I have an application I support that often needs to have one of it's job services stopped then restarted in order for the end users to continue processing within the application. The vendor of the application has released a fix in newer versions of the software but my employer is not interested in upgrading for now.
for the moment, I log into the server, stop the job that is running, start it, stop the job a second time and start it a second time (it sounds weird but I promise it only works if I do it in this manner, weird flaw the vendor acknowledges.
I'd like to create a simple web html page showing the service is running and include a stop and start button to allow the end user to perform this mundane task them selves instead of having to email me to do this. I know this only takes a second but i want to know if anyone has ever built this soft or web app or know where to begin to build this.
One way (and totally insecure, and disastrous, but technically a possibility) is to use something like Flash, Java Applet or Silverlight (or any other plugin technology), they have SSH and/or VNC libraries, that can allow you to use plugins to connect to you backend, however while it's a possibility and something I did when I was young and foolish I would advice against it!
Proper way would be to have a backend, that exposes simple restful api, and will execute local commands when certain endpoints are triggered. Though again, you will have to spend some time securing it and probably shell out for SSL/TLS certificates to make sure that somebody can't sniff your Authorization details.
Related
I just finished my first single site application project, most lines of code are in JS / Jquery with a backend (called with Ajax ofc) of Asp.net / C#.Net and a MSSQL Server.
I have around 10000 lines of code in total, 8K of that iin JS / JQuery.
I am going live this week, so what is to do to clean up such a big single site app?
What I have done:
comment methods / classes
make hard and complex code more readable
explain unclear code with comments
delete up out-commented code (source safe will save it for later then)
Is there something in geenreal I miss here?
Additional to your ideas, I have a idea to do, but I don't know how... In C#/Asp.net my Visual Studio gives me a warning or an error for syntax check, variable checks (e.g. unused variables, double used variables etc.) - is there a tool or a way to do this for my js files?
Recommend every help, thanks :)
None of this is specific to javascript or ASP.NET but for web applications in general. Basically the first time you expose your applications to real users, you have:
silly users, who don't do things the way you want them to.
naughty users who try to bring your site down or steal/destroy your data
lots of users, who may be individually good, but collectively overload your site and expose performance issues
So to deal with this you need to:
Test that everything works. Ideally you have automated end-to-end tests but if not, test manually. Note your tests, so you can automate them for next time.
Run through your application with erratic users who enter incorrect stuff, change workflow, etc. Does anything break?
Security test. Can I login as someone else? SQL injection? XSS? etc. If you deal directly with money or credit card numbers, I would get a professional penetration test done.
Performance and load test. Use a tool like gatling or jmeter, or something equivalent on the .NET side and hit your commonly used server functions with N users at once. N could be 10, 100, 1000000, depending on your requirements.
Once the application is released, monitor your logs carefully and fire fight :)
Here are few things you may check(in case you have'nt already)
Minify all your 8000 lines of jquery code and use the minified version in your production site.
https://developer.yahoo.com/performance/rules.html
Ensure you set the compilation node debug property to false. (Something developers tend to forget)
<compilation debug="false"/>
Ensure compression is turned on
Remove the unnecessary headers. You may refer to this link
Ensure your connection settings are encrypted from config files
Perform DB maintenance activities : rebuild indexes, statistics
I need to run my app always on top of the android system, while the user will be able to exit the app only with his own password. I was told that in order to do that i need to setup and run a Service of my own.
My question is can and how it is done using Phonegap and Jquery. How do i define and run my own service? Thanks for your help.
First, don't do that. I know that doesn't sound like an answer, but trust me, it actually is the answer. What I mean is, no, you don't want your app to be "always on top of the android system." Use the actual Android lifecycle and participate as a good citizen, don't abuse it and try to keep your app always running. I know you may have a use case that makes you think you need to do that, but you most likely don't.
Second, you can write a native service (not JS) and keep it running in the background. This is a a standard Android service. You'll need to create a PhoneGap plugin to hook into your app via the service (or you can create this yourself outside PhoneGap, either way). Then you can either do work in the background, or bring your app to the foreground via the service.
This answer may help: Creating an Android Service with Phonegap? (Have phonegap app run even when closed)
Third, again, don't do that. Most long running services are a bad idea (not all mind you, some use cases require it, a music player, etc, but most do not). It's a much better idea to create an IntentService and schedule an alarm (via AlarmManager) to launch it in the background periodically if you just need to do some occasional background work (fetch data, etc). Regardless of the use case though, a long running background service will consume a lot of resources and make users justifiably wary of your app.
I don't think Phonegap will let you create a service solely in javascript. To be able to make a service, you will have to write at least some native code. See https://stackoverflow.com/a/10427975/1721527.
I've never used Phonegap, but I think you can create a native plugin to talk to the javascript. See http://docs.phonegap.com/en/2.1.0/guide_plugin-development_index.md.html.
See Android documentation on services at http://developer.android.com/guide/components/services.html.
The scenario is:
I have a web API, which is being accessed by two clients:
Web App written in Javascript, which is minified
iOS App
SSL is all set up on the server hosting the API, and it works fine. There is no User Auth for the API because it's a sort of location-based searching app.
