Long time reader first time asker, if my question is silly or missing info or miss titled lemme know and I'll fix it.
Okay, so I'm working at a community center for the next 8 weeks as a tech help assistant, I'm also a CS student.
They have a web application that is quite old running locally on an iis server (version 7). It's for keeping track of their members, events and registration It's written in asp.net and is using and Access database. They also have a wordpress website (php, mysql, apache) for advertising events and sharing information about what's going on in the community.
What they would like is to link their wordpress to the local application. I've been racking my brain about if this is even possible or not. I'm leaning towards not possible because the local application and shouldn't be outward facing as it has sensitive data on it and was not designed to be secure in the face of would-be hackers.
The only solution that I could think of is create a "walled off" section of the computer hosting the local application. Also an outward facing port that accepts incoming data from the wordpress site that is then passed onto the access database as an update (increasing a counter for the amount of people registered to a program). It needs to be possible for a file to have some kind of global (from the web) executable permissions and have all the other files on the localhost computer locked down from this global permission.
We would also need to be able to get 2 boolean values from the local app for the wordpress site. This is for if the program/camp/whatever is full and if the update was unsuccessful in the event of something going wrong. I'm just not sure if something like that is even possible and where to start with that. The most important thing is that it's secure.
If a secure API could work I have time to create something like that.
I don't have enough time to upgrade their local system to make it safe enough to be online because I have to run tech help sessions. I know that is the most realistic option.
Thanks very much
What they would like is to link their wordpress to the local
application. I've been racking my brain about if this is even possible
or not. I'm leaning towards not possible because the local application
and shouldn't be outward facing as it has sensitive data on it and was
not designed to be secure in the face of would-be hackers.
I think you've hit the nail on the head right there. It looks like you have a decent understanding of the situation but not of their internal app. The fact is that it's hard to scope something like this without getting in and getting details. Step 1 would be to see if you can talk to whoever it is that built the thing and get their feedback. It might be secure enough to expose some sort of connection.
Really there's not enough information here to determine a good answer, and you should be wary of anyone that says it's secure. There are a ton of factors that go into web security.
You might be able to throw together a basic RESTful API with authentication to send only to the wordpress site's IP. But if it's sharing the IP that information can be consumed by third parties so you'll have to decide if that is an okay risk.
I wouldn't try and expose everything and partition with apache. A basic RESTful API with authentication would be best at first glance IMO. That way you only show consumable data and limit what can be used.
Related
I'm new to using AzureDevOps to handle my team's development needs. Currently I'm faced with the question of how are we going to gather the requirements, change requests, suggestions or bug reports from the end users of our products, that are either deployed or under development.
My idea is to have a simple page that is linked with our Azure DevOps account, which can simply retrieve the list of projects, to help the end user set the category, and then simply email the request to one of the developers to be handled manually. Our end users are limited so this is not an issue of being flooded.
I've search google and others for a template / working example of such page to help me build it quicker, as I'm also very limited on time.
I'm sure someone has done this before. It's just a simple request page connected to DevOps.
Asking about Azure DevOps hosted on Microsoft cloud, with 5 active developer accounts working on 5 different projects. We also use Sharepoint and AzureAD for the company's internal use, and would like to limit the requests to only come from company employees. I tried looking this up, but couldn't find anything "ready made".
We had a similar problem where we wanted to let people access parts of ADO who dont have an Azure AD account. We need this because we are a large corporation with slow and complicated Active Directory processes...
I asked on server fault and found a little service called TicketStudio in the Marketplace that works good for us: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aveyaramrsoftwaregbr1612902674653.ticket_studio?tab=Overview
I am working on an Android application that will allow users to gain access to certain sets of files and then sync them with their device for offline use. Thus, when they first download my app, they will have no account or files, they will have to create an account, then enter an access code to gain access to certain file directories for download.
I have the majority of UI of the app completed, and it now needs to be 'plugged in' to a backend. I am a little familiar with PHP as I have done a few dynamic websites, so I am familiar with working with phpmyadmin, but I really want to make this backend schema well made and able to handle business.
