Book Image

Easy Web Development with WaveMaker

By : Edward Callahan
Book Image

Easy Web Development with WaveMaker

By: Edward Callahan

Overview of this book

Developers of all levels can now easily develop custom, responsive, and rich web application clients with secure, scalable servers utilizing relational databases and RESTful services using WaveMaker Studio. Whether you need a departmental business application or a form application for your weekend club, this book will show you how to design, develop, and deploy professional grade web applications with WaveMaker. Easy Web Development with WaveMaker will help you use WaveMaker to design, develop, and deploy rich, responsive web applications, even if you are not a programmer. If you need to build a data-driven web application, but you only know ‘enough to be dangerous,' you need this book. This book examines every angle of using WaveMaker to build applications, from dissecting examples to customizing, deploying, and debugging your own applications. This book enables the non-professional programmer to become comfortable not only with using WaveMaker Studio itself, but also with the artefacts produced by the studio as well as the runtime and services provided by the WaveMaker framework. You will learn everything, from how customize the user experience with JavaScript and CSS to integrating with custom Java services and the Spring Framework server-side. Easy Web Development with WaveMaker 6.5 is packed with examples, code samples, screenshots, and links to equip you to be successful with WaveMaker Studio.
Table of Contents (23 chapters)
Easy Web Development with WaveMaker
About the Author
About the Reviewers
Styling the Application
Working with Databases
Utilizing Web Services

Securing runtime service

WaveMaker's use of service variables insulates applications from SQL injection types of attack ( However, use of the runtime service exposes a insert(), update(), read(), and delete() method for every imported table. This can create a significant vulnerability, including exposing the user login table when using database security.

For example, using curl (, a command-line tool for making HTTP requests, we could perform an update of the customer table by POST'ing directly to the runtime service URL. Here, we update the customer record with customer ID 3 with bogus data

> curl -H "Content-type: application/json" -d '{"params":["custpurchaseDB", "", {"address":"12 Chump Lane", "city" : "Hackville", "company": "Fools R Us", "custid" : 3, "imageurl" : "", "state" : "TX", "twitter" : "ivebeenpawnd", "zip": "3333"}],"method":"update","id":1}' -X POST