As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I have an application based in php and mysql which is to be hosted on localhost at their organisation for some of my clients and on a web server for others. My concern is how can i protect and secure my code on localhost? i simply do not want any person with even a little programming knowledge to be able to look at my application code. The fact that the code will be on localhost in the www/public_html folder on one of the organisation's machines acting as a local server is what is driving me paranoid about my code being stolen.
Can anyone suggest some techniques to achieve this? Password protection? or other best practices?
And i would request the community members not to immediately close this question deeming it to be ambiguous or out of context. I badly need some expert suggestions on this.
I went through the very same problem than you. I know, it's a design flaw in your project. You just shouldn't be "installing" your software in clients' computers if you designed it to be accessible online.
But sometimes we just have to. We had this amazing webapp, kind of expensive and with not many clients. Whenever a new client insisted that "it needs to run even if the internet's down", my boss sold it anyway and we were told to just configure the client's pc to run as both server and client. Whoever did the project should have considered this possibility and should have chosen some technology that could create an executable instead of plain text code.
We chose to use Zend Guard to secure our code. It pre-compiles your code for you, but it only works with PHP. Your xml/txt/ini/css/js files will still be readable. We had some xml configuration files that we wanted to obfuscate, but couldn't.
There are some other software that also do that, just search for PHP Code Obfuscator
They are not free (kinda expensive you're developing it on your own), but shouldn't be expensive for your company.
Just have in mind that what you are doing is just a workaround. This is not completely safe, nor is recommended. PHP is meant to be used in a server, not in your client's machine.
localhost is always the machine you are currently on. I see very little you can do to protect files stored there. Any sort of protection may cripple the correct functioning of the PC and the application you're making.
PHP is supposed to run on a server, your source code is automatically protected.
Expert suggestion: you're doing it wrong.
Look at some code encryption/obfuscation software like Zend Guard. They are paid, though.
"look at my application code" and "my code being stolen" are two different things.
Since php is a scripting language, the code needs to be in the server that is going to run it, the fact that is localhost is irrelevant. If you want to protect your code from being "looked at" you can:
obfuscate it. But is only a matter of time if someone is really interested.
encrypt it. You can request a password when you start the server to decrypt, but this is going to require big changes and affect performance.
However, if someone wants to steal it, and don't care how it looks like because it doesn't intend to modify it, maybe to save licences costs, then they just need to copy paste the code, no matter how obfuscated or encrypted it is, and make it run. Anti-copy techniques are out of the scope of the question, I guess.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm creating live chat application that should be part of my website. Website is fully developed using PHP. Now the problem is I'm in dilemma what would be the best appropriate tool for live chat application platform that will become part of my website. It should use Users from my website and share Session with PHP application it's part of.
I did some research and as I thought - PHP+Apache is not really the best tool for development of applications based on web sockets like my live chat is. Other platforms like Node.js looks like the right choice but I'm not sure how easy it will be to make Node to share resources with my PHP application.
I'm interested what approach would you use for situations like this? What architecture of the system would you implement?
For the end I want to tell you that my PHP website is MySQL based and I'm using knockoutJS for client-side implementation. It will use SocketIO on client-side because of it fallback strategies and support for non-HTML5 browsers. I know it can be used on server-side too but I'm doubting between it and Node or some other solution currently unknown to me. That's the main reason why I'm asking this question here. There is a small possibility that it will be running on shared hosting but I fully understand problems with shared hosting and socket connection (closed ports, no-SSH for installing Node etc.). If you have suggestions regarding this possibility - write it down. Otherwise just forget about it and answer like it's going to run on VPS.
Thanks.
If you plan on using node.js, there are solutions out there to help integrate node.js into your existing php environment. (e.g. Sharing PHP sessions with node.js) Node doesn't play to well with apache, so you will probably want to look into switching over to Nginx and PHP-fpm.
Personally to get this running "well" that is a good amount of changes for just a simple "chat" application. I would probably look into integrating an already developed solution Comet Chat. Or if I wanted to make it a little more customized I would build out something that uses an existing architecture on a separate platform. Firebase is a pretty awesome service that just came out that looks like it would fit your needs perfectly. If this worked out as a good solutions for your users, I would then work implementing something custom built in Node.JS.
A in-house solution would start with evaluating the needs for your server. How many concurrent connections do you expect? Do you have control over low-level Operating System features. Open socket and open file limits seem to be major contributing limitations to shared hosting plans. So you may need to evaluate different hosting plans. A good PaaS solution for Node & PHP is AppFog. Appfog is free for up to 2gb and 10 instances, which may help you get started. If you want total control I would recomend a dedicated server, or something like amazon AWS.
Then you will need to evaluate your architecture. Like I said, Nginx does a pretty good job how serving both PHP and node.js, but there are many more options that may better serve your needs.
