Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I have a small classic asp site and I am concerned that a client may stop paying me. The site is on their server, so I basically want an "off switch" in the event they stop paying me. I couldn't think of a good way to do this as they have a tech person who has access to the server, so any code I write to stop the site would be easily found and changed in the classic asp site (there aren't many pages).
So we had thought of maybe obfuscating the 2 main class pages so that they won't be able to edit the pages easily and we still have code to stop the site functioning. My questions are:
What is the best option for obfuscating classic asp code (if anyone has done this before)?
Is there another option that maybe we're not thinking of?
Thanks for any help you can provide!!
I think your energies are better placed on setting milestones in your project that are tied to payments. This ideally is done in increments so that neither party feels at a disadvantage with regards to the amount of work done / amount of money paid.
Obfuscation is easily removed and decoded, generally.
Remote checking for a security license opens a security hole for the application, and also can be defeated relatively easy.
Putting in code that "self destructs" if some action or code is not removed is also not great practice.
Licensed software is a little bit different in this regard. It sounds like you're building a bespoke system that you will simply hand over to the client at the end. If that's the case, putting in mechanisms to disable that system that only you control is not a great way to build trust. They may be violating trust if they fail to pay, but your disabling of the website actually gives them an additional incentive NOT to pay you, and consider you as a programmer willing to put in a Trojan Horse into the code.
The real problem to solve here is not in code, but in project management. A social not a programming problem.
This is a hard problem, and a great one for StackOverflow. I wish you well in sorting it out.
You're in Australia right? You have a small claims court system? If you've delivered what you were obligated to code for them, you shouldn't have a problem collecting.
I'm pretty sure that programmers have gotten sued or even charged criminally for this sort of thing; the courts see it as "hacking" into a client's site and breaking it over a payment dispute. Be careful.
I believe the best way would be to simply have it call your own server for some critical piece of data. That way you can restrict that service if / when their subscription does not tally with your desired business model.
It does depend a lot on the site, but there will always be something you can return from your own server to keep the site active. Also this does give you the advantage you are not disabling their server but your own if it goes wrong.
hope that helps
There is a tool from Microsoft called Script encoder that encodes a script into garbage, though it's fairly easy to get the original back..
Why not put some of the business logic into a VB6 component? That's valid optimisation and obfuscation in one. They could decompile such a DLL, but it's a lot of hassle.
More importantly, you need to consider who owns the code, regardless of what you do at this point. The link below is a discussion on code ownership in freelance situations (without a contract), and I think that the accepted answer defines the issues rather well: https://stackoverflow.com/questions/111815/freelance-work-with-no-contract-who-owns-the-code
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed last month.
Improve this question
So basically the only major benefit implementing SSR + CSR is SEO? Because if you think about it SSR actually is slow in initial load time because you have to wait for the server to render and respond with the HTML + JS which needs a nodejs server with all the complicated configurations for production while in
CSR you receive instantly the bare bones HTML and JS (can be cached) which can just be hosted on a file bucket with no complicated server configuration, also now a days browsers / computers / phones are actually fast enough to render components quickly so initial load time is not an issue. And also you can actually do lazy loading for components.
So aside from SEO, you actually add more cons when implementing SSR + CSR.
Anyone please do correct me if Im wrong 🙏
SSR + CSR vs CSR. Cons seems to outweighs using SSR+CSR than just CST
SSR can be helpful because it will display the static content ahead of time, providing the user with a visual rather than waiting for a spinner to create the whole thing.
You will have a hydration phase, but you can skip parts of those or even not use them at all (Islands Architecture like AstroJS does or with some other packages).
SSR will also bring the SEO part as you know, which is quite important for some types of apps (blogs, marketplaces, StackOverflow etc...).
The SSR step can be rather quick, especially if using Edge Side Rendering. You can also cache it and the configuration doesn't need to be difficult (it can help with memory leaks too because you will kill it everytime), the "charge" supported by a server is not a consideration anymore
It can consume fewer resources regarding the end-user devices because no: not everybody is using the latest iPhone 14 Pro. The most common device is still a Motorola G5 or alike (in terms of raw power). Not to say that people can come from various countries where bandwidth/expensive phones are not a thing yet.
Database delays are also not a thing if they are done ahead of time and can be skipped by the client.
Again, more and more advanced configurations are feasible but it all comes down to how much you want to optimize your app and how much money you make out of it.
