in the directory are detected.

What are the key differences between GET and POST?

GET request is simple and used to fetch a resource on the server (read). POST method is used so that resources are created on the server. - POST request has a body.

What does DOTENV used for? Give an example.

It's used to separate 'secrets' from your source code, like your database credentials, port number, or JWT secret keys.

Describe chart.js

JS library for data visualization

What is Mongoose?

JS-based Object Data Modeling library for MongoDB.

Describe VUE.js

JavaScript framework for building the front end

What are the lifecycle methods of VueJS?

Lifecycle hooks are a window into how the library you're using works behind-the-scenes. By using these hooks, you will know when your component is created, added to the DOM, updated, or destroyed.

What is Axios

Promise-based HTTP client for the browser and node.js that helps with HTTP requests

Describe the difference for SQL vs. NOSQL in terms of Structure. + Describe the four categories of NoSQL databases?

SQL database schemata always represent relational, tabular data, with rules about consistency and integrity. - They contain tables with columns (attributes) and rows (records), and keys have constrained logical relationships. NoSQL databases need not stick to this format, but generally fit into one of four broad categories: 1. Column-oriented databases transpose row-oriented RDBMSs, allowing efficient storage of high-dimensional data and individual records with varying attributes. 2. Key-Value stores are dictionaries which access diverse objects with a key unique to each. 3. Document stores hold semi-structured data: objects which contain all of their own relevant information, and which can be completely different from each other. 4. Graph databases add the concept of relationships (direct links between objects) to documents, allowing rapid traversal of greatly connected data sets.

To start the MongoDB shell, what mongosh executable do you run?

$ mongosh

What is DevOps?

DevOps is a newly emerging term in the IT field, it is a practice that emphasizes the collaboration and communication of both software developers and other information technology (IT) professionals. Instead of having development and operation teams as separate siloes, DevOps merges them together to bring benefits to the software product. It focuses on delivering software products faster and lowering the failure rate of releases.

What are directives in Vue.js?

Directives are instruction for VueJS to do things in a certain way. Essentially, a directive is some special token in the markup that tells the library to do something to a DOM element.

What is the purpose of v-for directive?

The built-in v-for directive allows us to loop through items in an array or object. You can iterate on each element in the array or object.

What is the difference between package.json and package-lock.json in a Node project?

package.json is a versioning file used to install multiple packages in your project. package.json file contains metadata about the project and also the functional dependencies that is required by the application. package.lock.json is created for locking the dependency with the installed version. - It is used to lock down the exact versions of all the dependencies that your project needs. Without package-lock.json, there might be some differences in installed versions in different environments.

What are the key elements of the REST API paradigm?

1. A client or software that runs on a user's computer or smartphone and initiates communication. 2. A server that offers an API as a means of access to its data or features. 3. A resource, which is any piece of content that the server can provide to the client (for example, a video or a text file).

Name 5 out of the Top 10 OWASP Vulnerabilities

1. Injection 2. Cross site scripting (XSS) 3. Broken Authentication and Session Management 4. Insecure cryptographic storage 5. Failure to restrict 6. Insecure communications 7. Malicious file execution 8. Insecure direct object reference 9. Failure to restrict url access 10. Information leakage and improper error handling

What are 6 advantages of MongoDB?

1. MongoDB supports field, range-based, string pattern matching type queries for searching the data in the database. 2. MongoDB support primary and secondary index on any fields. 3. MongoDB basically uses JavaScript objects in place of procedures. 4. MongoDB uses a dynamic database schema. 5. MongoDB is very easy to scale up or down. 6. MongoDB has inbuilt support for data partitioning (Sharding)

What are the three key elements of the REST API paradigm

1. Software that runs on the user's devices and initiates communication 2. A server that offers an API as a means of access to its data or features 3. Said API must also provide a resource, any piece of content the server can provide the client (video or text file)

Describe the 5 major features of VueJS?

1. Virtual DOM - It uses virtual DOM similar to other existing frameworks such as ReactJS, Ember etc. - Virtual DOM is a light-weight in-memory tree representation of the original HTML DOM and updated without affecting the original DOM. - Virtual DOM allows for more efficient and performant updates to the UI. - Virtual DOM allows Vue.js to make the minimum number of updates necessary to the actual DOM, reducing the amount of work the browser needs to do and improving performance. 2. Components - Used to create reusable custom elements in VueJS applications. 3. Templates - VueJS provides HTML based templates that bind the DOM with the Vue instance data. 4. Routing: - Navigation between pages is achieved through vue-router. 5. Light weight - VueJS is light weight library compared to other frameworks.

