Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions must demonstrate a minimal understanding of the problem being solved. Tell us what you've tried to do, why it didn't work, and how it should work. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I intent on creating a PHP application that regularly calls into an ASP.Net website to check for updates and then make another call to download updates).
I will be using SSL for transport security.
The clients need to be PHP as they run other bespoke bash commands.
I will need to download data and I've not decided what form.
Can anyone please suggest for my .net application:
How to restrict access to the server (I won't know incoming request IP's)?
The best structured data transport mechanism? maybe I could use JSON?
nb. if I can create a web service that PHP could consume that's even better!
Using JSON is definitively a good idea. It's less verbose than xml and fit particularly well with object oriented programming.
For your authentication issue, you could pass over each request an authentication token (a random string) that only your web service and your PHP code will know.
This is safe since SSL will encrypt the request and your auth token will never be "clear" on the network.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I'm trying to simulate a web browser in order to log into a secure site, where the site's backend seems to be written in some mix of PHP and ASP.NET, and retrieve some user details.
In order to fit my own project, the simulation results (i.e. the user details) must be returned to a PHP script for processing.
So far I've been working with CURL in PHP to do this, and realised that the site is far too complicated to use CURL effectively, and this method is far too slow to develop. What I would like is some sort of browser simulator that can:
Execute JavaScript
Submit forms
Click links
Handles cookies
Uses ASP.NET postbacks
Can access the DOM
Basically something that behaves exactly like a real browser, and can return the page source to me.
I've explored the Snoopy class in PHP and Capybara in Ruby. If I don't get any better options I will be forced to implement with one of these.
You have two options:
Use a headless browser. This is basically browser without any graphical output, which can be controlled via. code. You can check out Selenium and PhantomJS, there probably exists bindings for your language of choice.
Reverse their site. Do the login flow and actions needed to get to the resource you need, and look at the network traffic, for example with Chrome's developer tools. Look at the requests, headers and form data needed for the endpoints in question and emulate that in the code.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
We are currently moving a lot of our code to use the api we've developed instead of making sql calls from our php. There will be a lot of functionality to test once this happens. I was wondering if you know of a good plugin or software to use to track and replicate and action (such as registering a user, the logging in, posting a comment, etc). I know there is software like selenium, but I've heard that it would be more of a hassle to setup than it's worth (for what we need it for).
I basically want to create a script of my actions on our stable build, then run that script on the build that is using our newly implemented api build that uses a different database, then come the two databases to make sure they have the same data.
Any suggestions would be great. There has to be a chrome plugin or something, but I haven't been be able to find it after a few hours of searching.
If these are web service calls to your API, you can use curl (on the command line or within PHP) or even Guzzle as it's just an HTTP Client for communicating with web services. What you are describing is testing your app, which is common. There is nothing trivial or easy about full test coverage so prepare to spend some time setting this up and working out the kinks.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Improve this question
I'm developing an application composed of two elements: a simple PHP server interacting with a SQL DB and a client which on certain events will send information to the server to log.
I would like a way to somehow verify (on the server's side) that the incoming query is indeed coming from my client, because there is a possibilty that someone will decompile the client file and see how I connect and send commands to the server, and that would let them inject false data.
I have no idea how to do such a mechanism though simply because anything I implement in the client could (theoretically) be viewed after decompilation process. Or maybe obfuscation is a solution in this case?
If someone is intrepid enough to decompile your client, they will simply write their own client using your mechanism and there's no way you can distinguish the two. No amount of "authentication" will stop that. (Like for example, if someone gets my private SSH key, game over: they are me until those keys are revoked.)
The best you can do is make it hard for them to decompile, detect intrusion, and limit damage. Some ideas, but you really should consider the attack patterns you expect to face:
Only allow the client to execute certain commands with certain parameters
Do not allow any more than the expected number of commands per time period
Limit the IP from which those certain commands can come
Be able to revoke client privileges on the server
PS: Expect this question to be closed or at least downvoted. It's not about code, but about design.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I made a PHP based webapp and a customer of my needs it on his website. Now I want to put the PHP code on my server and let the customer's website include it remotely. How do I set this up? And can I restrict the acces when the customer doesn't need the app anymore and is it secure?
There is nothing such as remote PHP. Doesn't work that way. However you can setup some API to communicate between the two servers on backend. You'd still need both servers to be capable of this interaction, that means both servers still need to be fully functional. And if your code on client's server can talk to your API on host server, then they can take that code and see how it interacts with your host and replicate it.
A very simple solution would be to put the PHP-generated content from your website in an <iframe> on their website.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I do quite large project for a client and I would like (somehow) to secure code form event that mid dishonest client was not going to pay me for the work. :)
The contract is written that the project must provide application with a sources.
So far I mostly been writing in .NET where I was protecting myself against such an eventuality in way that I was creating class witch get POST some parameters with shutdown application. This class was thrown into a dll witch was already compiled, so no one could change the source.
Is there a similar possibility in PHP? I can do the same thing (as in .NET case) but clever customers with access to PHP can find above class and I just cut it.
Maybe it is some other way to secure myself?
Suturing of the database also eliminated for similar reasons as above.
PHP is an interpreted language; as a result, it doesn't compile your code. Your best bet is to stick with .NET, where you can compile the functional part of the application into a .dll, or use Java and compile it into a bytecode.
PHP wasn't built for compiling.
What you can do is probably host the application on your server till the client has made a payment, and then upload it to the client's server.
Or you can make it downloadable from your server (only after payment), along with configuration scripts that is configurable by anyone with a few clicks of the button; something similar to the way some of the PHP frameworks (e.g. WordPress) work.
You can protect your code with Zend Guard (http://www.zend.com/en/products/guard/).