Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm developing a RESTful API for a client. The problem is, he's using a rather obscure language called Clarion. It's proprietary and closed, and the docs are not freely available online.
Whenever we discuss passing data from his code to mine, and back again, he starts talking about "ftp file uploads" and direct server-to-server SQL. Needless to say, these ideas bring back visions of the bad old days. I have done some googling, and I can't find any evidence that this language is capable of creating HTTP Post requests at all, let alone using SSL encryption to protect them from prying eyes.
I'm looking for advice specific enough that I can guide him through implementing his end of the bargain. I specifically want to avoid trying to pass XML requests as files via FTP, or by writing them to the disk and calling some script. It should go without saying, but I'm also not interested in running proprietary clarion server code or DLLs on my server.
Is Clarion capable of generating POST requests? Is XML hard to generate in Clarion? Is there a simpler/easier to use format my client may have more sucess with? None of the data is more complex than key/value pairs.
I'm coding in python, but I can deserialize any reasonable data format if there's some way to get the data to my server.
I feel your pain. Communicating between systems can be a major pain. Good news though is that Clarion can do TCP/IP, and XML (with a little help) so there's nothing that should hold your Clarion colleague back.
In the interests of full disclosure I should point out that I'm biased here - I'm about to recommend that the Clarion guy use tools I created - nevertheless there are thousands of Clarion programmers out there using them, and they provide the answer to your question, so please forgive me. Ignore if you like.
In Clarion there are a couple of tools that make TCP/IP communications easy and that enable the use of SSL. The one I make is called NetTalk (http://www.capesoft.com/accessories/netsp.htm).
There is also XML support inside the Clarion box, although it's unnecessarily cumbersome so there are at least 2 xml products he can use - iqXML (which is free) and xFiles (http://www.capesoft.com/accessories/xfilessp.htm) which is designed to be super fast.
Using NetTalk & xFiles together it's trivial to create SOAP servers or clients. (Or plain HTTP servers and clients as you prefer.) There are a LOT of folk doing just this, so there's absolutely no excuse for using shared files, or FTP'ing requests around. I recommend you gently point your Clarion friend in the right direction.
If you'd like to run this question past other Clarion developers then try http://faq.clarionmag.com/ (which is using the StackOverflow engine.) There are also lots of programmers active on the NNTP protocol (news) at news.softvelocity.com (comp.lang.clarion and others).
Cheers
Bruce
Instead of trying to accomplish more in this obscure language, I'd go with the approach that you hinted upon: using the file system as a hand-over mechanism.
Have his code output files to a given folder; then, have a daemon, written in a "normal" language, monitor that folder regularly (cron job, etc). When a new file shows up, upload it through HTTPS / other "normal" means to your other server to do the task.
This approach follows the "localize the crap" philosophy - if you can't get rid of crap, at least make sure that it's "borders" are well defined.
Information wants to be free. The language may be proprietary and closed, but the documentation is published online:
http://www.softvelocity.com/clarion/pdf/LanguageReferenceManual.pdf
Looks like a Windows 3.1 vintage report generating language which has the ability to talk DDE/OLE (!), but seems to have no external communication features other than that.
So no, Clarion cannot do POST requests (except via a third party custom control / DDE conversation). Using the file system might be a safe way to proceed: it keeps the client in familiar territory, and is the easiest to debug. However, if two way communication is required, you might need to blow the dust off the manuals and go the DDE route. It really depends on the exact requirements (e.g. is the program batch or interactive?), but page 935 (Appendix A) in the 1158 page manual is where to start looking!
I came in very late to this post, for I only had Stack Overflow account set today. However, I would like to comment on Bruces answer.
Bruce runs a 3rd party Clarion add on maker company and will always suggest the use of their products. Altough they're really fine an work very well, I can't help pointing that there are standard, open tools for about anything that needs to be done.
For example, the programmer could use "curl" http://curl.haxx.se/ to communicate with a web server from a program. Not only a Clarion program, but any program. Aside from that, Clarion does have access to all the Windows API, and it is just a matter of writing the code, so, sockets, http, mci and whatever are at any programmer's reach.
Need to send e-mail from a program that apparently doesn't have access to smtp functions? use "Blat"! - blat.net
Want to download some file from a web site? wget - gnu.org/software/wget
These are all command line interfaces. And I suggest the ones who don't know what "interface" means, to go get a look at The Free Dictionary - tfd.com/interface
Regards
Related
I searched through a couple of questions on the topic "What to use .NET's Windows Workflow for?", (like this and this) and they got me started in grasping the big picture.
But one of the posts mentioned this article, which mentions the term "Process server". More specifically, here's its quote:
It seems like the most obvious use of WF in projects so far is when
you’re building a process server product.
I have been trying to find a clear definition of what a process server is, but did not succeed yet.