A good place to look and start learning is the source code of Ballons.io. It is a very well written open source chat, and it leverages redis, which is a common solution to session management between PHP and node.js. Best of all you build the source on AppFog, and test out some in-house solutions and code in minutes without any cost to you!
Good Luck!
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I really would appreciate some concise advice.
I am about to embark on a project where we will be maintaining a lot of property data.
We intend to build the application with a RESTful interface so that various clients can connect. ie web app, iphone app, 3rd party api etc.
We really want the app/api to be fast, responsive, solid.
However, realistically we only have a certain amount of in-house skill-set and want to make sure our thought process is heading in the right direction.
Our core knowledge is PHP so our initial idea is a LAMP stack (maybe replacing mysql with Postgres) with Memcached. We are likely to use Laravel framework too.
However, we are toying with the idea of writing the software in RealBasic (similar to VB but proper OOP) and create bytecode. This would include the http server too - all be it simple compared to apache.
Is the latter overkill? Are we making it harder in the long run as our own http server will probably never compare in speed to apache.
I would really appreciate some thoughts.
The only way you would want to use a REALbasic HTTP server is as an app server sitting behind Apache -- it would be crazy folly to run a public-facing web site on some slapped-together HTTP server written in any language -- so you'll have Apache (or Nginx) in the mix regardless.
REALbasic can work quite well in that role. It compiles to machine language, not bytecode, and your HTTP server would be built on its asynchronous single-threaded server socket framework, so performance is generally excellent.
That said, I doubt it would perform any better than PHP backed up by caching (Memcached, etc.), and PHP is a much, much, much more mature technology for web development than REALbasic, with none of the obstacles or limitations you will likely encounter if you attempt a REALbasic-based solution.
I'd say PHP is the safer and better choice for you, in this case.
(Caveat: I wrote this answer while taking a break from writing a web app based on a REALbasic HTTP server, development of which has been nothing but sheer pleasure -- REALbasic is a lovely language.)
I'd stick with PHP if that's the skillset you've got inhouse.
There's always the option of compiling the PHP code using HipHop if really does come down to needing that kind of performance.
Writing your own web server sounds like a crazy idea -- if there's any single piece of software on your system where it's a good idea to have something that's well tested and secure, it's the web server. Writing your own is unlikely to perform as well as something like Apache or nginx even if you do write it as lightweight as possible, and it's almost certain to have major security holes.
Creating the web server using Real Studio is not all that crazy as you have a number of ways of going about it and you don't need Apache or IIS to do it. You can create a console app whose sole purpose is to provide the API to your apps or you could create a Web Edition app that can also serve web pages. It really depends upon what you want to accomplish with the web side. We've done both for a number of clients and it's worked well for them.
But, since you're already familiar with PHP I would say stick with what you know. Learning Real Studio isn't very hard but it's still a new skill set with all of the requisite bumps in the road for the things you don't know (yet).
Do you have a solid reason for writing your own webserver? If you don't need all the bells and whistles of Apache, maybe you could go with something smaller, e.g. nginx. Also, if you want to go with Linux I'd say that Basic (or any dialect) isn't the greatest idea. If you need bytecode, probably Java would be a better choice.
This is certainly not part of your in-house skillset, but for fast, lightweight RESTful APIs, I highly recommend Erlang and Cowboy
Erlang is a functional language used by telecom companies to run telephone hardware. It is highly fault-tolerant and, in my opinion, very expressive. It's optimized for concurrent execution, so you get all the benefits of multithreading without the headaches.
Cowboy is a webserver written for erlang. It's extremely lightweight, efficient, and easy to code for. I use cowboy to serve roughly 25,000 RPS per datacenter (~1200 RPS per machine) and it has never let me down.
If you're not going to use erlang, you're better off using apache or nginx. I would only use RealBasic if you're not writing your own HTTP server for it (just handlers).
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
What I want to do is, to work on my projects from "everywhere" with internet connection
I tried followings:
Tried to connect from my office to main PC with remote desktop apps like: Team Viewer, etc.. It's very slow and boring. (Seeing what I typed after 2-3 second delay, and it's really annoying)
Carrying laptop with myself also not good idea. (It's weight about 4-5 kg.)
Flash drive also not good idea... All my projects together is about 20-30 GB.
The only comfortable way for me is: web based IDE (something like Netbeans, I mean in-built project management,etc.. BUT web based).
I was looking for Web based IDE which supports PHP, HTML, JS and other various languages. My main PC is always connected to internet. So if there is any good open source (or free) solution, I can serve this IDE either from my webhosting account or directly from my PC. (For ex. this service http://c9.io/ is exactly what I need. But there are some problems: 1 its paid. 2 I don't want to host my projects in third party servers. I need something like that, but want to instal such system on my own servers )
What do you think about this/what's your suggestion? Thx in advance...
You should check out Codiad - http://www.codiad.com - you can host it on your own server, configure it to do what you need, and access it anywhere.