Nowadays, tools like Qwik, Marko, and Astro are popular because they are joining the group of cool kids shipping less JS to your visitors. It is always nice when you see how much money your business can generate with some fine-tuned performance metrics.
If you have a chill casual chat app, keep it as a SPA.
Also, not all apps need SSR/SSG. Some of them can stick to SPA (dashboard, gmail-like etc...).
One is not better than another, they all have their pro/cons. The thing is that you need to understand how to efficiently use each one of them in the best situation. And Vue/React don't do all those things in the same way too...
You can give a read to those great authors, they are quite good at explaining the performance considerations and future great frameworks (aside from the usual React/Next etc..):
https://dev.to/tigt
https://dev.to/ryansolid
https://dev.to/filrakowski
https://twitter.com/mhevery
https://twitter.com/danielcroe
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm developing a RESTful API for a client. The problem is, he's using a rather obscure language called Clarion. It's proprietary and closed, and the docs are not freely available online.
Whenever we discuss passing data from his code to mine, and back again, he starts talking about "ftp file uploads" and direct server-to-server SQL. Needless to say, these ideas bring back visions of the bad old days. I have done some googling, and I can't find any evidence that this language is capable of creating HTTP Post requests at all, let alone using SSL encryption to protect them from prying eyes.
I'm looking for advice specific enough that I can guide him through implementing his end of the bargain. I specifically want to avoid trying to pass XML requests as files via FTP, or by writing them to the disk and calling some script. It should go without saying, but I'm also not interested in running proprietary clarion server code or DLLs on my server.
Is Clarion capable of generating POST requests? Is XML hard to generate in Clarion? Is there a simpler/easier to use format my client may have more sucess with? None of the data is more complex than key/value pairs.
I'm coding in python, but I can deserialize any reasonable data format if there's some way to get the data to my server.
I feel your pain. Communicating between systems can be a major pain. Good news though is that Clarion can do TCP/IP, and XML (with a little help) so there's nothing that should hold your Clarion colleague back.
In the interests of full disclosure I should point out that I'm biased here - I'm about to recommend that the Clarion guy use tools I created - nevertheless there are thousands of Clarion programmers out there using them, and they provide the answer to your question, so please forgive me. Ignore if you like.
In Clarion there are a couple of tools that make TCP/IP communications easy and that enable the use of SSL. The one I make is called NetTalk (http://www.capesoft.com/accessories/netsp.htm).
There is also XML support inside the Clarion box, although it's unnecessarily cumbersome so there are at least 2 xml products he can use - iqXML (which is free) and xFiles (http://www.capesoft.com/accessories/xfilessp.htm) which is designed to be super fast.
Using NetTalk & xFiles together it's trivial to create SOAP servers or clients. (Or plain HTTP servers and clients as you prefer.) There are a LOT of folk doing just this, so there's absolutely no excuse for using shared files, or FTP'ing requests around. I recommend you gently point your Clarion friend in the right direction.
If you'd like to run this question past other Clarion developers then try http://faq.clarionmag.com/ (which is using the StackOverflow engine.) There are also lots of programmers active on the NNTP protocol (news) at news.softvelocity.com (comp.lang.clarion and others).
Cheers
Bruce
Instead of trying to accomplish more in this obscure language, I'd go with the approach that you hinted upon: using the file system as a hand-over mechanism.
Have his code output files to a given folder; then, have a daemon, written in a "normal" language, monitor that folder regularly (cron job, etc). When a new file shows up, upload it through HTTPS / other "normal" means to your other server to do the task.
This approach follows the "localize the crap" philosophy - if you can't get rid of crap, at least make sure that it's "borders" are well defined.
Information wants to be free. The language may be proprietary and closed, but the documentation is published online:
http://www.softvelocity.com/clarion/pdf/LanguageReferenceManual.pdf
Looks like a Windows 3.1 vintage report generating language which has the ability to talk DDE/OLE (!), but seems to have no external communication features other than that.
So no, Clarion cannot do POST requests (except via a third party custom control / DDE conversation). Using the file system might be a safe way to proceed: it keeps the client in familiar territory, and is the easiest to debug. However, if two way communication is required, you might need to blow the dust off the manuals and go the DDE route. It really depends on the exact requirements (e.g. is the program batch or interactive?), but page 935 (Appendix A) in the 1158 page manual is where to start looking!
I came in very late to this post, for I only had Stack Overflow account set today. However, I would like to comment on Bruces answer.
