Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I have a complicated problem, exacerbated by the fact I don't really know where to start!
Over the last few years, I've developed a number of php web-based systems. When I built them, our network was ropey at best, so I thought nothing of creating my own username/password stuff.
Since then, our network has become a lot more robust, our admins have installed an ISA server for various other things and my apps are left as frustrating relics that people forget their passwords and are never sure which one belongs to what.
I would like to be able to replace my own login code with something that will talk to the the ISA/Active directory stuff so users can just use their primary username and password to log onto my stuff too.
Part of the difficulty is that the PHP apps are hosted outside of our network, although I do also have a server inside the network to act as a gateway if necessary. All of the servers I have access to are running Linux, although I might be able to persuade someone to install a 'plugin' on a windows box if it is absolutely necessary.
Where do I start?
If PHP is running under Apache you should be able to use mod_ldap and mod_authnz_ldap to authenticate to your Active Directory server.
There's also a fairly complete LDAP API for PHP, which you should investigate.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I'm searching for a means to overpass the need for a web server when using a local web application. Why aren't there browser extensions or special browsers to do so? It seems very easy to code to me. The browser or extension would call a php interpreter to compose web pages from php files. Local urls (file:///) would be used. No web service or port would be necessary. Is this just nonsense? Or am I the first person to think about this? In fact, this does already work with static html files.
First edit: I was looking for a server for testing purposes, being able to compose output from php files, without the need to communicate through network ports. Maybe I should have started from here, but Stackoverflow does not allow this kind of posts.
That sounds nice, please go ahead and build that technology. I will also use it. But oh, for now that has nothing to do with SO.
Why web servers are needed even for local web application
Because they are web applications. Technically you don't need a web server for local stuff if all your application code relies on client side programming. You can just go ahead open your html files in browser.
Browsers know how to interpret client side code already, so why re-invent the wheel? If you ever wish to write 1 line of server side code then obviously you'd need a web server at that point.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have the following problem:
The website I made for a friend has been infected with malware. When I tried to clean it, by replacing files that I found to be different to the ones I uploaded, with my original files, after a short time, the files were different again. The file permissions are all 644, and the folders 755. It is as if the one who infected the files has access to change them whenever I change them back. Can anyone help me since I am very new to this kind of problems?
First things first: report this to your webhost immediately! Secondly change all of your relevant passwords!
That being done, there are a few possible causes:
Your parent webhost has been compromised, in which case there is nothing you can do except move to a better host.
Your website contains a vulnerability that is being picked-up by kiddies with their vuln-scanners. Be sure to audit your code to ensure that no user action can result in your website's filesystem being touched inappropriately; also check for SQL injection avenues.
Your website uses a widely-distributed application, such as WordPress, that has not been patched - this is a major problem.
Your own PC has been compromised and ne'erdowells have used a keylogger or other software to discover your FTP or SSH account details, and are abusing your website. Run a local scan and audit everything to ensure your bank account is being raided either.
This isn't a code-related problem. This isn't the place for your question.
But: It's likely that a program is running on your server and re-infecting the files. I'd recommend either taking it to a professional malware removal service, or (my preference) burning the server in a fire and allowing a new server to rise from the ashes. Then install an AV suite on the new server.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Are you concerned at all with your web host having access to all of your files and being able to essentially download your entire web app? What steps can you take to protect yourself? More specifically, I am interested in knowing how to protect the custom developments I've made to a WordPress powered site?
Are you concerned at all with your web host having access to all of your files and being able to essentially download your entire web app?
No.
What steps can you take to protect yourself?
None.
If you can't trust your web host, you're doomed and need to change providers immediately. It's impossible to protect a web site from the administrator(s) who maintain the server it runs on.
It's like if you are a business hiring a bookkeeper or sysadmin - they can't do their job if they don't have access to the company's financial records, or computer systems, respectively. You have to be able to trust that those people don't steal your company secrets.
I am interested in knowing how to protect the custom developments I've made to a WordPress powered site?
Not to put down the value of your work and all, but chances are nobody cares about them. There's a lot more to a custom development than having the code - you also need somebody who understands it and can work with it. I don't think code theft from commercial hosting platforms is much of an issue.
You can encrypt your applications using various encryption engines such as Zend for PHP. Or you could always obfuscate your code before uploading it onto your web host.
If you don't trust your webhost, don't use them.
It is impossible to secure code against an enemy who owns the hardware and has administrative permissions on the server.
There is nothing you can do to stop your web host from being able to see your files. It's their server after all, and they have root access to it.
Generally, nobody cares about your shared-hosting site enough to go poking around in the code. Sorry, but it's true. If you get large enough that it matters, you'll be running your own servers which only you have access to.
The best defense against hosts that might do something sketchy is to look for reviews of the hosting, and solicit recommendations from friends and other trusted colleages.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I'm in need of some sort of software based way to reserve the use of a couple machines. There about 5 different machines used in a lab that are shared among everybody but people need to schedule the days/times they want to use these machines. This is currently handled with pen/paper and you need to physically walk place to place to see when they're free and available for sign-up. I've been tasked with moving this system to a private webserver that currently runs an installation of mediawiki.
I've looked for extensions for mediawiki itself, but I couldn't find any kind of scheduler/planner/queue system that is premade that allows users to reserve a time frame/day to use machine. Additionally it would be nice if anyone could sign up but users were restricted from removing others from the queue(which is why a traditional calendar software with the honor system wouldn't exactly work). The solution doesn't need to be embedded within medawiki itself but must be able to be hosted off of a webserver, do you guys have any suggestions on how I can approach this? The best I can come up with is to buckle down and write my own php/django based site to handle this(I'm not very experienced with either). While I do have time I want to make sure there isn't something available I missed before dedicating my time to writing a custom application, and would appreciate anyone who could help.
While I've not used this:
phpscheduleit
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I am trying to create a blog using blogspot. It seems it is not possible to upload anything other than image files to blogspot. I want to upload a PHP file. I managed to upload the file to google sites, but it is coming as downloadable there instead of executing.
Is there a work-around here other than buying my own server space?
Is there a work-around here other than buying my own server space?
Nope. You can upload PHP files to those services all you want, but you'll never have them executed.
Buying your own server space is usually the best way to go.
There are free hosting offers around but I know of none that is any good, except maybe for the Google App Engine that is free up to a (very generous) traffic limit, in combination with Quercus. That, however, is a very specialized solution, going to be a lot of work to even get started with, doesn't support all modules of PHP, and something rather for professional applications.
But you could simply pay some cheap hosting for PHP, and move your stuff to wordpress.
There's hundred of hostings out there for as low as $1.99 a month, and with that you can host as many PHP files as you like.
Alternatively, you could stick to blogspot, and when you want to use PHP, you can just link to your other server (the one hosting PHP).