I'm building a online code checker software.
I'm building a code checker, at times the user may submit code which is harmful for the server or it may even destroy the server, how will you put check on the users code and save your server?
If you're running linux or unix variants, you can use chroot to run the code in a limited environment. Also, run processes with appropriate permissions. I would also recommend an outbound iptables firewall so any code can't get out to the internet and potentially download hacker-packs. The code might still be able to destroy the contents of the chroot, but won't be able to access the system outside.
Bear in mind, Apache in a chroot environment is tricky, especially if you need access to system libs or general functionality.
Related
So I'm working on a Chef cookbook for Windows, meaning it is generally executed on a Windows Server instance (2012r2 in this case). Specifically I am installing MSYS2 which uses Cygwin under the hood. I noticed that package installs were very slow and tracked down an article showing how the default nsswitch.conf in Cygwin uses the slower dynamic SAM/AD integration. For most users, and especially for my test environment this isn't needed so I tried following those steps to use only file-based users/groups. This resulted in a massive speedup (roughly 6x).
But there is a weirdness. It only works if I've logged in to the server via RDP at least once. Otherwise back to slows-ville.
Since this isn't hugely useful to automated testing, I've tried to figure out what exactly is causing the issue. The most likely candidate is that the first RDP connection (i.e. non-WinRM/headless session) is populating some piece of the user profile that headless sessions don't load, but I can't figure out what. I've tried calling LoadUserProfile, which is supposed to create a profile it doesn't exist, but this is not enough.
Any ideas on what piece of this I'm missing?
I'm planning to teach a group a people how to setup a website using WordPress. Those people have some basic computer usage knowledge : they can surf the web, write emails, install software on their computer, ... But they are absolutely not developers. And the training does not aim to teach them development.
But I want them to be able to setup a fully working local web environment or their computer that runs on Windows. I was planning to use XAMPP, but I'm wondering if Vagrant is not more suitable. I could prepare a box with a lot of tools already included, and they will just have to install it. Interaction with the server would take place only via http and FTP (no ssh needed).
Is it possible to create a batch file that they can click on to launch the Vagrant ? If properly configured, is that as easy to use as that for absolute beginners ?
from what you describe there is almost no vagrant thing, you would be responsible to make the vagrant box and the vagrantfile, and you will not expose your students to vagrant. only thing is that they would need to have this bat file on their desktop (the only command that it will need to run is vagrant up, make sure to expose the vagrant cwd variable) and the server will be up and running.
The main advantage I see then is that you will completely make your students in the same situation they will be with their production system. they will face the same tool (FTP, wordpress admin ...) on an environment (more or less) identical to a production environment.
Ok, so I'm a bit late jumping onto the Vagrant band-wagon, but figured it's about time I did.
Brief background: I've been a freelance developer for quite some time now developing solutions based on Magento and Drupal, and have finally gathered enough demand to warrant the need to build up a team. Previously, whenever I started development on any new project, I use to clone a preconfigured base VM in Virtualbox, and use that. Of course there were still configurations to do on it until I could start with actual development. Every project's web files therefore all resided inside /var/www/projectname on an Ubuntu VM.
Now I've read up on why I should be Vagrant, especially considering that I now have a team of 4 developers working with me, but I would appreciate any feedback on the following questions I have:
Moderator note: I know this isn't exactly asking a programming question, so please advise if this could be turned into a wiki, as I'm sure that feedback into this will help someone just like me.
I am still reading through the Vagrant docs, so please be kind...noob questions ahead!
I now work on a Mac. Does it matter if I use Parallels, and another developer uses VirtualBox on Windows if we need to share or collaborate on projects?
When I issue the command, vagrant up for an existing project, will it start the VM up as I would in VirtualBox or will it recreate the VM?
Is the command vagrant halt the same issuing sudo poweroff in Ubuntu, for example?
I currently use PhpStorm and its SFTP feature for project files synchronization with the option to exclude certain files on the remote server (VM) from being imported and sync'ed...will I be able to specify the same using Vagrant folder sharing?