I want to ensure though that only the web app and the iPhone client are able to actually make requests to the API. For the iPhone client it's easy - a shared secret between the server and the app will do, and it's encrypted with SSL so we're not worried about people spying on it.
But for the web app the same solution won't work. I can't just leave a string in the code, and even if it's encrypted in there that's all somebody would need.
Basically, I'm looking for a good solution to this problem. I just want to make sure it's kept only to clients who are allowed to use it, but I'm not sure how I can without going and implementing OAuth which I think is probably overkill. Any ideas?
Thanks!
Dan
It can't be done. Even with oauth. Even assuming that your iOS app is secure, is wrong: it can be decompiled. Any code that runs on the client, can be tampered with, and can't be trusted to be who he says he is.
Only question is: is the API you provide valuable enough, and how much trouble would someone want to go through to hack it. And how hard do you want to make it for whomever wants to hack it.
The iOS version is indeed way safer than the javascript version. In the webapp you can obfuscate your code to make it harder to hack. You can (if you don't intend to use it on iOS) use java or flash to further hide your signing code (HMAC-sign your requests, don't just send a shared secret with them. You may think SSL is secure, but there is a moment before the url is encrypted....).
The way the "big guys" deal with this is:
Whatever you build, assume that someone will be able to hack it (as in: use your API for some other purpose than you intended).
Think about how bad this really is (note: they wouldn't be able to build a business on it; it would be WAY TOO vulnerable to lawsuits). Is it really the end of the world if a lone wolf uses your API.
If you do care about the lone wolves, make it as hard as possible (but honestly, isn't it cheaper just to loose some money from the lone wolves, than to spend 2 developer-months on it?)
If somehow there is serious interest in hacking into your API, try to come to an understanding with the hackers (e.g. I like the way how Spotify reacted to despotify. Basically they said "hey, if you don't release anything that makes it really easy to steal our music or circumvent our businessmodel, we won't try too hard to block you")
This is more of a curiosity really, to see if some one has done anything similar, or if at all it is possible.
I'm working on a project that will get notification through external notifications. Now I could go about doing this by having notifications coming to my server and have a comet setup between my client and server.
BUT
I was wondering if I could write server logic into my client and listen out for notifications from external sources. Immediately one issue I see is, external sources would need callback URL etc, which I dont know if you could do from client side (unless one could use the IP address in that way).
As you can see it is more ideas and discussions if such a thing was possible, this is somewhat inspired by P2P models whereby you wouldn't be mediating things through your central server.
Thanks in advance!
GWT compiles (nearly) Java source into JavaScript, so compiled GWT apps can't do anything that traditional JavaScript running in the browser cannot do. The major advantage of bringing Java into the picture isn't automatic access to any/all JVM classes, but the ability to not only maintain Java sources, which tend to be easier to refactor and test as well as keep consistent with the server, and to compile that statically defined code into JavaScript, performing all kinds of optimizations at compile time that aren't possible for normal JavaScript.
So no, while you can have some code shared by the client (in a browser) and the server (running in a JVM), you can't run Tomcat/Jetty/etc in the browser just by using GWT to compile the java code into JS.
As you point out, even if this was possible, it would be difficult to get different clients to talk back and forth, without also requiring that the browsers can see and connect at will to one another. BitTorrent and Skype have different ways for facilitating this, and currently browsers do not allow anything like this - they are designed to make connections to other servers, not to allow connections to be made to them.
Push notifications from the web server to the browser are probably the best way forward, either through wrapping comet or the like, or through an existing GWT library like Atmosphere (see https://github.com/Atmosphere/atmosphere/tree/master/samples/gwt-demo for a demo).
It's quite hard for me to figure out if this sort of thing has ever been implemented. I want to look for any libraries that may exist so I don't go about reinventing the wheel.
I have this idea of having a web app that connects the people who are on the site. Every user that is connected to the site may communicate to another user also on the site via the server. So the protocols will be implemented in JavaScript, and the server simply helps to identify users, and just echoes data to enable the communication. For instance I can use this to implement my game networking ideas in javascript, and easily test them without having my testers download any executables, they can just log onto the site.
Now obviously this isn't going to be an effective architecture for any kind of serious application. But I think if I can get it working I could build really cool networking apps without having any sort of download.
What I'm thinking about is using ajax for client->webserver and webserver->client (Comet?) and I can code up the webserver echo bit with PHP or a cgi script. And then I can implement an entirely separate protocol in JS that the webserver does not care or know about.
The reason for having the webserver echo everything is because I don't want to use java or anything else that I can open up sockets in. Why make it harder for me? Because I can and because I happen to be really enamored with javascript at the moment. It's the only web technology I trust. Screw java applets.
Does this make any sense to anyone? Am I crazy?
Don't know about the crazy part (there's a proposal at area51, go check that) but it's definitely doable.
You could use a plain old XMPP server and a javascript XMPP client (there are libraries - for example strophe)
You could do it with AJAX and a PHP backend: Making an AJAX Web Chat
You could use the fancy Websockets from HTML5: Start Using HTML5 WebSockets
You could use some existing component if you can find any (I couldn't find any I would use)
Cheers :)