This must be vague to ask, but I need a possible solutions.
I'm working on a project where 10 or more linux (Ubuntu) server need to talk to each other using specific ID. Without using WAN IP or Port forwarding.
I've tried with a third party library, they charge 2$ or 3$ per ID. And ask me to establish 3 rely server. I'm okay with it and ready to spend money, but the project will rely on this server completely after implementation, if they discontinue the service later, I will be screwed.
So I thought to go for either a reputed P2P service provider or Implementing on my own. But neither could find one who provides nor have an idea of implementing this.
Please help me with it. Give some ideas.
Related
My office network provides internet access to my employees when they connect to it through the office's router. I want to make a web application in which only computers connected to the internet through my office router, can access. So that my employees have to be in my office area before they can login into the php web application.
If they are connected to the internet, but not through my office network they should not be able to log in to the application. (I know I could have deployed the php app in a local server setup in my office but I want the app to be on a remote server on the internet for my personal reason).
What hardware do i need to setup my office network and how do I make PHP detect the id of the hardware of my network so php can determine that a request is coming from my network.
Some options to recognise your private office from a public website:
IP address
This will only work if you know what IP address is in use at any given time by your allowed clients. In the case you use a NAT gateway, this has to be the outside address.
It becomes pretty easy to do this if you have static IP addresses for all your allowed clients, if they change, it quickly becomes a nightmare to keep them right at all times.
Security: since HTTP is based on TCP it's not trivial for other to get to use your IP address through spoofing, but it's by far not foolproof either. Consider it a poor-man solution at the very best.
Caveat: if any of your staff can get remotely to their machine, they can access it remote (so e.g. a time registration system is going to get circumvented by this quickly)
VPN
VPN stands for Virtual Private Network.
This is the goto solution from a security perspective. Essentially you build up tunnels between either individual clients or networks as a whole with the VPN server.
On the central end of those tunnel(s), your webserver answers to web requests (but not to the internet at large).
There is a whole range of VPN products out there. There are equally relatively easy to build solutions using free software (e.g. OpenVPN).
Things on how the client (network or computers) will authenticate to the server and what traffic is attracted to the VPN and much more are all possible parameters you can set.
Security: it depends a bit on the choices made, but unless unproven or outdated solutions are picked, this can be done "top notch". It is however in skill level probably just above your typical IT shop around the corner (but you might be in luck).
Same remark as above: your staff that can gain access to it, might be tunnelling into their machine at work or might use credentials and settings on an office machine at home as well.
DNS
reverse mapping of IP to names is far too easy to spoof, don't try this.
Login/Password
This is a relatively easy solution: allow access from anywhere, but give authorised users a login and password and let them have access after being logged in properly.
Security: It's non-trivial to get this fully secure, there's plenty of opportunity to make errors in how the application works so that it becomes a problem.
But if you have to have a zero footprint on the clients, this is your best option.
Add in 2 factor authentication to increase the password security and make passing on passwords a bit more difficult.
TL;DR
I'd setup an OpenVPN based VPN, they are relatively easy to setup, the clients exist for most OSes (take care not all: e.g. iOS: I don't know of one) and it'll give you more than average protection without you having to delve deeply into the details of encryption protocols and the like.
Still there's a learning curve, but there's plenty of tutorials out there that don't assume much prior knowledge either.
For your clients you setup a certificate-based authentication system using EasyRSA (included with OpenVPN). It's a bit of a habit you need to create, but once setup properly, adding and removing users becomes relatively painless.
On your server all you need to do is make sure the http server only binds to the IP address of the tunnel interface.
I don't know if I can ask this here but well.
I have created my software, it's developed in php 5.4, laravel 4, xampp v3.2.1, and I work the software local (localhost/public/something).
So my question is:
If I want to sell my software, how can I install it in the pc of a user?
I dont know about servers, but I think it's better to have the data in a free server isn't it? Any recommended tutorial?
I don't want to install the xampp server to the client and all the stuff of a developer, just install the software and have it easy for the user.
Any help will be grateful.
You can't sell PHP software with the expectation that a user installs it. This is functionally possible but involves so much setup that you'd never guarantee a user would be able to use it on even a small range of systems. They'd have to setup a web server, database server, all the various connections etc. or you'd have to write an installer which did all that for them.
You're also disclosing your entire code base to any user who buys your software, which means there are no mechanisms you could use to prevent both your software and code being shared freely - which is nice if you're writing open source, but not if you plan to make much money.
The best way to sell software in the form of a website is to provide a restricted user mechanism such that you can enable or disable a users' access via a website, and control this access based on a subscription or one time sale to the customer.
You're speaking of xampp so it seems you have created a website/application. Hence you should not have to "install it in the pc of a user". A website is made to be available from any machine with a browser.
