Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
The company has a web-based punch card application, but my boss wants to make employees punch in and out using their fingerprint rather than sharable passwords. Is there any free/open source/commercial SDKs that can be used? With a Java or ActiveX based embeddable component?
Thanks in advance.
Most of the tools i found were commercial products. But hopefully they lead you in the right direction you want to take.
Griaule fingerprint recognition software
Universal Matching System Software Development Kits
OSS BioFoundry
Which fingerprint reader are you using?
1) Microsoft Fingerprint Reader (Formerly Digital Persona)
2) Eikon Reader
3) Other?
An easy solution is to take advantage of the automatic form-filling tools that come with either, and build a password system around that where the passwords are predefined 64+ byte long random blocks of data. Keep your web-based system but have a very minimal form that discourages entering the password client-side (through javascript), and explains that the user should touch the fingerprint scanner to punch in/out.
If possible, take each employee through the registration system by having them setup an auto-login with their fingerprint, having them look away and then privately entering the password without them watching.
Of course this is easily hacked by a tech-savy employee using a tool like asterisk key (on windows) or a dom explorer / debugger later but it should provide a minimum level of security and at the very least won't be as easily shared as your current system (which I gather is your goal).
Also, fingerprints don't really provide any type of security for a determined attack. Silly putty, superglue, and five minutes can reliably replicate any prints lying around. As long as you accept this issue you'll be OK.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I've got a PHP product that clients install on their server. It's a pay-monthly product, and I need to protect it.
I did consider Ioncube (and friends), and have used several of them before. However, they're all fundamentally just deterrents because the client has all the code. There are examples (and services) of the web that crack each of them.
Of course a more secure solution would be to run it as a SaaS project, but that's not possible in this case.
So I'm considering a remote licence system...
The licence system would house a section of the PHP code, and a client requires a valid licence key to access it. This section of code would be corn-related functionality that's essential to the running of the program. So essentially an API. Clients could either be limited by IP, or by # API calls.
Clients would be emailed a licence key when they signup, then they'd enter this into the product. The product would use this API key for all future requests.
Pros:
"Uncrackable" from the client side
No special software required for the client (Ioncube loaders etc)
Cons:
If the licence server goes down no clients can access the software (I'd have redundant load balanced clusters in 3 different geographic regions with 3 different providers)
If the product/business dies, clients are left without access (I'd release the code to them in this situation, because there would be nothing to lose at that stage anyway)
Are there any significant issues I'm missing from the pros/cons list above?
So please, tear my idea to shreds :)
Note: This isn't a discussion about the merits of code protection vs plain source code. For this project, I'm required to protect it. This is in a market where anything insecure appears all over the web several days after release.
If the thing you're giving through API is small and simple, they can just replace it by hiring another engineer for an hour - they have the sources, after all.
If the thing you're giving through API is complex, why not host the entire application on your server in the first place?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
Can anyone please guide me which kind of certifications are available for php and seo? I am a php developer as well as a Lecturer. And i want to teach and guide my students. I know symfony and wordpress. But other then this what kind of certification is in demand in current/future market. I am ready to learn new technology even.
No certifications are or should be needed. As for new tech, node.js is very used right now in the market. If you're a javascript developer and want to learn node.js, you will have a very easy time. Note that node.js is commonly used with nosql databases, such as mongodb, couchdb and quite a few more.
If you haven't tried those technologies, it might be a good time to start learning/using/mastering them. Also, I recommend you start using git if you haven't. You can do wonders with git.
If you work as a front-end developer once in a while, I extremely urge you to get right on Grunt.js, since Grunt is extremely useful for a numerous tasks in front end, and it can at some extent, be used for backend, including some php tasks.
NodeJS website: http://nodejs.org/
mongodb website: http://www.mongodb.org/
couchdb website: http://couchdb.apache.org/
git website: http://git-scm.com/
grunt website: http://gruntjs.com/
I think that's enough for you to get busy for a while. Hope it helps.
Personally I don't think any certification is needed, especially in the programming industry (even for lecturesr). It's more important to show that you have been involved with important projects. Working experience with bigger companies or open-source projects will prove your expertise.
