Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Are you concerned at all with your web host having access to all of your files and being able to essentially download your entire web app? What steps can you take to protect yourself? More specifically, I am interested in knowing how to protect the custom developments I've made to a WordPress powered site?
Are you concerned at all with your web host having access to all of your files and being able to essentially download your entire web app?
No.
What steps can you take to protect yourself?
None.
If you can't trust your web host, you're doomed and need to change providers immediately. It's impossible to protect a web site from the administrator(s) who maintain the server it runs on.
It's like if you are a business hiring a bookkeeper or sysadmin - they can't do their job if they don't have access to the company's financial records, or computer systems, respectively. You have to be able to trust that those people don't steal your company secrets.
I am interested in knowing how to protect the custom developments I've made to a WordPress powered site?
Not to put down the value of your work and all, but chances are nobody cares about them. There's a lot more to a custom development than having the code - you also need somebody who understands it and can work with it. I don't think code theft from commercial hosting platforms is much of an issue.
You can encrypt your applications using various encryption engines such as Zend for PHP. Or you could always obfuscate your code before uploading it onto your web host.
If you don't trust your webhost, don't use them.
It is impossible to secure code against an enemy who owns the hardware and has administrative permissions on the server.
There is nothing you can do to stop your web host from being able to see your files. It's their server after all, and they have root access to it.
Generally, nobody cares about your shared-hosting site enough to go poking around in the code. Sorry, but it's true. If you get large enough that it matters, you'll be running your own servers which only you have access to.
The best defense against hosts that might do something sketchy is to look for reviews of the hosting, and solicit recommendations from friends and other trusted colleages.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I'm searching for a means to overpass the need for a web server when using a local web application. Why aren't there browser extensions or special browsers to do so? It seems very easy to code to me. The browser or extension would call a php interpreter to compose web pages from php files. Local urls (file:///) would be used. No web service or port would be necessary. Is this just nonsense? Or am I the first person to think about this? In fact, this does already work with static html files.
First edit: I was looking for a server for testing purposes, being able to compose output from php files, without the need to communicate through network ports. Maybe I should have started from here, but Stackoverflow does not allow this kind of posts.
That sounds nice, please go ahead and build that technology. I will also use it. But oh, for now that has nothing to do with SO.
Why web servers are needed even for local web application
Because they are web applications. Technically you don't need a web server for local stuff if all your application code relies on client side programming. You can just go ahead open your html files in browser.
Browsers know how to interpret client side code already, so why re-invent the wheel? If you ever wish to write 1 line of server side code then obviously you'd need a web server at that point.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have a client that wishes to have a website written that involves a fairly simple cms driven website that sorts and displays daily reports. The website will require subscriptions and include membership, free trials, etc...
Originally I was going to write the site in PHP, as none of the requirements are too heavy and I am very experienced in it. However, after speaking with the client, he has worked closely with someone who has a C++ product that offers a workflow that includes the entire process of handling subscriptions, logins, and trials and (apparently) can be used on a web platform.
This throws a wrench into my original plan, because even though I know C++ I have never had to deploy it on a webserver or have it communicate with PHP. I've already written a good deal of the site in PHP, so would prefer not having to re-write.
Can I have the two communicate on the same server? What would be required to do so? Would it be worth my time or should I just decide to scrap PHP and use C++? Or should I tell my client he's nuts?
That's about all the info I have about the project right now. Not sure if I can provide much more info, but will try if it's needed.
Thanks for all answers.
Tel him he is nuts.
The reason is that none of those tasks requires the benefits C++ can offer over PHP. It is heavy maintenance pain. And in the big picture putting those two together is more work (in hours) than writing those things in php.
The only thing that would justify C++ is if there is some heavy math business logic involved in there. And i mean heavy.
For problems. Just think about debugging.
In addition to what Thomas says (which is all true), your hosting company will most likely prohibit running custom binaries. Hosting packages short of virtual private server normally don't allow user-written compiled code on the Web server, only scripts.
VPS hosting is, on average, 5 times as expensive.
You can re-write the C++ code in PHP. You can also convert C++ to Java using a converter and then use the Java virtual machine if your host allows that. You can use the C++ code if your host allows that. You can host the C++ code from a local machine if that is a good idea in your case.