What is a Document in MongoDB?

A Document in MongoDB is an ordered set of keys with associated values. It is represented by a map, hash, or dictionary. In JavaScript, documents are represented as objects: {"greeting" : "Hello world!"} Complex documents will contain multiple key/value pairs: {"greeting" : "Hello world!", "views" : 3}

Explain CORS in general

A browser security feature that restricts cross-origin HTTP requests with other servers and specifies which domains can access your resources

What is a Collection in MongoDB?

A collection in MongoDB is a group of documents. If a document is the MongoDB analog of a row in a relational database, then a collection can be thought of as the analog to a table. Documents within a single collection can have any number of different "shapes.", i.e. collections have dynamic schemas. For example, both of the following documents could be stored in a single collection: {"greeting" : "Hello world!", "views": 3} {"signoff": "Good bye"}

Software Development: What is the difference between a library and a framework?

A library provides a set of helper functions/objects/modules which your application code calls for specific functionality. Libraries typically focus on a narrow scope. A Framework has defined open or unimplemented functions or objects which the developer uses to create a custom application. Framework provides struture and it has a wider scope than alibrary. In software development, a library is a collection of pre-written code that provides common functionality, which can be reused by other software programs. A library typically consists of a set of functions, procedures, classes, and data structures that can be imported and called by a program. On the other hand, a framework is a pre-defined architecture or platform that provides a set of rules, guidelines, and templates for building software applications. A framework usually includes a set of libraries, tools, and APIs that developers can use to develop their applications.

What are the advantages and disadvantages of using Promise?

Advantages: - promise can solve callback hell, which greatly enhances the readability and maintainability of nested functions. Disadvantages: - unable to cancel promise, errors need to be captured by callback function. - If the callback function is not set, the error thrown by promise will not be reflected to the outside. - When it is in the pending state, it is impossible to know which stage it has reached, whether it has just started or is about to complete

What is a REST API?

An API (application programming interface) acts as the medium for applications to share information with each other. REST (representational state transfer) specifies how data is presented in a convenient format for the client.

What is the REST request structure?

Any REST request includes four essential parts: 1. An HTTP method 2. An endpoint 3. Headers 4. A body. An HTTP method describes what is to be done with a resource. There are four basic methods also named CRUD operations: - POST to Create a resource, GET to Retrieve a resource, PUT to Update a resource, and DELETE to Delete a resource. An endpoint contains a Uniform Resource Identifier (URI) indicating where and how to find the resource on the Internet. - The most common type of URI is a Unique Resource Location (URL), serving as a complete web address. Headers store information relevant to both the client and server. Mainly, headers provide authentication data — such as an API key, the name or IP address of the computer where the server is installed, and the information about the response format. A body is used to convey additional information to the server. For instance, it may be a piece of data you want to add or replace.

What is REST API?

Application programming interfaces (APIs) provide the platform and medium for applications to talk to and understand each other. APIs specify the way information passed across platforms is structured so that applications can exchange data and information. REST is an API architecture style. It stands for representational state transfer. REST specifies how data is presented to a client in a format that is convenient for the client. Data exchanges happen either in JSON or XML format. However, many APIs today return JSON data. To get access to a resource, the client sends an HTTP request. In return, the server generates an HTTP response with encoded data on the resource. Both types of REST messages are self-descriptive, meaning they contain information on how to interpret and process them.

What is asynchronous programming?