Could I easily zip or archive a Vagrant VM, move it to a file server, and then "re-import" when and if needed? (example bug fixes, or new feature enhancements)
What do we use to easily provision VMs for common projects? Should we being using Puppet, Chef, Puphpet or Salt? I've seen that Puphpet provides a nice GUI to create a vagrantfile which I'm sure once generated, we could customize for future projects. At a very basic level, we need to ensure that certain applications are installed onto the server (zip, phpmyadmin, OpenSSL, etc.), certain PHP settings, PHP and PEAR modules, and Apache settings. I already have base VMs set up as I'd like them for both Magento projects as well as Drupal projects.
EDIT: I should also add that I use to enable Host Adapter in VirtualBox (on Windows), configure the VHost inside Ubuntu, and then update my host machine's hosts file with something like 192.168.56.3 drupalsite1.dev. So I'm unsure if Port Forwarding would be better to use? I'm not very clued up on that I must admit.
Like i said - noob questions! However, I would really appreciate any feedback on these questions. My deepest thanks!
Most of what you are asking is subjective so common sense and experience are the best tools.
I recommend all team members use the same provider (parallels isn't officially supported) and virtualbox is readily available. The base boxes, by provider, could have slight variances, you never know.
Vagrant will start the vm similarly but vagrant also does other things like configuration the network, hostname, shared folders, etc. Not quite the same. The big power lies in the capability to be able to teardown the environment and bring it back in a cleanly provisioned state.
Basically, yes.
Yes, your vagrant VMs are just like your own mini cloud. You would interact the servers similar to the way you'd interact with external boxes.
Yes, the simple answer is that it's called packaging and you can share the resultant .box. However, it's good practice to keep the base box and provisioning scripts under CM so you can rebuild and modify as needed.
For provisioners, I think it is dependent upon your experience and your familiarity with the provisioner language and how much you want to invest in learning them. Look through the provisioner support and see what fits your need and budget. Chef has a very steep learning curve, in my experience, but also has a lot of thought built in. Most provisioners have wide libraries of available installation "scripts".
The host adapter can be handled identically in vagrant.
Learn by doing, I recommend going down the table of contents (navbar) of the vagrant docs and trying each step where it makes sense. Then make your decisions.
That is my 2 cents. Hope this helps!
First, I guess I'd have to figure out if I'm running remotely and second I'd have to figure out whether my remote connection is a standalone remote app or an app running on a terminal server (that may be tricky).
But, once I've figured out all those awful things, is there a way to run a windows function like ShellExecute locally instead of remotely?
The reason I'd want to do this is because I launch a web browser to view rather high bandwidth things that require javascript and flash and certain sysadmins who administer our product aren't too keen on having to make unnecessary and insecure modifications to their terminal server farm.
Yes, if the clients are running Windows and you can install software on them.
See Remote Desktop Services Virtual Channels in MSDN.
There is a free tool that does exactly what you want. I got reference from TechNet forums, it's named Remote Executer from http://www.mqtechnologies.com
Good luck
I was wondering if there was a way to make a *.dll that mounts archives in Windows without the need for installing drivers. I've tried mounting *.isos (and was successful), but I needed to install drivers, which was not something my intended audience wants to do (or can do). The other relevant alternatives were for Linux (fuse-zip) or dead projects (zipios++).
Something along the lines of this...http://mountziplibrary.codeplex.com/
Oh, and it'd be great if the solution was GPL v3'd or at least open source.
Thanks.
Have you looked at Dokan? It looks like a Windows equivalent to Fuse.
What you're describing is called an Installable File System (IFS). It theory you don't need a driver: implement a SMB server in application space, and let the existing kernel network client talk to that. It's just TCP/IP at that level.
The proper solution is indeed an IFS driver. Fundamentally, drives are objects in the kernel namespace. As such, the code for them should be part of the kernel, and an application never is.
There was a hobbyist project called WinFUSE once, which worked as an SMB server and redirected FS requests to your .NET code. But it's gone, as far as I know. Proper way is to use a driver-based approach. The driver can be installed and removed on-the-fly if the user has admin rights, and if he doesn't, installation of the application requires admin rights anyway. In Unix/Linux it's the same - you can't mount a disk (not saying about the driver now) if you are not an admin. Could I not mention that Callback File System is the only professional supported solution that lets you accomplish the task?
I've decided to Google around for some answers.
One of particular interest was zziplib. It's for C and transparently accesses archives, just like Windows does, treating it as an actual folder.
Of course, the other implementations given by users work too. This one just fit the bill for me.
Maybe this one helps you: ZLib