I am writing an application to use even when offline. I tried the HTML5 manifest(which is now deprecated) and also opted to use 'Service Workers' but my application is a local intranet web page which cannot be served as HTTPS currently due to restrictions.
Can you advice me on how I can architect the webpage? I am hosting the application on IIS and it needs to be used on mobile devices when both offline and online. I am using PHP for backend
Would appreciate some guidance on this. I went through some of the previous answers and tried them but none fits my requirements. Is there any other way I can make the application served offline?
So, we resolved to lifting restrictions on the server to allow https connections locally on our network. This fixed my requirement
Related
I am developing a web application. We are about release my first application but i found some unexpected bahaviour on my server.
Could anyone tell me what he tried to do?
one of my colleague told me that we should not PHP anymore.
I am planning to change our framework to Laravel. but i am just afraid that if security is real issue then i am willing to move but the reason that my colleague is saying does not persuasive to me.
it does look like a scan by a bot to me and it doesnt look harmful. There are bots scanning websites these days. thats normal.
make sure your website is using SSL. In your AWS security group, just accept https traffic (port 443) only.
In regards using PHP, php is a popular language used by million of websites on the internet. As others highlighted, follow the security standards and you are good to go.
Did you run any security scanner tool against your web application ?
These logs looks like generated by your hosting server WAF(web application firewall) and it seems someone tried a script/scanner against you web application, because you are not using WP but in logs script tried to find wp-config.php through LFI(path travel attack), do one simple thing, use a free or trial automatic web application scanner and check logs again, some free scanner are owasp zap, arachni scanner, paid scanner like burp-suite.
Also check following best practices for security :
Check for any other files which created automatically and not by you
or framework, specially .php, and scan those files at
"virustotal.com" to verify if actually attacker successfully uploaded a shell (virus).
If your web-application has file upload option, please verify you
allowing only .jpg or .png not php or other files.
Use latest version in PHP, because a new attack now days targeting
vulnerable PHP server, attacker pick IP range and run script against, this most happens with AWS.
In AWS only allow 80/443 port to public IP, not all ports.
Use latest version of framework (codeigniter).
Thanks
I recently built a web application for my company, but the client needed the application to work both offline and online, depending on the availability of internet connection.
Anyways, I'm looking for a way to allow my application to run offline and online. The following technologies are used: PHP, MySQL, jQuery, HTML, and CSS.
Clients could be using that app without internet connection; if there is internet connection the app will automatically move to using the hosting server.
This is either trivial or insanely difficult, depending on a few things:
Does your client have an internal network it can use?
Can that internal network be accessed from the outside?
How many users will your application have?
Are they all on the same network?
On the trivial end of the scale, you can host the entire application locally on your client's network, that can also be accessed from outside, if there is an internet connection. But if there isn't as long as you're on the internal network, the service continues.
On the insanely difficult end, you can build your service so that each browser stores enough information on the machine to allow the user to continue to use the service even if internet connection drops. And then when the connection resumes, the service syncs any updates to the browser.
But this all depends on the answers to those questions.
Didn't really know what title to give this question so I hope its acceptable.
I am using a system which has an API. I don't have a lot of control over this system, but one thing I need for security reasons is for it to be locked down to my IP. This works, so now the system can only be accessed from my IP.
Now, I have built a custom app which uses the above API. This app is hosted on a server which is different from my IP address. Therefore, when I try to make the API call it fails due to it being restricted. I know this is the case, because if I run the app locally from my location, it works without any problems.
So, the question is whats the best thing to do? I know I could add the IP address of the server which is hosting my app to the systems API. However, I think the servers IP is dynamic which could cause problems. I have also used things like no-ip locally to control my dynamic IP, but I cant imagine I can install this on my web server.
Looking for thoughts as to how I can overcome this problem.
Thanks
I want to send a file from my browser to a server which is not the server on which the site is hosted.The problem is the another server is not a web server.
Is it programmatically possible to send a file to different server without the involvement of host server? I do not want copy of the file I am uploading on my hosting server.
Sorry for not being clear on the first go. I hope this makes sense.
Note: I have the IP address of server. Implementation has to be done in a secure way.
Create a signed application to handle the upload.
One of the fundamental rules of browser sandboxing is that you don't let the browser communicate to a server other than the one which provided the website. This has been a rule for quite some time, and is done for security reasons.
The only way I know of to bypass this restriction is to use a signed application. This is possible in several languages including at least Flash and Java. Once you've signed your application with an authoritative source, then you can specify that your application is known to communicate with a third-party server and should be trusted to do so. The process of doing this will be different depending on the technology you choose.
The server to which you are sending the file needs to allow some sort of protocol in order to accept the file. You do not specify what that is, but these languages should be more than sufficient to implement whatever you need.
given that you have the necessary authentication of the secondary server you can
i'll explain using ftp, but there can be other socket related ways
1) upload the file to your server as usual, using $_FILE
2) use the ftp class in php to transfer the file to the remote host
Thanks all for valuable suggestions. I am opting for bit weird way but it seems the only feasible solution considering the current requirements of the project.
I am planning to install lite version of web server and php on the external server which can accept uploaded files through browser.
Our team has worked out this is the best solution we can consider as of now.
Thanks again to all for their suggestions.
This is done all the time with Firefox plugins, (youtube etc.). Does it have to be driven from your page source ? How stealthily do you want to do this ?
The other server should use a common protocol, SSH or ftp or NFS or CIFS.
In any case the user is going to have to agree with the plugin or the applet or a third party service (think punkbuster) running in the background.
BF4 runs in a browser window via a plugin and routinely sends data to servers other than the game server.
I'm trying to learn about node.js and there are tons of examples out there, but one question that I can't find an answer to or example is how does this work with web hosts (i'm using inmotionhosting.com)?
say I have a basic website www.url.com/index.php (note: I'm using PHP also). For this website to work, all I have to do is upload a file into my file manager in my web hosting site.
How does node.js work? do I just upload a node.js file into the web hosting also?
In all the examples, they are using localhost with port 8000 or something. Can someone shine some light?
Thanks!
you will need at least VPS hosting to install node.js, shared hosting won't allow you to install any application on your own, unless you they give you the option to do it.
then it all depends on how you have configured and what application is node.js serving, you can't really say where to upload files by default unless a path is set either from you or from webhosting..
from nodejs.org
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.
it doesn't say it specific for web use, instead you should use a web framework such as
ExpressJS where you can build you web application or any other stuff.. your host should provide further information on how to manage packages in your nodejs instance, configuration, etc..
some usefull links
Domain API
ExpressJS
ExpressJS examples
Here is something i came cross.
Hosting your node app?
Hosting Node Apps
nodeFu
Supported hosting providers?
Node Hosting
just read the descriptions for each section.