Asynchronous programming means that the engine runs in an event loop. When a blocking operation is needed, the request is started, and the code keeps running without blocking for the result. When the response is ready, an interrupt is fired, which causes an event handler to be run, where the control flow continues. In this way, a single program thread can handle many concurrent operations. Asynchronous programming is a programming paradigm that allows multiple tasks to be executed simultaneously without waiting for each other to complete. In asynchronous programming, tasks are executed in the background, and the program can continue to run and perform other tasks while waiting for the asynchronous tasks to complete. The traditional way of programming is called synchronous programming, where tasks are executed in a sequential manner, one after another. This can lead to inefficiencies and delays, especially when dealing with tasks that take a long time to complete, such as file I/O or network requests. In contrast, asynchronous programming uses non-blocking operations that do not wait for a task to complete before moving on to the next task. Instead, when an asynchronous operation is started, the program continues executing the next instruction while the asynchronous task is being processed in the background. When the asynchronous task is complete, a callback function is called to handle the result. Asynchronous programming is commonly used in web development, especially in Node.js, where it is used to handle multiple requests simultaneously without blocking the execution of other requests. It is also used in other programming areas, such as desktop and mobile applications.

Describe the difference for SQL vs. NOSQL in terms of Properties. + Describe ACID + Describe CAP

At a high level, SQL and NoSQL comply with separate rules for resolving transactions. RDBMSs must exhibit four "ACID" properties: - Atomicity means all transactions must succeed or fail completely. They cannot be partially-complete, even in the case of system failure. - Consistency means that at each step the database follows invariants: rules which validate and prevent corruption. - Isolation prevents concurrent transactions from affecting each other. Transactions must result in the same final state as if they were run sequentially, even if they were run in parallel. - Durability makes transactions final. Even system failure cannot roll-back the effects of a successful transaction. NoSQL technologies adhere to the "CAP" theorem, which says that in any distributed database, only two of the following properties can be guaranteed at once: - Consistency: Every request receives the most recent result, or an error. (Note this is different than in ACID) - Availability: Every request has a non-error result, regardless of how recent that result is. - Partition tolerance: Any delays or losses between nodes will not interrupt the system's operation. The CAP theorem, also known as Brewer's theorem, is a fundamental concept in distributed computing that applies to NoSQL databases. It states that a distributed system cannot simultaneously provide all three guarantees of Consistency, Availability, and Partition Tolerance. - Consistency refers to the requirement that all nodes in a distributed system see the same data at the same time. - Availability refers to the requirement that a system should always be available and responsive to user requests. - Partition Tolerance refers to the system's ability to continue operating in the face of network failures or partitions. According to the CAP theorem, in the event of a network partition, a distributed system must choose to sacrifice either Consistency or Availability. In other words, a system can either be Consistent and Partition Tolerant (CP), but not available during a partition, or Available and Partition Tolerant (AP), but not fully consistent during a partition. A network partition is a situation that occurs when a distributed system is split into two or more disconnected sub-networks or partitions due to network failures or issues. - In other words, network partitioning occurs when communication between nodes in a distributed system is interrupted, resulting in a split-brain situation where each partition can only communicate with other nodes within its own partition

What is CORS?

CORS, abbreviation for Cross-Origin Resource Sharing, is a process used to gain the authority of different web resources on different domains. With the help of CORS, the integration of web scripts can be implemented more freely with the external content of the original domain. CORS stands for Cross-Origin Resource Sharing, which is a mechanism that allows web pages or applications to make requests to a different domain than the one that served the original page. In other words, it enables cross-domain communication between web applications. By default, web browsers restrict cross-origin HTTP requests initiated from scripts. This security feature is called the Same-Origin Policy, which prevents malicious websites from making requests to sensitive resources on a different domain. However, this restriction can cause problems for legitimate use cases, such as when a web application needs to fetch data from an API on a different domain. CORS provides a way for web servers to relax the Same-Origin Policy selectively. It allows web servers to specify which domains are allowed to access their resources through HTTP headers. When a web browser makes a cross-origin request, it sends an "Origin" header with the domain of the web page that made the request. The server can then respond with a "Access-Control-Allow-Origin" header that indicates whether the request is allowed or not. In summary, CORS is a security feature that enables web pages to make cross-origin requests safely by allowing web servers to specify which domains are allowed to access their resources.

What is the "Producing Code" in a Promise. Name an example

Code that does something and may take time. For ex. some code that loads the data over a network

What is the "Consuming Code" in a Promise? Name an example

Code that must want the result of the "producing code". For ex. A function that needs the data provided by the "producing code"

Define components in Vue JS + State the 4 ways you can define a component

Components in Vue JS are a single, independent unit of an interface. - They have their own state, markup, and style. A Vue component can be defined in four ways: 1. new Vue({ /*options */ }). 2. Vue.component('component-name', { /* options */ }). 3. Use the local components. 4. The .vue files or Single File Components. The first two ways are the standard ways to use Vue when building an application that is not a SPA (Single Page Application). The Single File Components are used in the Single Page Application.

