I'm working on a project where we have jobs submitted via a web interface (backend is PHP), and those are to appear in a queue (rabbitmq backend) on a server across the WAN. I have the PHP producer working fine, without any kind of authentication or encryption.
I'm currently working on implementing some kind of authentication (we don't want anyone submitting jobs to our server all willy nilly).
However, I can't find a way in any of the PHP libraries to use SSL [I partially have it working on the server, but can't get the client]. I want to avoid someone being able to traffic sniff and get our credentials, and possibly submit jobs.
The jobs being passed are just IDs that relate to a database, so they're not sensitive, just the credentials are.
Is there something I'm missing? Is there an undocumented feature in any of these libraries? Is there one I may have not tried? The one I tried, and currently am using, is the one via PECL (php-amqp I believe).
After even more continuous research, I found another (newer) library, that may be of help.
https://github.com/BraveSirRobin/amqphp
I would still love other input, from others more experienced with AMQ and PHP
Related
I’m making new a static website for a client, and they are wanting a contact form that a user could fill out and it will send the enquiry to the clients email.
The client is currently using cPanel as their web host manager, on what I believe is an Apache server. I don’t actually know what server side language that it would be using as I don’t have access to their cPanel account.
I was initially thinking I could create a PHP script that would use the mail() function, and I would put that into the public_html folder with the rest of the static site, and so when the user submits a POST request, the forms action will call that PHP script.
But from what I’ve read, that isn’t the best way to go about it and instead I should be using an Simple Mail Transfer Protocol (SMTP). I have a vague idea of what this is from googling, but have no idea how to implement such a thing.
I’m typically used to creating sites with React.js/ Gatsby.js, Node.js, Netlify, and so I’ve had no experience with cPanel and the like.
Has anyone done something similar or has any advice? Any thing will be much appreciated!
I think the first step is to get many information as you could about the available server structure. It is very hard to elaborate on any good solution without having control and/or knowledge about the server-side: maybe a tool or resource you use for implementing an SMTP-based solution could not be available to you when deploying it.
You could try to argue with your client on the importance of knowing the server structure. Use arguments on quality of service, security, among others.
If you get the server information, consider use PHPMailer if the server provides you with the required resources and dependencies.
If you could not have that information, the solution you think first ( use mail() ) will probably work. Great discussions about the topic occurred here.
However, firstly ensure that the server offers email sending service. It would be hard if it does not offer that service, but it is a possibility.
Long time reader first time asker, if my question is silly or missing info or miss titled lemme know and I'll fix it.
Okay, so I'm working at a community center for the next 8 weeks as a tech help assistant, I'm also a CS student.
They have a web application that is quite old running locally on an iis server (version 7). It's for keeping track of their members, events and registration It's written in asp.net and is using and Access database. They also have a wordpress website (php, mysql, apache) for advertising events and sharing information about what's going on in the community.
What they would like is to link their wordpress to the local application. I've been racking my brain about if this is even possible or not. I'm leaning towards not possible because the local application and shouldn't be outward facing as it has sensitive data on it and was not designed to be secure in the face of would-be hackers.
The only solution that I could think of is create a "walled off" section of the computer hosting the local application. Also an outward facing port that accepts incoming data from the wordpress site that is then passed onto the access database as an update (increasing a counter for the amount of people registered to a program). It needs to be possible for a file to have some kind of global (from the web) executable permissions and have all the other files on the localhost computer locked down from this global permission.
We would also need to be able to get 2 boolean values from the local app for the wordpress site. This is for if the program/camp/whatever is full and if the update was unsuccessful in the event of something going wrong. I'm just not sure if something like that is even possible and where to start with that. The most important thing is that it's secure.
If a secure API could work I have time to create something like that.
I don't have enough time to upgrade their local system to make it safe enough to be online because I have to run tech help sessions. I know that is the most realistic option.
Thanks very much
What they would like is to link their wordpress to the local
application. I've been racking my brain about if this is even possible
or not. I'm leaning towards not possible because the local application
and shouldn't be outward facing as it has sensitive data on it and was
not designed to be secure in the face of would-be hackers.
I think you've hit the nail on the head right there. It looks like you have a decent understanding of the situation but not of their internal app. The fact is that it's hard to scope something like this without getting in and getting details. Step 1 would be to see if you can talk to whoever it is that built the thing and get their feedback. It might be secure enough to expose some sort of connection.
Really there's not enough information here to determine a good answer, and you should be wary of anyone that says it's secure. There are a ton of factors that go into web security.
You might be able to throw together a basic RESTful API with authentication to send only to the wordpress site's IP. But if it's sharing the IP that information can be consumed by third parties so you'll have to decide if that is an okay risk.
I wouldn't try and expose everything and partition with apache. A basic RESTful API with authentication would be best at first glance IMO. That way you only show consumable data and limit what can be used.
Alright, so here is what I am trying to achieve. I have a custom built Point of Sale done in VB.net. What I want to add now is a customer facing android tablet that shows the reciept as it's entered into the Point of Sale.
Brainstorming how to do this I came up with the idea to use a php hosted script (no problem as the POS has a mysql-php web backend on a local server) that would use server sent events to update the tablet. The issue I'm facing is I'm not sure how to update the server (and thus the tablet) from another client (this one being the Point of Sale).
I can't seem to find any examples other than clocks for server sent events, does anyone have a link to something similar or perhaps a better solution than what I came up with?
I had considered using an app like idisplay and just extending that way, but it doesn't support windows 8 which is what the POS is running. I also considered websockets, but I don't have a firm enough grasp of that to get it up and running. I could make an app for the tablet, but I don't really want to do that, most of my background with app development is on iOS and I don't personally like java as a development language.