With that being said, there is one from W3C:
http://www.w3schools.com/cert/cert_php.asp
Another one is mentioned by Zarazthuzatra, ZCE:
http://www.zend.com/en/services/certification/
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
The site that I am working on creates user sites like (domain.com/user). We want to show the users some web traffic statistics relevant to their own site, like how many views from facebook, twitter etc. Can you guys please recommend a solution which we can integrate into our PHP/MySQL based system? Or is it better to build one inside the system ourselves using mangoDB or something similar?
Any pointers would be appreciated.
For preference, unless you are using SSL, I would recommend implementing the sites as user.example.com/ rather than domain.com/user - it's much easier to configure your webserver to write seeprate log files / most off the shelf web analytics packages will split a log file from multiple vhosts into reports per vhost.
There's lots of tools available off the shelf - piwik, awstats, webalizer, analog
Google analytics is amazingly good value compared to most commercial offerings.
If you need to persist with your current naming schema, then consider using a too which relies on page tagging rather than log analysis.
Or is it better to build one inside the system ourselves using mangoDB or something similar?
I'd suggest that's very much a last resort - if you can't find what you need, then I'd recommend forking one of the open source packages.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
Our PHP site uses a home-grown forms auth implementation. We're considering making our site into an OpenID provider so that we can authenticate (using our exisitng user accounts) users on a StackExchange site. If we have to add code or UI to our login form or add fields to our database, that's fine-- we just don't want to have to rip out what we have and replace it all in order to get OpenID provider support.
There are several libraries for PHP linked on the OpenID website. Anyone have experience with using any of these libraries to adding OpenID provider capability to a PHP site, and if so which is your favorite and why? Are there particular libraries you would stay away from, and if so, why?
Well, most of the options listed on that page don't have provider support, so I think your options come down to OpenID Enabled's php-openid or Zend_OpenId. I'm partial to the openidenabled libraries myself, but then again, I was on the team that wrote them. php-openid is generally compatible with a wider range of PHP versions, and its test coverage is pretty extensive.
I don't really know much about the Zend offering, but it might be appropriate if you're fortunate enough to not need PHP 4 compatibility and like that framework thing they do.
Start with browsing through the official OpenID developer website # http://openid.net/add-openid/become-a-provider/
There, it gives you three options:
Outsource to a third-party provider
Use an existing library or plugin
Read the specs and OpenID yourself
Option 1 may not be the one you would aiming for, since you want your site to be a provider as you have hinted above.
Option 3 is ok if you have the time and capacity to implement it. Try going through http://openid.net/specs/openid-authentication-2_0.html and see if your development team can stomach that.
Finally, there's option 2, which I think the best choice. There are enough choices of PHP libraries listed in http://openid.net/developers/libraries/#php . I imagine it would be easy to use one of these libraries to extend your existing authentication mechanism to provide OpenID authentication service but I can't be sure as I have not tried any of them yet.
Good luck and godspeed!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I have an existing php website with a user system already set up (registration, authentication, lost password, etc.). I've decided that I want to add a message board and integrate it with the existing website: registration on one should register on the other, and similarly with logging in and changing user information.
Is there a good forum that would make such integration easy? It seems that the most common way this is done is simply to abandon the existing user system and use the forum's user system. But this has downsides: you rely on the forum to properly handle security (on the other hand, this could be a benefit) and you are much more tied to this particular forum (more complex to switch forums, forum problems could cause problems with the entire website, more difficult to have forum on a separate server).
What is a good way to approach this?
If you are going for a stable, popular implementation of forum software, in almost all cases it will be a better idea to use the forum's user authentication rather than your own.
That said, if you are hellbent on using your own authentication system, you could probably keep the two isolated but combined. What I mean is that in the registration system for your own software, call into the forum's registration method. This way, once you register on your website, it will create an account on the forum software as well.
If you wanted to allow one authentication session to authenticate both onto your website and the forum, you would have to load the forum's session information in upon login. Many forum software implementations out there have hook-ins that you can call. SMF, from what I remember, had an API that allowed you to perform many of these tasks.
Do you have the time and resources to write your own? In my experience, integrating an open-source solution into a pre-existing system can take up more time than creating one from scratch.
I'm not sure how efficient this is, since I really just recommend using your forum's user system for this sort of task, but you can technically store the user's ID in a column/table in your database and reference to it from there.
You can use the Single Sign On feature of Simple Machines if you wish. This is exactly what you should do to integrate smoothly a software to another one. Alternatives are also Openid, but it's harder to implement.