Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am building a small business which revolves around a complex form. So far, I've been developing the form in Javascript. However, the fact that js is client side pretty much means all my efforts are exposed to possible theft. I've looked into obfuscation techniques, but due to the fact that there are de-obfuscators out there, securing the intellectual property is dicey at best.
Is there any way to secure my js code from theft? Is copyrighting or trademarking the code a feasible alternative? This project is pretty much of a niche, so if a competitor who used similar code suddenly appeared, it wouldn't be all that difficult to check. However, if someone else used my code as the basis for a server side app, then I'd be pretty much screwed. If js is not a viable language to develop in, is there a server side language which could do the job? What pitfalls await the project on the server side?
Any help would be appreciated!
Here's how to secure your intellectual property from theft: Don't write your code in client-side javascript.
The choice of server-side language is a bit broad in scope, but if you prefer javascript you can implement your "secret/proprietary" functionality as a webservice using Node.js and then make calls against that from your actual form (either via traditional postback or via AJAX).
Assume that any Javascript code can be read by a human, no matter how much obfuscation you put in. If a web browser can interpret it, a human can.
Generally any sensitive data should be stored on the server side and any sensitive business functions/calculations should reside on the server side. You can still achieve the client side smoothness and feel by using AJAX to call the sensitive functions on the server side.
There is no "most secure" server side language. Use the one you're most familiar with and is most suited to your app. Web application security correlates with the developer and their knowledge rather than the actual language.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am planning to make a website which shows location information up.
The thing is, since the pages will be interactive to users and I am thinking of using node.js and mongoDB(pretty capable for node.js isn't it?).
Please recommend me which languages are fitting on node.js & mongoDB.
Python? or should I use jade for the development?
and plus, will be PHP Codeigniter helpful?
(I am used to developing with PHP and I am wondering if PHP & node.js combination is nice)
Thanks in advance.
Generally I'd prefer not to use two different languages for comparatively simple applications (if your usecase is simple). There might be usecases where you can't avoid this, for example you have to use libraries that only exist in either one of the languages.
I'd use Jade with ExpressJS as Backend, however I consider the template language to be a highly personal Choice. See http://expressjs.com/api.html for an ExpressJS example
See https://npmjs.org/browse/depended for a list of popular NodeJS packages. Some people prefer to use EJS (embedded javascript) or ECO (embedded coffeescript) or one of numerous other templating systems instead of Jade.
Please also consider to use CoffeeScript instead of writing the JS yourself (CoffeeScript is automatically converted into JS. It adds some neat features that are easy to get wrong when you're writing plain JS.
From a performance standpoint, NodeJS is best when you have many API calls that return a small amount of data. I've made good experiences with ExpressJS performance using Jade as backend.
I can recommend the NodeJS beginner book, however, this is, as always, highly subjective.
It's difficult for me to Judge if Python might be a better solution. I recommend you take a look at Tornado together with Jinja2 as template engine. NodeJS can sometimes get quite a callback hell, because of the way it does its asynchronicity, see e.g. http://callbackhell.com/
Note that in any case, for increased security and fast static file (CSS, JS) delivery, you might want to add a reverse proxy layer (Nginx usually provides better performance, but Apache works as well) before the NodeJS/Python server.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I'm a beginner web developer knows both PHP and JSP coding formats
I found lots pages on internet the all told that PHP is less secure than JSP.
but they all almost are old pages may be updated 2-3 years ago. Here I'm referring some forum links
Is JSP a good alternative to PHP [closed]
ASP - PHP - JSP ... which is better?
Now as every year new version PHP are releasing with lots of new features Like OOP, PHP Filters etc.
My question is that is PHP still less secure than JSP? if yes, than i want to know that what facts that makes PHP less secure than JSP. Please explain with examples if possible.
According to my opinion, It's the developer(means developer's code) who's responsible for security.
But i still want to know other programmers opinions
Any Help is appreciated
"According to my opinion, It's the developer(means developer's code) who's responsible for security"
Smart programming languages add up more layers which most of the time is in price of performance. Much of security on web applications is checking client input (uploaded file, form entries, URL...) to be same as expected. Smart languages do much of the work automatically. Also they have built-in security schemes which are prone to bug if you write them yourself.
I believe security is not the main concern for selecting the platform but should be considered besides performance, budget, maintenance...
Note: Security is not just about web application programming, you may get hacked from upper layers like other applications on the same web server, at operating system level...
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I know a little java, android languages.
Now I want to build an Android server-client application and for
client side I will use Android(java) and for server side either
JSP/servlet or PHP.
So I have 2 questions:
What is easier and faster to learn PHP or JSP/servlet(also don't
forget that I also know java) ?