One will end up in browsing IBM's WebSphere Process Server, which offers a very short overview of it's purpose, among other links - but I could find no clear and precise definition for Process Server (wikipedia has none).
Could anyone help fill the gap?
The word Process might be closely mapped to something like a Workflow. If you reckon that a workflow needs to be executed, separately, by some entity, you will usually have a Server doing it. So there you go, a process server is something that executes workflows.
Btw, as you can read in one of your links, IBM's WebSphere Process Server at some point changed it's name (and backend apparently) to Business Process Manager. So, continuing with the same line of thinking, and this is me speculating on why they've chosen that name, maybe they thought they were not only executing but also enabling customers to manage workflows. Manage ends up being a more broad and inclusive word (and prettier for the sales guys to use as well :).
WF4 knows how to execute workflows so, yes, it can be used to implement a Process Server.
See, this is my very loose definition of it, it might be greatly improved and completely open to discussion. It really depends on which path you want to take on that discussion.
I'm making an asp.net web application which will run locally on IIS
for a single user
I don't want this user to access my application files (in the www root ) or bring another programmer and steal my code
I just want the user to have the ability to access the website only and
stop any programmer from knowing my source code
I heard about an USB security system called "Dongle" but can it be used in a situation like this ?
any Ideas ?
thanks in advance
The website is just running code, but like anything, once the user has it they can do what they like to it, whether you like it or not. That's why there is a multi-million {currency} industry around securing applications.
You could use dongles but they're expensive and not trivial to implement. As #volleyball said, obfuscation would slow down most people from decompiling your app. without odfucation any licensing or dongles could just be patched out of your code.
Your most secure route would be to not give it to them. It's a web app, host it. This may not of course not meet your requirements.
Simon
I have never heard of a web application that uses a dongle. This is normally reserved for regular windows apps; and even then it's falling out of vogue. Generally speaking some of the more expensive software packages still use them.
However, the cost of duplicating a dongle is pretty low. Combined with the fact that getting around such security is relatively easy anyway and you have a situation in which you really shouldn't bother.
As Simon said, if it's a web app host it. Otherwise obfuscate it.
If neither of those are possible, then I'd recommend you change your licensing deal with your client to include the possibility of them going elsewhere. Perhaps for an additional charge you'll give them a non-exclusive site license permitting them to do whatever they want with the code short of selling it or giving it to another entity.
did you look at obfuscators. They do a good job at encrypting code. 99% of the time your code cannot be reverse engineered. But if someone sits on your stolen code they can reverse engineer.. In the sense that ordinary people may not obfuscate it. If the person is very intellingent, he will not reverse engineer he will write better code.
I know it may sound silly, but i worked for a client that seems not willing to pay me, but is making money with his website...i still have access to the ftp...so, i'm not going to tear down the website if he doesnt pay, but i would at least protect my code that i gave him...so in case i'm sure that he cant resell or use again...
http://www.zend.com/en/products/guard/
If you code for your client in PHP, this will prevent reverse engineering, and you can set the application to expire after a certain amount of time. There are numerous other licensing options available.
I think you have a deeper problem though, you should really talk to your client or get a third-party mediator to resolve this. At the very least, you should receive a deposit. Contracts will also give you some legal leverage, so you should have signed one before you started work.
what form is your code? html? js? java? c#? you can obfuscate js, for java (or .jar file) you can use the strip/pack tools as detailed here.
in general, obfuscation seems to be pretty effective for all of them (even html, if the bulk of it is generated through scripts :p )
Consider the next poor guy that your client recruits to manage that code... And consider the ramifications - because his impression of you will be based on that code!
If your code is written in ASP.NET, you should obfuscate it (Visual Studio comes with the community edition of Obfuscator), but there're probably better obfuscatation tools than that one.
On a side note, I got my code and last payment actually stolen by a client (the binaries not the code itself, but he managed to disassemble the code with help from a developer. Unfortunately it's too easy with .NET). This is one case where I really regret not obfuscating the code.
First, don't do anything that could be taken as a malicious attack against your client. Messing with their FTP after they have ceased communication could land you in hot water.
Second, if they haven't yet given you a cent for your work then AFAIK you still own the full rights to that work. (i.e. the copyrights on the code etc. you provided) If they use your code, without a license and without paying then they are committing copyright infringement.
This is all legalese, but I'm not a lawyer. Talk to an attorney before acting on copyright.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I have a small classic asp site and I am concerned that a client may stop paying me. The site is on their server, so I basically want an "off switch" in the event they stop paying me. I couldn't think of a good way to do this as they have a tech person who has access to the server, so any code I write to stop the site would be easily found and changed in the classic asp site (there aren't many pages).