What happens when an application takes user inserted data and sends it to a web browser without proper validation and escaping?

Cross site scripting happens when an application takes user inserted data and sends it to a web browser without proper validation and escaping.

What is cross-site request forgery?

Cross-site request forgery (CSRF) is a type of web security vulnerability where an attacker tricks a user into executing an unwanted action on a website without their knowledge or consent. - The attack works by exploiting the trust that a website has in a user's browser, allowing an attacker to send a malicious request to the website on the user's behalf. The basic steps in a CSRF attack are: 1. The attacker creates a malicious web page that includes a hidden form or script that submits a request to the target website. 2. The user visits the attacker's web page while authenticated on the target website. 3. The malicious script or form on the attacker's web page submits a request to the target website using the user's authenticated session. 4. The target website processes the request as if it were legitimate, since it appears to be coming from the user's authenticated session. A hacker gets a victim's browser to make requests, with login credentials included without their knowledge. - An example for this is an association of IMG tag points to a URL with an action.

What is Cross-site scripting?

Cross-site scripting (XSS) is a type of web security vulnerability where an attacker injects malicious code into a web page that is viewed by other users. - The malicious code can be used to steal sensitive information, such as login credentials or personal data, or to perform unauthorized actions on behalf of the victim. XSS attacks are typically carried out by injecting malicious code into input fields, such as search boxes or comment sections, that are then stored in a web application's database. - When another user views the affected page, the malicious code is executed in their browser, giving the attacker access to their session data or other sensitive information. Cross-site scripting or XSS is a client-side code injection problem. - For example, an attacker getting a victim's browser to run script content like Javascript within their browser.

Describe DevOps

Emphasizes the collaboration of software developers and other IT professionals to create applications faster and with reduced failures.

What is the vue instance? + How can you create a vue instance?

Every Vue application works by creating a new Vue instance with the Vue function. - the Vue instance is the root component that represents the entire Vue.js application. Generally the variable vm (short for ViewModel) is used to refer to the Vue instance. You can create vue instance as shown in image

Describe front-end and backend in general terms

Frontend refers to the client-side of an application. Frontend is the part of a web application that users can see/view and interact with. Frontend typically includes everything that attributes to the UI/visual aspects of a web application. HTML, CSS, Javascript, are some of the essentials of frontend development. Backend refers to the server-side of an application. Backend constitutes everything that happens behind the scenes. Backend generally includes a (web) server that communicates with a DB to serve requests. Java, PHP and, Javascript are some of the backend development technologies.

What is the most loved language of a full stack developer and why?

Full Stack Developers work with a multitude of languages. Ideally, a full-stack developer must have a few languages that he loves, preferably, some with which he can design the front end and others with which he can take care of the back end. A fullstack developer should be able to demonstrate that well and remember to include the basic most used ones like HTML, CSS, Python, Javascript etc.

When should you use SQL vs NoSQL for your business?

Generally, NoSQL is preferred for: - Graph or hierarchical data. - Data sets which are both large and mutate significantly. - Businesses growing extremely fast but lacking data schemata. In terms of use cases, this might translate to social networks, online content management, streaming analytics, or mobile applications. SQL is more appropriate when the data is: - Small. - Conceptually modeled as tabular. - In systems where consistency is critical.

What is a Git repository? + What is the repository folder called?

Git repository refers to a place where all the Git files are stored. These files can either be stored on the local repository or on the remote repository. It tracks and saves the history of all changes made to the files in a Git project. It saves this data in a directory called .git, also known as the repository folder.

Explain the Promise callback resolve(value)

If the executor aka producing code finishes successfully then the resolve callback will be called

Explain the Promise callback reject(error)

If the executor aka producing code has an error, then the reject callback is called

Explain the differences between one-way data flow and two-way data binding.

In one-way data flow the view (UI) part of application does not update automatically when the data model is changed, therefore we need to write some custom code to make it updated every time a data model is changed. - In Vue JS v-bind is used for one-way data flow or binding. In two-way data binding the view (UI) part of application automatically updates when data Model is changed. - In Vue.js v-model directive is used for two way data binding.