Xampp is a local server on your computer. What you need is a server to make it available to other person than you.
You have a wide variety of possibilities to host your code and make it available:
Shared hosting
IaaS/PaaS hosting (http://www.tomsitpro.com/articles/paas-providers,1-1517.html)
You'll also need a domain name to make it reachable (ex: stackoverflow.com)
I'm trying to set up PHP websockets on my website. This works great on my local WAMP server, but on my website I keep getting a warning:
unable to bind address [98]: Address already in use in"
I tried various libraries, but they all return this error.
My guess is that the port I'm using in isn't free. The problem is, that I cannot access terminal since this is a shared server (according to phpinfo() websockets are enabled, btw) so I can't look for free ports. Also tried to use port 0 - but no luck.
Thanks in advance!
EDIT:
For instance, this is some code using https://github.com/Flynsarmy/PHPWebSocket-Chat
// start the server
$Server = new PHPWebSocket();
$Server->bind('message', 'wsOnMessage');
$Server->bind('open', 'wsOnOpen');
$Server->bind('close', 'wsOnClose');
// for other computers to connect, you will probably need to change this to your LAN IP or external IP,
// alternatively use: gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME']))
$Server->wsStartServer($_SERVER['SERVER_ADDR'], 9300);
Well, Bluehost site writes: "We block access to certain ports to help avoid having security holes in the firewall...Purchasing a dedicated IP will allow us to grant you access to the ports you will need to run your specific services on.". The technical support guy told me otherwise. I guess case is closed. Thank you all for your time!
talhof9 I went through similar pain in trying to configure my shared hosting service, I didn't find a direct solution to get a shared *AMP server to support WebSockets, but I found a workaround that will at least let you test the commercial viability of the solution you are putting together (if that is indeed what you are looking for) without paying for all the headache of setting up,configuring and administering your own VPS.
Check out http://www.pusher.com for an easy websocket deployment library, that uses their Node server. The free sandbox version lets you play around to get it working, and once you want to test commercial viability you can upgrade to a paid plan.
Hope this helps!
(note I do not work for Pusher)
Most probably your hosting provider has, somehow, disabled PHP sockets. This makes sense because PHP is used to process webpages not create daemons and you're probably using a regular web hosting plan (not a dedicated server).
I would check in with your hosting provider - support forum or just call them.
I have written apps that run on both iPhone and Android. They make calls (HTTP POST requests) to a PHP script on my Ubuntu server that retrieves queries from MySQL server there, etc.
Basically I want to encrypt these messages going back and forth. I have the additional constraint that I am on shared hosting and so do not have root (or sudoer) access on my server.
What is the best way to implement this? I don't want something where I have to pay verisign for a cert (I know very little about security). I am thinking it will somehow involve a public/private key scheme, but I am not sure what is the best method for this.
any thoughts? thanks.
If you are on a shared hosting server, it is likely a bit of a challenge (and, depending on the provider's setup, impossible) to secure your keys from other users. Plus, reinventing the encryption wheel is generally a bad idea. So I wouldn't go that route, especially if you aren't knowledgable about security.
The easiest solution is to use SSL. If you really don't want to get a cert from Verisign (or Comodo or whomever), use your provider's default SSL cert. If they have things set up so that your SSL server will use a cert for https://www.YourHostingProvider.com/, then you should be able to make that work, perhaps with a bit of homework. (MediaTemple is set up that way, where you get their cert if you don't have your own. Not sure about other hosting providers.)
Do try to educate yourself about the elevated risks involved in doing this on the cheap. For example, depending on the setup, it's possible that anyone else on the shared hosting service could impersonate your site if they are sufficiently skilled and determined, since they may have access to the same SSL private key you're using.
If you're securing game high scores or something, that will probably be OK. If you're securing credit card numbers or people's personal health information, this is definitely not the way to go. You don't want to store that kind of information on a shared hosting service, and you definitely don't want to be so resource starved that you're reluctant to buy an SSL cert.
I want to develop software that will allow people to log in and pay a bill. The software will have to connect to a server hosted at a client (could be many clients) and retrieve some information. The issue is that I want to make it work in any scenario. Similar to the home remote control software like goto my pc. I have no gurantee of the setup for the client only that they have a windows based server and and internet connection. I would like to install a piece of software and have it connect to the server and wait for information. I really would like to use the simplest software possible such as PHP.
Thanks
I want to develop software that will allow people to log in and pay a bill.
That is a requirement. That is fine.
The software will have to connect to a server hosted at a client (could be many clients) and retrieve some information.
That is a specific technical solution to the above requirement. And not a very good one I might add.
So. Do you want to know how best to solve your requirement, or do you want a technical explanation about how you could implement your (totally misguided) proposed solution?