So we had thought of maybe obfuscating the 2 main class pages so that they won't be able to edit the pages easily and we still have code to stop the site functioning. My questions are:
What is the best option for obfuscating classic asp code (if anyone has done this before)?
Is there another option that maybe we're not thinking of?
Thanks for any help you can provide!!
I think your energies are better placed on setting milestones in your project that are tied to payments. This ideally is done in increments so that neither party feels at a disadvantage with regards to the amount of work done / amount of money paid.
Obfuscation is easily removed and decoded, generally.
Remote checking for a security license opens a security hole for the application, and also can be defeated relatively easy.
Putting in code that "self destructs" if some action or code is not removed is also not great practice.
Licensed software is a little bit different in this regard. It sounds like you're building a bespoke system that you will simply hand over to the client at the end. If that's the case, putting in mechanisms to disable that system that only you control is not a great way to build trust. They may be violating trust if they fail to pay, but your disabling of the website actually gives them an additional incentive NOT to pay you, and consider you as a programmer willing to put in a Trojan Horse into the code.
The real problem to solve here is not in code, but in project management. A social not a programming problem.
This is a hard problem, and a great one for StackOverflow. I wish you well in sorting it out.
You're in Australia right? You have a small claims court system? If you've delivered what you were obligated to code for them, you shouldn't have a problem collecting.
I'm pretty sure that programmers have gotten sued or even charged criminally for this sort of thing; the courts see it as "hacking" into a client's site and breaking it over a payment dispute. Be careful.
I believe the best way would be to simply have it call your own server for some critical piece of data. That way you can restrict that service if / when their subscription does not tally with your desired business model.
It does depend a lot on the site, but there will always be something you can return from your own server to keep the site active. Also this does give you the advantage you are not disabling their server but your own if it goes wrong.
hope that helps
There is a tool from Microsoft called Script encoder that encodes a script into garbage, though it's fairly easy to get the original back..
Why not put some of the business logic into a VB6 component? That's valid optimisation and obfuscation in one. They could decompile such a DLL, but it's a lot of hassle.
More importantly, you need to consider who owns the code, regardless of what you do at this point. The link below is a discussion on code ownership in freelance situations (without a contract), and I think that the accepted answer defines the issues rather well: https://stackoverflow.com/questions/111815/freelance-work-with-no-contract-who-owns-the-code
Hi I am currently designing a website for a client - the site will be written in asp.net with a cms built in. My client has come back saying he wants to play mp4s on the site - plus being able to embed some other videos from youtube, vimeo etc.... in his blog - I have managed to convice my client that playing .flv would be better for obvious reasons (which he has agreed is OK). but when I went back to my coder, he said that because of the fact its a dynamic site that it will take 2 days to get this working (in terms of creating the mechanics to allow my client to up load his movies etc.....)
Is this correct - as my client is under the impression that it should be a simple thing to do - while my coder tells me that its not that simple.
I am in the middle of all of this - can you help please!!!!
At the end of the day only the coder you are using knows exactly how much effort is required here. You have to trust them. This almost certainly not trivial. Make sure you and the coder understand exactly what's being asked for here and that neither of you are assuming anything about how the client expects it to work.
Is your client a programmer? Non-programmers should never dictate how long a programming task should take.
If you're cowboy coding without testing "today" would probably suffice, but any sane and professional development shop would never let this happen.
Now let's clarify what your client really told you to do:
Your dev seems to be assuming that he has to support adding/uploading videos from your CMS.
If your dev is going to use a 3rd party API like YouTube, 2 sounds reasonable. If you're going to serve it on your own site, it'd take at least a week's worth of programming to make sure your site can take such a heavy load of streaming data -- it's stupid, not to mention highly irresponsible, to assume it could be worked out in a day.
Now, if you're client is only really talking about embedding videos in blog entries or articles, that's a very trivial task: YouTube, Vimeo and other video sharing sites already supply the HTML embed code that's needed to display a video on a page. In fact that's a zero effort task assuming that your blog entry editor properly parses the embed code, or has an Edit HTML feature.
So, which one is which?
This might be a good occasion to use the <video> tags. It might simplify things at the cost of only supporting users with recent browsers.
Two days is a quite optimistic estimate for all that you've mentioned. Maybe for embedding YouTube videos only, but for upload/storage/streaming of videos on the local server it's a different thing entirely.
But if you don't understand programming yourself, then you have to trust the expert that you've hired to do the job for you, and you have to tell the client that is how long it will take. The fact is that these things aren't trivial to write, there's the front end website management interface that needs creating, and the back end server software that manages what to do with the uploaded file. Never mind integration and making sure it's easy for the client to run a workflow of upload file, incorporate that video inside some content in the CMS, and so on.
I just recently did this, you need to get videoLan http://www.videolan.org/
This streams mostly anything, after you set up a streaming site it's easy!