What is a Promise?

It's a Javascript object that links "producing code" and the "consuming code" In JavaScript, a Promise is an object that represents a value that may not be available yet, but will be resolved at some point in the future. Promises are used to handle asynchronous operations, such as fetching data from a server, reading files, or executing time-consuming operations. The "producing code" refers to the code that initiates the asynchronous operation, which creates a Promise object and starts executing the operation. The "consuming code" refers to the code that receives the result or handles errors after the Promise is resolved. When a Promise is created, it is in a pending state, meaning that the value it represents is not yet available. Once the operation is complete, the Promise is either resolved with a value or rejected with an error. The consuming code can then use the Promise's methods, such as .then() or .catch(), to handle the resolved value or the error, respectively.

VUEJS: When would you use methods versus computed props in VUJS?

Methods are used to react to events which happen in the DOM and they accept arguments. - For example, some output needs to be shown when a user presses a button. Computed properties are cached, which means that the function will run only once until the values change again, and they don't take arguments. - They are often used to do calculation and at the end to return a value. - Or they can be used to setup something at the beginning that will be used many times but doesn't update. Methods are functions that are defined on the Vue.js component and can be called directly from the template or the script section of the component. - They are typically used to perform actions or modify data based on user interactions or other events. Computed properties, on the other hand, are functions that are defined on the component and return a value based on the component's data properties. - They are typically used to calculate and return derived values based on the component's state. - Computed properties in Vue.js are functions that return a value based on the component's data properties, and are cached until one of the properties they depend on changes. - this means that computed properties are only recomputed when their dependencies change, which can help improve performance by avoiding unnecessary recalculations. In general, methods are used for performing actions and modifying data based on user interactions or other events, while computed properties are used for calculating and returning derived values based on the component's state. - Using computed properties can also help improve performance, since they are cached and only recalculated when their dependencies change. In summary, methods are used to handle actions and events, while computed properties are used to calculate and return derived values based on the component's state.

What is the NodeJS Event Loop?

NodeJS is single threaded. The event loop is an endless loop, which waits for tasks, executes them and then sleeps until it receives more tasks. The event loop executes tasks from a queue of events. Because of the event loop we can use callbacks and promises. The Node.js Event Loop is a mechanism that allows Node.js to handle multiple requests simultaneously, without blocking the execution of other requests. It is an essential part of Node.js's non-blocking I/O model, which enables it to handle large amounts of I/O operations without consuming too much memory or CPU resources. The Event Loop is a loop that continuously checks for new events in the event queue and executes them in the order they were received. When a new event is added to the queue, it is processed in the next iteration of the event loop. The event loop uses a first-in-first-out (FIFO) queue to prioritize events. Node.js developers can use the Event Loop to create efficient and scalable web applications that can handle large amounts of I/O operations and requests.

VUEJS: Name differences between the VUESJ Options and Composition API.

Options API The Options API seems easier to start with and you can comfortably use it even without building an application (better for beginners). - The Options API is centered around the concept of a "component instance" which typically aligns better with a class-based mental model for users coming from OOP language backgrounds. Composition API Composition API, is more organized way which makes code much cleaner and easy to manage and is therefore preferred for larger projects and advanced VUEJS applications. - The Composition API lets us create components without the need of a large single exportable object, like in the Options API. - The Composition API is centered around declaring reactive state variables directly in a function scope, and composing state from multiple functions together to handle complexity In Vue.js, the Options API and Composition API are two different ways to define and manage the state and behavior of components. The Options API is the traditional way of defining components in Vue.js, where the component is defined as a single object with various properties and methods. - The Options API is simple and easy to use, making it a good choice for small to medium-sized applications. - It is also well-documented and widely used, so there are many examples and resources available for developers. The Composition API, on the other hand, is a new way of defining components in Vue.js 3. - It allows developers to organize their code in a more modular and reusable way by separating the component's logic into reusable functions, called composition functions. - These composition functions can then be reused across multiple components, making it easier to share code and maintain consistency across the application. Here are some of the key differences between the Options API and Composition API: 1. Organization and reusability: The Composition API allows developers to organize their code into reusable functions, making it easier to share code and maintain consistency across the application. 2. Scoped reactivity: The Composition API provides scoped reactivity, which means that reactivity is only triggered within the component that is using the composition function. This can reduce the risk of side effects and improve performance. 3. Better type inference: The Composition API provides better type inference and code completion, making it easier to write and maintain code. 4. Migration: The Options API is easier to migrate from Vue.js 2, as it is the traditional way of defining components in Vue.js. The Composition API requires more learning and is a new concept in Vue.js 3. Overall, the Composition API is a more powerful and flexible way to define components in Vue.js, but it requires more knowledge and experience to use effectively. The Options API is simpler and easier to use, making it a good choice for smaller projects or for developers who are new to Vue.js.