I don't know where to start to design the relational databases and all the other factors I may have not even thought about yet. Does anyone have any good references, tutorials, anything that may help me take this next step?
if you want to learn about data base modeling, these websites can give you a good start example2 example3
or do you wish to learn about SQL coding?
I've been working on a site (for my company) to allow selected data center users to remotely access a scheduling calendar and some pages offering information on the various servers they are coming to the site to access--on a separate site. Initially, I was under the impression that I'd be creating a database and registration page to add, authorize or track end users. My initial project coding has been a combination of HTML, PHP, CSS, and MySQL and Apache for the database side. Now I've been told that we will be using AD, tied into our company's official Active Directory, so that users can use the same IDs and passwords that they've already had approved by our company.
My question is (hopefully) simple. Is there a certain web programming language that I should use in creating the pages that works better with Active Directory than others?
If you are comfortable with PHP, you should be able to achieve the above no problem!
The beauty of PHP is that someone somewhere along the line had the same problem as you so chances are, there's an established solution already.
adLdap seems to be a good solution, a library that already does most of the hard work for you and all you'd need to do would be integrate it into your script!
See: http://adldap.sourceforge.net/wiki/doku.php?id=documentation_user_functions
Hopefully this can make it a little easier for you so you can concentrate on the other things like the actual functionality of the website itself.
I want to make a computer storage (online) Web Application with PHP/MySQL... I mean where we can keep all the data of computer and all its configuration, up-gradation, problem occured, solved problems and alerts for warranty expires..
Can any one give me the example link where i can gain some idea (The example can be on any platform). I just want to go thru its work-ability..
I gone thru google, but nothing worth..
This company does something like that in their software. It is called asset management. It appears to be done using PHP and Ajax as far as I can tell. I suggest researching Ajax for more info as you will need real-time tracking, i would think. http://www.dapperdesk.com/hd/logina.php
I am about to deliver an Adobe AIR app to a customer.
But it's my first delivery of any sort, I.e. I have
no experience whatsoever with licensing etc.
Users of this app may or may not be online, so
can't count on that. In fact it's 99% sure that
they will be offline.
Nor do I expect them to very tech-savvy, who will
spend enough time scouting for ways to "crack" it.
So, is there an okeish type of way to protect this
app. That is, I don't want people to simply copy
the installation folder, take it to another machine
and run it. It should be slightly harder than this.
Oh, and I am also using PHP and MySql, with which
this AIR app communicates. So anything you guys could
help me with is very very welcome.
protect the php api and not the frontend app. have a license key which is bound to an ip address and authenticate the request (which contains the key) is coming from the correct ip.
If you want to protect your Flex app you can use irrObfuscator. There is a 30 days free demo.
If you wish to obfuscate your PHP code I would suggest ioncube. There is an online obfuscator that you can pay per à-la-carte. Pretty usefull. Tho you need ioncube loaders which is a set of PHP extension that you will find into the products section. Not sure but I think you can install loaders without playing with PHP config so it's shared-hosting friendly.
You can not protect anything that's webbased or javascript based, purely because there is complete sourcecode.
Anyone who knows how to use 'right click' could copy your files. You can obfuscate your code, but you cannot protect it. If you think that this shouldn't be possible, write a desktop app in a 'real' programming language.
When the app installs, I would do the following:
Create a file in "app-storage" that basically indicates the app has been installed.
Fire off a service call and make a record of the install
Change a file in the app directory to indicate the app has been installed
On subsequent startups, check for the presence of the file as long as the file in the app directory indicates the app has been installed. If you see the customer keeps installing their app over and over, this could be flagged in their account and appropriate action taken. If you want to get fancy, the file in "app-storage" could a one-way hash of some information from the file in the app directory (install date?) plus some value baked into the AIR application.
In general, I think the key here is to trust your users and not make the assumption they are trying to steal. You want to make the system as painless as possible. It does not build a good relationship with customers when you treat them like criminals, so creating an "ironclad" approach probably isn't even the best idea.
I think pretty much the only good way to do this is to require activation after installing (online activation, with a phone backup).
From what you're saying, it seems like the backend is installed on-site and would not be able to provide adequate copy protection.