2)Which one would work better? as the client side would be written
in Android(java) may be the JSP/servlet would work better, or it
doesn't matter?, and as PHP is the most used server language may be
it would work better?
Thank you in advance.
I personally found PHP simpler and easier to learn, BUT i knew JAVA and C++ before. I would also like to add that a few of my colleagues that had little experience with other programming languages found PHP to be fun and easy to learn. You have much less to worry about memeomry consumption, variables types, Threads etc...
It totally depends on what your system will require.
-Java is more complex and thus offers a wider range of possibilities, more control etc...
It doesnt mater in what programming language the client application is written in, since client/server communication is done using "standard protocols and systems and formats", such as REST protocol, JSON data encoding and so on....
Another advantage of PHP is that it will run on basically any hosting you purchase for your server, since most of them if not all support PHP/mySQL, while Java will probably require you to purchase a Cloud service or something similar. In such sense PHP may come cheaper to you.
I would also like to add that i have used PHP in most server apps i made, one example was a trading app...but some apps that needed multithreading + RAM caching + hash maps + sockets + other Java functionalities that are built in, etc were meant for Java...so PHP can do the work, but for some things Java is better and just comes naturally...this is totally based on my personal experience so dont take it for granted, you may have a totally different experience.
Maybe tell us what will your app do so we could point you in the right direction.
This
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
First of all, I'm an experienced js programmer, good also in php (exluding database design) but don't know much about how servers work.
I'm participating to a quite big projects that's about to start and I'm trying to figure out what's the best tecnology to use.
The application will be geolocalized, and will use google maps. It will have a lot of javascript rendering (probably on the front end I'll end up using backbone or ember, but still thinking). hopefully, it will be used by a lot of users. The will continuously receive data while moving around. Specifically, they'll receive data from clubs, pubs and so on.
hopefully, it will coninuously grow over time, with new features, more data, more users.
I was wondering if node.js could be a good choice for developing it of it would be better to stick to more conventional php ways.
what do you think?
Since you are an experienced Js programmer, you shouldn't have a real problem using Node.js. You're already familiar with the language. If your application will send and receive data continuously, I recommend Node.js and socket.io, which enables real-time communication.
Nodejs takes a lot more initial code than php(because there is no middleware server like apache, you have to program the server yourself), but can perform faster and has much better support for templates and websockets than php. If your maps application wants real time updating, then websockets are incredible, but there is no good solution in php at the moment. The only way to handle websockets in php is through external programs, because you can't control the php server.
One thing to consider if you are going to use nodejs is: Do you like callbacks? Unlike php, where everything is performed synchronously, in nodejs, almost everything is written in asynchronous callbacks, to prevent the server from seizing up while handling a big request. Some people like this coding style, others despise it and think it is a messy bunch of functions inside of functions inside of functions. I personally like this style but it is more complicated than php.
A lot of the choice depends on your team's personal preference. Spend a hour or two trying both with your team and seeing which appears to be working best for you.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
Recently, i heard alot of JavaScript being used sever-side. Node.js, express.js and similiar stuff are mentioned more and more, but i never had the muse or time to dig deeper into the topic.
Now, as the information flood would not decrease, i can not longer ignore those circumstances.
I wonder about two things:
Can i replace my complete, simple PHP backend, which is primary used only for database access, with server-side Javascript
and if yes:
are there any benefits of doing so?
and if not:
Why is there such a hype?
The topic seems to be quite complex and not too easy to learn, but as time goes by, i more and more get the feeling that this maybe will be the future of backend coding.
Yes you can.
If you are primarily serving data, a more contemporary approach would be to use node.js to implement a restful api . Node.js is particularly suited for this as it inherently works asynchronously - which means each request to the data source (ie the database) inherently does not block while the server is waiting to return, allowing it to punch well above it's weight in terms of being efficient when servicing many requests.
You could use the node modules express.js or restify.js to implement this.
A warning though - node.js is a single threaded application which means some work has to be carried out before is scale able. There are some good solutions for this, such as using Amazon Elastic beanstalk. But as node.js is a relative newcomer many other proposed solutions may need some coaxing to be production ready.
You may find it beneficial to read 'Javascript the good parts' by Douglas Crockford before you begin - something I needed to bring my knowledge of Javascript to a level where I could write quality maintainable code for node.js
Yes you can replace it.
Main concepts about Node you have to know is being async, second is being event-driven.
So if your PHP app just accesses db and serve responses back, node.js would be more efficient in such applications, as would not block idling for response from db, but can process with other requests and so on.
It is not complicated, if you do it. Just go and dive into. Don't ask - prototype. It is the best way to understand if you really need it or not.
I've replaced all my PHP need to node.js, except templating.