How can you defend against CSRF?

Protecting against CSRF (commonly pronounced "sea-surf") requires two things: 1. Ensuring that GET requests are side-effect free. 2. Ensuring that non-GET requests can only be originated from your client-side code. a) A key design principle that protects you from CSRF attacks is using GET requests for only view or read-only actions. - These types of requests should not transform data and must only display recorded data. - This limits the number of requests that are vulnerable to CSRF attacks. b) Even when edit actions are restricted to non-GET requests, you are not entirely protected. - POST requests can still be sent to your site from scripts and pages hosted on other domains. - In order to ensure that you only handle valid HTTP requests you need to include a secret and unique token with each HTTP response, and have the server verify that token when it is passed back in subsequent requests that use the POST method (or any other method except GET, in fact.) - This is called an anti-forgery token.

Describe the difference for SQL vs. NOSQL in terms of Support and communities.

SQL databases represent massive communities, stable codebases, and proven standards. - Multitudes of examples are posted online and experts are available to support those new to programming relational data. NoSQL technologies are being adopted quickly, but communities remain smaller and more fractured. - However, many SQL languages are proprietary or associated with large single-vendors, while NoSQL communities benefit from open systems and concerted commitment to onboarding users. SQL is available to most major platforms, from operating systems to architectures and programming languages. Compatibility varies more widely for NoSQL, and dependencies need to be investigated more carefully.

Describe the difference for SQL vs. NOSQL in terms of Language.

SQL has been around for over 40 years, so it is recognizable, documented, and widely-used. - Safe and versatile, it's particularly well suited for complex queries. - However, SQL restricts the user to working within a predefined tabular schema, and more care must be taken to organize and understand the data before it is used. The dynamic schemata of NoSQL databases allow representation of alternative structures, often alongside each other, encouraging greater flexibility. - There is less emphasis on planning, greater freedom when adding new attributes or fields, and the possibility of varied syntax across databases. - As a group, however, NoSQL languages lack the standard interface which SQL provides, so more complex queries can be difficult to execute. Though there are many dialects of SQL, all share a common syntax and almost-identical grammar. - When querying relational databases, fluency in one language translates to proficiency in most others. On the other hand, there is very little consistency between NoSQL languages, as they concern a diverse set of unrelated technologies. - Many NoSQL databases have a unique data manipulation language constrained by particular structures and capabilities.

What is the difference between SQL Injection and Cross Site Scripting (XSS)?

SQL injection involves inserting malicious SQL code into an application's input field that allows an attacker to access or modify sensitive data in a database. - This can be done by exploiting input validation and sanitization vulnerabilities to manipulate SQL queries, often resulting in data theft, data modification or destruction, and even system compromise. - SQL injection attacks can be prevented by properly validating and sanitizing input and using parameterized queries or prepared statements. On the other hand, cross-site scripting (XSS) involves injecting malicious code into a website that is executed by the victim's web browser. - This can allow an attacker to steal sensitive data or perform unauthorized actions on behalf of the victim, such as stealing login credentials, session data or personal information. - XSS attacks can be prevented by sanitizing user input and encoding output to prevent execution of malicious code. In summary, while both SQL injection and XSS involve exploiting input validation and sanitization vulnerabilities, SQL injection is focused on exploiting vulnerabilities in the backend database, while XSS is focused on exploiting vulnerabilities in the frontend website. - SQL injection allows an attacker to manipulate SQL queries and gain access to sensitive data in a database, while XSS allows an attacker to inject and execute malicious code in a victim's web browser, potentially compromising their system and stealing sensitive data.