Bruce runs a 3rd party Clarion add on maker company and will always suggest the use of their products. Altough they're really fine an work very well, I can't help pointing that there are standard, open tools for about anything that needs to be done.
For example, the programmer could use "curl" http://curl.haxx.se/ to communicate with a web server from a program. Not only a Clarion program, but any program. Aside from that, Clarion does have access to all the Windows API, and it is just a matter of writing the code, so, sockets, http, mci and whatever are at any programmer's reach.
Need to send e-mail from a program that apparently doesn't have access to smtp functions? use "Blat"! - blat.net
Want to download some file from a web site? wget - gnu.org/software/wget
These are all command line interfaces. And I suggest the ones who don't know what "interface" means, to go get a look at The Free Dictionary - tfd.com/interface
Regards
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I have a customer who is being dogged pretty hard by SOX auditors regarding the deployment practices of our ASP.NET applications. Care is taken to be sure to use appropriate file- and folder-level security and authorization. Only those few with deployment privileges can copy an up to the product server (typically done using secure FTP).
However, the file/folder-level security and the requirement of secure FTP isn't enough for the bean counters. They want system logs of who deployed what when, what version replaced what version (and why), and generally lots of other minutiae designed to keep the business from being Office Spaced (the bean counters apparently want the rounded cents all to themselves).
What are your suggestions for making the auditors happy? We don't mind throwing some dollars at this (in fact, I think we would probably throw big dollars at a good enough solution).
You probably want to look at an automated deployment solution and you are going to need a formal change control process. We use anthill pro. It can track what version and when it was deployed.
To satify sox we had a weekly meeting of what was getting deployed when. It had to be approved by compliance manager and each deployment needed to have a form filled out explaining what, why and how something was being changed. Once the form was filled out a third person had to be involved (not the person requesting or approving, neither of them can have access to the production environment, because of the seperation of duties rule you have to follow) to make the change and the change was based off of what was in the "change document" no outside communication from the person making the request. Once deployed, all people had to sign off that it was done and when.
It shouldn't be too hard to meet the requirements, it might require some changes to your development processes but it's definately possible.
What you need is:
A task tracking system, showing descriptions of work, and approvals
The ability to link documents, as well as packages to this system.
A test system to test your deployments onto.
Finally all deployments must be done via installation packages, and other scripted means.
Any manual changes must be documented and approved too.
Also turn on auditing, run regular security tests, and document almost everything.
All of this is possible with a number of systems, the biggest change is the changes to your internal processes.
You might want to take a look at the auditing features provided by NTFS.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
This may be an opinion based question, but it's something that I wanted to ask (even if it does end up getting closed or deleted).
I do custom app dev (asp.net/aspMVC) and have absolutely no knowledge about sharepoint and was wondering:
If you have a "rock solid" custom app dev, asp.net/aspMVC web developer can he jump into sharepoint development fairly easily? What about the other way around? Does a seasoned sharepoint developer have the "chops" to do custom app dev using asp.net/aspMVC?
By no means do I want to offend any sharepoint developers or any custom app dev developers. I'm merely trying to see how much knowledge you can take with you when going from one type of development to another.
I recently put a very strong .NET guy from my team through the SharePoint learning process and let me tell you, it’s no small task. The issue is not so much familiarity with the SharePoint object model or product architecture (he was quite familiar with the latter), it’s more about understanding the “SharePoint way” of doing things.
Let me expand a little; the main thing is the concept of working locally on a host system goes out the window so you need to work on either a VPC (which you may need to build from ground up) or a server which also has the appropriate development tools installed. Some people even run a Windows server product directly on their host machine but you’d want to pretty dedicated when this also involves running SQL Server and SharePoint on your PC.
The next thing is it’s not simply a matter of opening up a SharePoint site and writing code against it, it’s more a matter of building individual webparts and features which can then be deployed. This also involves some very obscure configuring of XML files which if done incorrectly, can have a very negative impact on the entire environment (i.e. things just stop working). Finally, the deployment process is completely different. There is no simple “publish” option like you’d have with a normal ASP.NET environment rather there is a convoluted process of deployment and activation.
SharePoint does a lot of things really well but when it comes to writing custom applications it has an uncanny knack of making things that are normally very simple extremely complex. You reach a lot of crossroads where it’s either the SharePoint way or the highway and if you’re not aware of these upfront you run a serious risk of the effort required blowing out significantly. Don’t get me wrong, it’s a great product, I’m just saying don’t approach it with the attitude of “it’s just .NET development” and expect things to go smoothly.