I would tell the client that in case there is no explicit need for the C++ language I would go with implementing PHP. You know, the communication between C++ and PHP adds to server load even if the host allows you to use the C++ module. And in the future you will have a lot of pain maintain
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have the following problem:
The website I made for a friend has been infected with malware. When I tried to clean it, by replacing files that I found to be different to the ones I uploaded, with my original files, after a short time, the files were different again. The file permissions are all 644, and the folders 755. It is as if the one who infected the files has access to change them whenever I change them back. Can anyone help me since I am very new to this kind of problems?
First things first: report this to your webhost immediately! Secondly change all of your relevant passwords!
That being done, there are a few possible causes:
Your parent webhost has been compromised, in which case there is nothing you can do except move to a better host.
Your website contains a vulnerability that is being picked-up by kiddies with their vuln-scanners. Be sure to audit your code to ensure that no user action can result in your website's filesystem being touched inappropriately; also check for SQL injection avenues.
Your website uses a widely-distributed application, such as WordPress, that has not been patched - this is a major problem.
Your own PC has been compromised and ne'erdowells have used a keylogger or other software to discover your FTP or SSH account details, and are abusing your website. Run a local scan and audit everything to ensure your bank account is being raided either.
This isn't a code-related problem. This isn't the place for your question.
But: It's likely that a program is running on your server and re-infecting the files. I'd recommend either taking it to a professional malware removal service, or (my preference) burning the server in a fire and allowing a new server to rise from the ashes. Then install an AV suite on the new server.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I have a complicated problem, exacerbated by the fact I don't really know where to start!
Over the last few years, I've developed a number of php web-based systems. When I built them, our network was ropey at best, so I thought nothing of creating my own username/password stuff.
Since then, our network has become a lot more robust, our admins have installed an ISA server for various other things and my apps are left as frustrating relics that people forget their passwords and are never sure which one belongs to what.
I would like to be able to replace my own login code with something that will talk to the the ISA/Active directory stuff so users can just use their primary username and password to log onto my stuff too.
Part of the difficulty is that the PHP apps are hosted outside of our network, although I do also have a server inside the network to act as a gateway if necessary. All of the servers I have access to are running Linux, although I might be able to persuade someone to install a 'plugin' on a windows box if it is absolutely necessary.
Where do I start?
If PHP is running under Apache you should be able to use mod_ldap and mod_authnz_ldap to authenticate to your Active Directory server.
There's also a fairly complete LDAP API for PHP, which you should investigate.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 months ago.
Improve this question
I'm a full time web developer but I have my roots as a desktop programmer and there seams to be a lot of talk about Web Operating System these days.
Is it practical yet to incorporate your web applications into a Web OS to make it more user friendly or just do a traditional HTML layout?
I found one that looks very interesting which is based on Ext JS and PHP that seams it will be simple for me to incorporate my own web applications into and make them feel more like a desktop app.
qWikiOffice - http://qwikioffice.com/
http://glidertools.net/preferences.jpg
Allow me to be the first to say that a "WebOS" is a bit of a misnomer. What is really meant is a web "application" that looks and feels like a modern operating system because it has folders and other widgets.
I think that for some things a "webos" will eventually be practical, but for now, a "traditional" html layout that incorporates traditional desktop application type concepts via AJAX is the current level of practical.
Uh, did you mean "practical"? Or "piratical"?
Anyway, yeah, I think they're practical for a certain class of users. not great for developers, very good for people who want lightweight apps and a way to read RSS and search/surf the web.
Though the idea is cool it is not practical because of the fact that a lot of countries in the world have miserable internet speeds. I have just been to Thailand, most places the internet was not fast enough for gmail to work in ajax mode. It could take up in western countries.
More answers here:
Web Desktops
I have yet to see a compelling reason to use a WebOS. My browser has tabs and I really do not mind having all my Web Applications opened in different tabs. My OS is mostly used for file manipulation which I would never want to do in a Web Browser anyways.
I see these as nothing more than people playing with a lot of JavaScript. If you are going to develop a web app why not make it so the most people will be able to use it (keep it off a specific WebOS).