What does it mean to scale a database vertically vs horizontally?

Scaling a database is the process of increasing its capacity to handle more data, traffic, and transactions. There are two main ways to scale a database: vertically and horizontally. Vertical scaling, also known as scaling up, involves increasing the resources of a single database server by adding more RAM, CPU, or storage capacity. - In other words, vertical scaling involves adding more power to an existing server to handle more workload. - Vertical scaling is generally easier to implement but has a limit on how much it can scale, as there is only so much that one server can handle. Horizontal scaling, also known as scaling out, involves adding more servers to a database cluster to distribute the workload. - In other words, horizontal scaling involves adding more servers to handle more workload. - This allows for more resources to be added incrementally, as needed, and can provide greater scalability than vertical scaling. - However, horizontal scaling can be more complex to implement, as it requires distributing the data and transactions across multiple servers and ensuring that they are synchronized. Both vertical and horizontal scaling have their advantages and disadvantages, and the choice depends on the specific requirements of the application and the database. - Vertical scaling is often a good choice for smaller databases or applications with lower traffic, while horizontal scaling is better suited for larger databases or applications that require high scalability and performance.

Define Single File Component (SFC) and Single Page Application (SPA)

Single File Component (SFC) In Vue.js, a single file component (SFC) is a file that contains all of the template, script, and style code for a Vue.js component. - It allows developers to define all of the component code in a single file, making it easier to manage and share code across the application. - A single file component has the .vue extension and is divided into three sections: the template, the script, and the style. - The template section defines the HTML template for the component, the script section defines the JavaScript code for the component, and the style section defines the CSS code for the component. Single Page Application (SPA) A single page application (SPA) is a web application that loads and updates content dynamically, without requiring a page refresh. - Instead of navigating between multiple pages, the user interacts with a single page that updates dynamically in response to user input. - In a traditional web application, the server generates a new HTML page for each request made by the user. This can be slow and inefficient, especially for complex applications with multiple pages and a large amount of data. - In contrast, SPAs rely on JavaScript to update the UI in real-time, allowing for a more responsive and interactive user experience. - SPAs typically use a client-side framework or library, such as React, Angular, or Vue.js, to manage the dynamic rendering of the UI. - These frameworks handle tasks such as data fetching, state management, and UI updates, allowing developers to create complex and dynamic applications with ease.

What is the MongoDB Shell? What is it called?

The MongoDB Shell, mongosh, is a fully functional JavaScript and Node.js REPL (Read-Eval-Print-Loop) environment for interacting with MongoDB deployments. You can use the MongoDB Shell to test queries and operations directly with your database. You can use the mongo shell to query and update data as well as perform administrative operations. The MongoDB shell is a full-featured JavaScript interpreter, capable of running arbitrary JavaScript programs. - Even basic math works on mongosh.

What is Callback Hell? + How can you avoid callback hell?

The asynchronous function requires callbacks as a return parameter. - When multiple asynchronous functions are chained together then callback hell situation comes up. Callback Hell is a term used to describe a situation in asynchronous programming where code becomes difficult to read and maintain due to nested callbacks. It can occur when a sequence of asynchronous operations are nested inside each other, where the output of one operation is the input of the next operation, and so on. In Callback Hell, the code can quickly become unreadable and difficult to maintain, making it challenging to debug and extend. The callbacks can become deeply nested, and the code can lose its structure, making it difficult to follow the flow of execution. Here's an example of what Callback Hell might look like in JavaScript (shown in image) To avoid Callback Hell, developers can use various techniques, such as Promises, async/await, or using named functions instead of anonymous functions. These techniques can help make the code more readable and easier to maintain, and avoid excessive nesting of callbacks.

How do you add data in MongoDB?

The basic method for adding data to MongoDB is "inserts". To insert a single document, use the collection's insertOne method: > db.books.insertOne({"title" : "Start With Why"}) For inserting multiple documents into a collection, we use insertMany. - This method enables passing an array of documents to the database.

What are the latest trends in Full Stack Web Development?

