I am building an internal system for a small business and one of the requested features was to be able to go in to different apps by clicking a button on a web page.
So for example when you click on the icon for Coda it will open and be useable.
This does not need to work for Windows, only on Mac OS Mountain Lion!
How could this be done? or can it not be done?
Two options:
If the app can be opened using a registered URL schema, you can use that. For instance, an ftp://... link opens the default FTP application, a news://... link the default news reader. You can make up your own URL schemas. An application typically needs to register itself for a certain schema for this to work.
If that is not an option, you pretty much have to install a plugin in the client's browser that can do this via any mechanism it wants.
The problem that you face here, is the way binaries and the web works. Compiled applications like cocoa apps will only work if at least their starting binaries are there. But this basically means that the user already has downloaded the binary.
Furthermore, these apps will create their own application preferences - so a downloaded version of Coda will have no license.
And if the user has downloaded you binaries, what will stop them from using your software forever? (Just apart form license problems with the authors of said software).
So, the only thing that you could do, is to present them with some kind of VNC like client that will grant them limited access to an environment that you have under control. But writing that is way out of scope for this site.
(I assume, that the application are not already installed locally, but be usable from the server).
Related
This is more general design kind of question. My major project is to create native app for Firefox OS. Which therefor means JavaScript, jQuery, HTML5 and css. This application should have several functions. But as a general design goes I need local html,css,js application running under firefox OS with ability to access server php scripts and mysql db, but because application is running on client side, I have a major problem with communication between application and server. Which technology, language, API or JS functions could I use for Login check, registration, messaging. How can I access server from local (on PC or Mobile Device) files. There is possibility that I'm missing some point or that my whole understanding of the problem is wrong, but is this possible and how?
Apps are built using standard Web technologies with additional metadata that allows the User Agent to discover, install, launch, and grant them additional privileges.
So says MDN.
The usual way to interact with remote, shared databases is to place a RESTful HTTP front end in front of them and access that with JavaScript/XMLHttpRequest.
XHR, WebSocket or TCPSocket.
FYR:
https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest
https://developer.mozilla.org/en/docs/WebSockets
There is no TCPSocket document on MDN, but you can study gaia email app.
https://raw.github.com/mozilla-b2g/gaia/master/apps/email/js/ext/gaia-email-opt.js
I recently built a web application for my company, and now they want it to support an offline mode. To complicate things, my company is very concerned about security and does not want me to use Xampp or Mamp. The application handles sensitive data and they think these programs will somehow make the data visible to the outside world (although I'm entirely sure this would be the case).
Anyways, I'm looking for a way to allow my application to run offline, and to also support the following technologies: PHP, MySQL, jQuery. The most difficult part of this is I need to execute PHP code outside of the typical server environment.
Can anyone please give me some advice on how I could implement such a system, and any associated vulnerabilities that I may face in terms of security and data storage?
Assuming you're installing this for an individual user on their machine - your best bet is to install apache/php/mysql, and configure apache to reject connections from any remote IP address.
The environment should be basically identical to your current application, but with only 1 user in the system.
There are some strange points in your question
now they want it to support an offline mode
Well, that's easy enough - get familiar with html5's offline features
To complicate things, my company is very concerned about security and does not want me to use Xampp or Mamp
Have you deployed your web app on a desktop machine? Or do you mean you are forbidden to use a webserver?? Xampp/Mamp are development tools - your public facing applications should be on a machine configured specifically for that purpose with a webserver running apache/nginx/iis/PHP5.4-builtin/whatever you like.
The most difficult part of this is I need to execute PHP code outside of the typical server environment.
How is your environment none-typical? Mike mentions php-gtk - but IMO you shouldn't go down that route unless you're requirements are "desktop app" + "absolutely must be written in php" - which is unclear from your question.
any associated vulnerabilities that I may face in terms of security and data storage
Well, anything you put in local-storage on a client (browser) the user can access - just bear that in mind. Don't send sensitive data to what is, from your perspective, an insecure and pseudo-public location i.e. some user's browser cache.
If you want to run html/javascript, you will probably need to run this in a server/client environment because a browser isn't capable of running the php and the php app as a stand alone app needs something to parse the html/css/javascript ( it needs the browser for it's presentation view ).
Best course of action is to put the application onto a server that you control access to. Set the access controls to specific IP addresses only, or even better if you can run it off an intranet behind a firewall where no one outside the network would be able to get to it.
PHP can run on a desktop environment, but they key here is that it won't run the javascript/html you use to display. You could use php with a third party library like php-gtk to make a desktop app that doesn't need a server or browser, but php-gtk doesn't have the best support.
If the application needs to store data for other computers/users to access, then it needs to be on a network. If it doesn't need to do this you might consider using a different programming language geared toward desktop applications so you can keep it entirely offline ( such a java or .NET ).