If you want to work on a project from anywhere, then you may want to look at using a decentralised version control system like Git instead. Advantages is you can work on any machine with Git and an IDE or text editor, and not relying on a third-party, web-based service that can do anything with your data or may disappear overnight.
As an alternative way of solving the problem: All my projects are hosted on GitHub. I split my work between three computers. When I sit down to work on a project I run git pull and any changes I’ve made on the others get pulled down. You won’t have to re-sync all 20GB of data, just the bits that you’ve changed. Then you can continue to work using native OS applications.
You can install Git, for free, on your own server.
So you want a free web-based IDE that allows you to set the project folder in your own server? That's doable I guess, but I am not sure whether anyone has done it yet.
There's always vim though. I use it a lot and, while there's somewhat of a learning curve to it, you can use it anywhere there's a console (linux or putty on windows) and I think it has all of the features you've mentioned.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I have been having this debate with my boss for a long time, now I am having doubts about myself.
We work in a small team, with basically just me as a web developer and another assisting me when I need to do grunt work :P
My boss is trying to make me work on code that is directly on a test server, so he can check up on my progress...
I am insisting on working locally then uploading it when it's more stable, kinda like patches, because I don't want testers (my boss or sometimes even clients themselves) to see errors that are bound to happen while i am coding... and I save very frequently so working remotely means slower saves <_< which I find annoying.
So any opinions guys?
Its best to code on a development server (bascially local) and once you are finished with your code and tested it push it to the live/test server.
It's a very bad habit to develop directly on the live/test server as you are bound to get conflicts with other developers.
As you are working with another person you should also implement a revision control system. (Well basically even if you're developing solo you should. I also got one for my private projects as ist just makes it easier to revert mistakes.)
If you got a revision control system you can agree with all developers to only chek in changes that has sucessfully been tested locally and then create a commit hook that will update all commits to the testserver automatically.
So every time the revision is updated the test server follows while between commits the testserver stays stable.
If its a private test site, it all comes down to what the client wants. I've worked both situations, and the latter does upset me more but sometimes that is what the client wants.
The (Client) want to double check every hour and then complain when something isn't even finished. Its not fun, I would ask him if you can move towards a local development, and push patches nightly or something.
Though the advantage of developing on a test server is you can notice problems that you might not notice until production. It has its up and downs. I usually develop locally and try and push my changes to an identical setup test server to check for any strange errors once a week.
You need to work localy and periodically commit Your code to web-server. Some type of CVS must be installed on the server.
That so You can crash anything localy :), fast upload results to server and have 'undo' option in 1 click if something will not work on web-server correctly
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I need to develop a CRM system within 2 months recently. But I'm still a student and have no experience in developing such a complex system. I did alot of researches on how to develop a CRM system, but I face some problems on designing the system.
The problems that I faced are:
Does a CRM system use any framework for development? (eg: DooPHP, Yii, Zend, and so on)
How to ensure the system is secure? (use OpenSSL?)
What are the non-functionality that I need to bear in mind?
For your guys information, the CRM that I gonna develop is for a small company use. However, I hope that the system is fast in response and secure, as this is what we want when using a web application. It is ok for me to use PHP, JSP or ASP.Net.
If anyone developed the similar system before, kindly share your experience with us. If possible, share your code here.
Thanks...
A CRM system can be quite complex. In fact, I worked on a custom CRM system and the codebase is literally by far greater than 100000 lines of code. Two months can be challenging depending on what functionality you'll need.
Using a framework is up to you. I once tested XAF from DevExpress which aim to help at classic CRM/LOB tasks unless some details get not too complex. OpenSSL is only an implementation, but if the data should be safe, then one key point would be using SSL along with good authentication and authorization. Number three: that depends. A good logging framework is always worse the work.
Have you considered using an open CRM system to start over with? There is jfire or vTiger for example.
I think the best way to understand one system is to review some open source projects:
http://www.sugarcrm.com/crm/
http://www.opencrx.org/
And much more :
http://www.focus.com/briefs/top-10-open-source-crm-solutions/
Your CRM should be easy to implement but don't take anything for granted. You will have a chance to learn a lot of things in terms of language features and technology when developing such software. If you are looking forward to it, not a problem, you can easily do it.
As far as your questions.
CRM Does not have to use any framework. If you are familiar with one, good for you. You can use it to your advantage and it will be helpful.
Stick with common security features that are used in any language, particularly the language that you use. Do not be obsessed with it. You will learn a few things as you go.
No sure about the non-functionality. But be careful to stick to the features only. Do not overdo things that will increase complexity and the time it will require to complete. Implement what is asked for.
Any language will do. I personally like PHP. ASP.NET can be quite challenging. There are a lot of things that you think will work and they are quite pain to implement (if you are not a guru already). So depending on your experience and if you worked with any software development before, it is not daunting but to be honest, you must have some somewhere development experience. There is nothing strange in it.
Make sure you are well familiar with basic data types such as float, double etc. You can introduce big errors if you use them wrong.