The rise of Vue JS Functional, real-time web apps, progressive apps, and mobile web development. - Real-time web apps are applications that are designed to provide immediate and up-to-date information to users in real-time. Instead of users having to refresh the page to see new content, a persistent connection is made between the client and server. - Progressive web apps (PWAs) are web applications that are designed to provide users with a native app-like experience while leveraging the power and flexibility of the web. They work on any device, they look and feel like a native app (with smooth animations, gestures, and UI), they can be installed and offer push notifications, and include other modern features. Programming benefits from JavaScript improvements. The emergence of more compatible extensions.

How can you share code between files in NodeJS?

This depends on the JavaScript environment. On the server (Node.js) each file is treated as a module and it can export variables and functions by attaching them to the module.exports object. This follows CommonJS. In Node.js, each file is considered a module, which means that the code in one file is not automatically available to other files. However, Node.js provides a way to share code between files by allowing developers to export variables and functions from one module and import them in another module. To share code between files in Node.js, developers can use the module.exports object to export variables and functions from a module. This object is used to define what a module exports, and can be assigned to an object, function, or any other value that the module wants to make available to other modules. For example, consider a file called calculator.js that contains a function called add (shown in image) In this example, the require function is used to import the calculator module, and the add function can be called using the calculator.add() syntax. By using module.exports and require, developers can share code between files in Node.js and create modular, reusable code that can be easily maintained and scaled.

What are the conditional directives? + Describe the 4 Vue JS conditional directives

VueJS provides set of directives to show or hide elements based on conditions. The available directives are: - v-if - v-else - v-else-if - v-show v-if - The v-if directive adds or removes DOM elements based on the given expression. - For example, the below button will not show if isLoggedIn is set to false (a in image) - You can also control multiple elements with a single v-if statement by wrapping all the elements in a <template> element with the condition. - For example, you can have both label and button together conditionally applied (b in image) v-else This directive is used to display content only when the expression adjacent v-if resolves to false. - This is similar to else block in any programming language to display alternative content and it is preceded by v-if or v-else-if block. - You don't need to pass any value to this. - For example, v-else is used to display LogIn button if isLoggedIn is set to false(not logged in) (c in image) v-else-if - This directive is used when we need more than two options to be checked. - For example, we want to display some text instead of LogIn button when ifLoginDisabled property is set to true. - This can be achieved through v-else statement (d in image) v-show - This directive is similar to v-if but it renders all elements to the DOM and then uses the CSS display property to show/hide elements. - This directive is recommended if the elements are switched on and off frequently (e in image)

How can we utilize environment variables in NodeJS? Name a package and explain how to use it.

You can utilize environment variables in Node.js using the "dotenv" package. This package allows you to load environment variables from a .env file into the process.env object, making them available throughout your application. Here's how to use the dotenv package: 1. Install the package: npm install dotenv 2. Create a .env file in the root directory of your project. This file will store your environment variables in key-value pairs: DB_HOST=localhost DB_USER=myuser DB_PASS=mypassword PORT=3000 3. Load the environment variables using dotenv. At the beginning of your main application file (e.g., app.js, index.js, or server.js), require and configure dotenv: require('dotenv').config(); 4. Now you can access the environment variables using process.env: const dbHost = process.env.DB_HOST; const dbUser = process.env.DB_USER; const dbPass = process.env.DB_PASS; const port = process.env.PORT;

When should you use MongoDB?

You should use MongoDB when you are building internet and business applications that need to evolve quickly and scale elegantly. MongoDB is popular with developers of all kinds who are building scalable applications using agile methodologies. MongoDB is a great choice if one needs to: - Support a rapid iterative development. - Scale to high levels of read and write traffic - MongoDB supports horizontal scaling through Sharding, distributing data across several machines, and facilitating high throughput operations with large sets of data. - Scale your data repository to a massive size. - Evolve the type of deployment as the business changes. - Store, manage and search data with text, geospatial, or time-series dimensions.

What is the constructor syntax for a promise object?

let promise = new Promise(function(resolve, reject) {// executor (the producing code)}); For example: let promise = new Promise(function(resolve, reject) { setTimeout(function() { const randomNum = Math.random(); if (randomNum > 0.5) { resolve("Success!"); } else { reject("Error: Random number is less than or equal to 0.5"); } }, 1000); }); If the promise is resolved, the variable "promise" will be equal to "Success!" If the promise is rejected, the variable "promise" will be equal to "Error: Random number is less than or equal to 0.5"