I have written a utility that requires an installation key for uninstallation to ensure that only authorized users are uninstalling. After logging in to our website, the user will be presented with a uninstallation key, but then I would like to also launch the uninstallation wizard on the clients computer. I know this is possible, as I've done it before... just don't remember the code, nor did I save it.
Thanks in advance for any input.
PHP runs on the server-side and has no control over the client whatsoever. Neither can you use JavaScript to launch applications due to security reasons.
The only way you could do this is by using an ActiveX control or some kind of custom browser plugin. Or, if your uninstall wizard has registered some protocol handler on the client (say myuninstall://) then you could use JavaScript to redirect the user to a URL of this protocol, which will in turn then launch your program.
Assuming Windows, you could tell your installer to register a custom URL protocol with a custom scheme for uninstallation. Then your php app could present a link using the custom URL scheme (uninstall-my-product://12345678-ABCD).
Users without your uninstaller would see an "i don't know what to do with this protocol" message. Users who had installed your product would launch the uninstall program.
You could accomplish a similar function by delivering a file type which was registered to open the uninstall program.
If you're using a commercial installation program, then in both cases it would probably be easier to write a little launcher application to run the uninstaller, rather than modifying the uninstaller itself.
We have a sharepoint instance on our network that we get automatically logged into by logging into Windows. (they do not get prompted to log in)
We have another web application that requires users to log in but it currently has it's own username/password setup.
Our goal is to get the other application (which we have built) to act the same way sharepoint does - if you are logged into windows it will log you right into the application.
Where do I start? (I assume this will require LDAP)
Any guidance would be greatly appreciated.
Our setup (windows):
Windows
IE7 & 8
Windows Active Directory managing users/password
Our setup (the other application):
RHEL (could be Windows Server if really necessary)
PHP 5
Apache
mySQL - username and password are stored in mySQL
Update:
Maybe a drawing would help: Look at this
You are looking to implement NTLM Authentication in the PHP application, see my prior answer on this:
Can a PHP intranet share Windows logins?
If your other web application uses Windows Integrated Authentication (NTLM or Kerberos authentication or even basic authentication) then it can act the same way. Depending on the browser, it can automatically remember and log into sites using one of these methods. Each browser may do it differently, though. IE has settings for automatically logging in based on the zone (Internet, Local intranet, trusted sites).
You would not necessarily need to have the have your other application use the same user store (AD/LDAP), but it would likely make sense.
I am about to deliver an Adobe AIR app to a customer.
But it's my first delivery of any sort, I.e. I have
no experience whatsoever with licensing etc.
Users of this app may or may not be online, so
can't count on that. In fact it's 99% sure that
they will be offline.
Nor do I expect them to very tech-savvy, who will
spend enough time scouting for ways to "crack" it.
So, is there an okeish type of way to protect this
app. That is, I don't want people to simply copy
the installation folder, take it to another machine
and run it. It should be slightly harder than this.
Oh, and I am also using PHP and MySql, with which
this AIR app communicates. So anything you guys could
help me with is very very welcome.
protect the php api and not the frontend app. have a license key which is bound to an ip address and authenticate the request (which contains the key) is coming from the correct ip.
If you want to protect your Flex app you can use irrObfuscator. There is a 30 days free demo.
If you wish to obfuscate your PHP code I would suggest ioncube. There is an online obfuscator that you can pay per à-la-carte. Pretty usefull. Tho you need ioncube loaders which is a set of PHP extension that you will find into the products section. Not sure but I think you can install loaders without playing with PHP config so it's shared-hosting friendly.
You can not protect anything that's webbased or javascript based, purely because there is complete sourcecode.
Anyone who knows how to use 'right click' could copy your files. You can obfuscate your code, but you cannot protect it. If you think that this shouldn't be possible, write a desktop app in a 'real' programming language.
When the app installs, I would do the following:
Create a file in "app-storage" that basically indicates the app has been installed.
Fire off a service call and make a record of the install
Change a file in the app directory to indicate the app has been installed
On subsequent startups, check for the presence of the file as long as the file in the app directory indicates the app has been installed. If you see the customer keeps installing their app over and over, this could be flagged in their account and appropriate action taken. If you want to get fancy, the file in "app-storage" could a one-way hash of some information from the file in the app directory (install date?) plus some value baked into the AIR application.
In general, I think the key here is to trust your users and not make the assumption they are trying to steal. You want to make the system as painless as possible. It does not build a good relationship with customers when you treat them like criminals, so creating an "ironclad" approach probably isn't even the best idea.
I think pretty much the only good way to do this is to require activation after installing (online activation, with a phone backup).
From what you're saying, it seems like the backend is installed on-site and would not be able to provide adequate copy protection.