EDIT 1: Alright, so I'm understanding better how I would need to make this work.
So far I have it working where I can input a $_GET variable to change the value and the next time an update is pushed it works properly. I just need to verify there's new or different data before it pushes the data.
Is there a better example than this http://www.html5rocks.com/en/tutorials/eventsource/basics/ concerning how to push updates on demand to the listening clients?
I already know quite a few tricks with Android java and I have an application that I need to sync with a web application. What it needs to be doing is connect to a server and sync database and download jpg picture uploaded by user. The web application should also be for more users each with his own phone and Android application in it, so it should probably be accesable via login and password.
My problem is that I have zero experience with web applications. All I know is a little HTML. So my question is, how should I start? What language do I use? And what basic structure or principle should my web application have?
Thank you!
I would recommend a PHP - MySQL solution. PHP and MySQL are open source and I know Java can interface with that kind of database. Both languages are well documented and PHP is similar to Java in that it is C-based, so if you know Java fairly well, PHP should be relatively straightforward for you. I would recommend heading over to Lynda.com and searching for PHP Essential Training with Kevin Skoglund. Lynda is a great online video tutorial site and you can access a good amount of the content for free. But if you're serious about developing this web application, I would make the investment (I was, and I did, and I am glad). That's how I learned PHP / MySQL for the most part.
First off, to do any PHP / MySQL development, you'll need to install a server onto your computer, such as WAMP (Windows Apache MySQL PHP - for windows), MAMP (Mac " " - for mac), or LAMP (Linux " " - for Linux), where you will be able to begin developing your application. This is your "test" server, or "development" server. For instance, I use MAMP since I am on a Mac. MAMP is free, as are the other versions, but you can pay for an upgrade. For your purposes, start with the free version. Essentially, *AMP comes with the Apache Server software, MySQL database installation, and PHP installation pre-packaged and ready to go with minimal configuration. From there, you can start writing PHP and MySQL and get your project rolling.
As a matter of fact, that title at Lynda.com, PHP Essential Training, will walk you through ALL of the steps I just stated, AND, uses an exercise project of setting up a basic Content Management System to include password protection, user login and authentication, as well as all of the essential PHP and MySQL that you'll need to go along with it. Seriously, check out Lynda.com.
Good Luck!
This is a very open question and you might get a huge range of different answers, neither of them perfect. However, I will try to put a simple response.
Have a single server and expose from it web services. This web services will handle the CRUD of the data (I will assume you will use a database and that you have experience with databases).
Web services is a big topic. If you want the simplest web services, and you're planning to use PHP, I will suggest using RESTful with JSON, since it will be very simple.
The web application should be within the same domain/server of the web services, at least for the beginning (if it grows, you can change this architecture), since that way you won't require using JSONP and just stick to standard AJAX (I will now assume you don't know what JSONP is, I will suggest reading: http://remysharp.com/2007/10/08/what-is-jsonp/ which is just the first result I got on Google just now ;)) and it will be easier.
You say you have experience with Android. I will assume you know how to consume web services using Java/Android. In case you don't, here's a sample of how to do it: http://www.codeproject.com/Articles/267023/Send-and-receive-json-between-android-and-php
Please note the PHP code there is pretty dirty, but as a "how to", I think it looks great. Only thing to note is: the sample uses HttpClient, while the preferred method is to use HttpURLConnection ( http://android-developers.blogspot.mx/2011/09/androids-http-clients.html)
Having said this, PHP + MySQL is standard. In the web app, you SHOULD USE HTML. Please, don't use Flash or Java Applets (I smiled a bit by even mentioning Java Applets in here). For all the communication purposes between the web service and the HTML client, I recommend using jQuery ( http://jquery.com/ ) with AJAX.
Don't go with a JSONP API unless you want other websites to be able to use your API.
This is only a quick approach created with the little information you have given. The more (and clearer) information you give, a better solution is likely to appear.
I used to work for a bank, that had a very cool feature in it's intranet. Once you logged in your computer, there were global variables set in PHP through Apache, and they contained the identity of the user that was logged on on the computer. Now I'm at a new job, and I'm wondering, how this thing worked! I would like to implement this kind of thing once again.
What I'm working with here:
FreeBSD server, version is unknown to me.
Apache 2.2 web server
PHP 5, some custom compilation, that for various reasons, I can't upgrade or modify.
MS AD
All of the users logging on to their computers are using active directory, all are in the same domain.
What I used to have was something like this:
echo $_SERVER['username']
which would print the username of the user currently logged in.
Could someone explain, how this could be done?
P.S. If any of my server settings are not what is required, say so, because then I will have a reason to ask the bosses to give me one of my own, with more control.
There's lots of ways this might be implemented. However a lot of them depend on having control over the client as well as the server.
Obvious sources of data include:
NTLM
Client side certificates
The Ident protocol (not very secure without the encryption extensions)
A long lasting cookie (again, not secure)
HTTP authentication methods
However none of these explain how the value appeared in the session - this must have been implemented within the PHP code.
So without knowing how it was implemented at your previous site we can't tell you:
Whether it was secure and correctly implemented
how to replicate the behaviour
Given your resource list, while it would be possible to implement authentication based on direct LDAP calls, passing the username and password through your application, I would strongly recommend using (e.g.) openId - but restricting the providers to just your openid provider - which would use the MSAD as the backend.
I did not understand correctly the question, so I edit my post...
you could use apache auth, you can make auth by ip's or hostnames
http://httpd.apache.org/docs/2.0/en/howto/auth.html