IMHO, this is a very large jump for a .NET developer and shouldn’t be approached unless you’re serious about moving into SharePoint development. I’m quite explicit in my environment now that unless someone has real world experience developing for SharePoint they should not be jumping in and “learning on the job”; the risk is just too high.
BTW, there is a good question titled What are your biggest complaints about Sharepoint which you should read.
I know a (little) about SharePoint and to a large extent you can pretty much code in SharePoint if you are a .Net coder.
There are a (lot) of quirks you need to be familiar with though.
WebParts for one. These are
available in WebForms but they take
on new meaning in SP.
How and Where the pages are stored.
SP, if you make a change to a
standard page, stores the changed
page in a database and references it
from there so if you go looking at
your file system for your file,
you'll find it but it'll be the wrong
one.
I think the page life cycle may be
slightly different but don't quote me
on that.
That's just to name a few.
To sum up though I don't think you can just dive in and begin coding. I think your best option is to either get a SP developer to teach you or to do a course.
I did an SP course and to be honest I still don't think I could just dive right in and get it right.
SP punishes you harshly when you don't do things the SP way.
I am in this position and getting into MOSS (am certified for configuration) but it is not easy to understand as there are new concepts when developing for MOSS (eg webpart production). BUT it is just a new process and a lot to understand about MOSS and how it works.
My limitation is not doing enough of Sharepoint 2007 at work so obviously I am going to be lagging behind in webpart creation, etc. But this is why I am going to install the software at home.
On the other hand, Sharepoint development is C# and ASP.NET, so in the codebehind/presentation, you have a solid base.
If you code Sharepoint, I think Winforms is easier so you can switch to that ok. ASP.NET and Sharepoint 2007 share A LOT of concepts as Sharepoint is pretty much a very advanced ASP.NET web application so you can go from MOSS to ASP.NET.
I develop Sharepoint applications since 2002 and ran successfully dozens projects based on it, ranging from .
Starting with WSS 3.0/MOSS 2007 most Sharepoint specific technologies (aka webparts) was incorporated into .net; so, application development changed a lot: you don't need to eat SPWeb on breakfast, but being a regular ASP.NET developer and having a pragmatic approach to learn about content management it's enough.
Bottom line: Sharepoint development isn't rocket science; don't be afraid, get a VS2005/8, a VPC and happy coding!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
We are designing a survey application with the following features
The users will be able to select questions from a set of predefined questions.
Each question has a question type defined which dictates the type of answer (multiple choice, DB look up, free text etc)
The user can create a hierarchy of sections with multiple questions with in each section.
The responses of the survey will be stored to an SQL server database.
There is also a requirement to generate an output document from each survey response.
We are planning to implement this application using ASP.net.
I am looking for suggestions which will help us reduce the development effort. Is there any commercial/open source application which we can customize for our needs? is there any ready-made components which helps creation of dynamic ASP.net pages? I am only interested in application which i can host locally, as this has to be integrated to an existing application.
This may not be an exact fit, but worth looking at: Surveymonkey.
Unless feedback systems are your business's core competency, you'd be best off using a third-party system. Building a survey system is not as easy as it might seem, especially when it comes to reporting. Sure, you'll be able to bang out some simple reports without too much trouble, but every change wanted by a customer (or your boss) is time you'll be dumping into your survey and reporting engine when it could be spent on your actual business. Do yourself a favor and outsource that headache to a third party.
If your needs are simple, a freebie site like SurveyMonkey would be just fine. If you're looking for something more sophisticated, such as support for phone surveys, more advanced reporting, etc., you'd need to pay for a more advanced service, such as (cough) the one I work for.
http://www.codeplex.com/WebSurvey
looks like a good place to start
Try Zodiac.NET Survey Engine. It can be integrated direct in your ASP.NET website. No much work needed.
NSurvey used to exist for this, but I think they've gone solely commercial. If you can dig up the last open source release, it might be a good starting point.
Otherwise, don't build it. Subscribe to Wufoo
Another option would be to have users use InfoPath or Adobe Designer to create the survey forms that are distributed to survey takers (either by e-mail or web-site).
With InfoPath, you can have the responses call back to Web Services that you have written. Or, with both the packages, you can have the responses e-mailed back to a particular address and the XML that is sent can be parsed and processed.