It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
Do I really need a Portal ??
Always one question comes to my mind , why do people go for Portal development , can't they manage with a normal web aplication , managing the UI Page with different sections? I am sorry if my question is not valid.
Or In what scenarios do we actually need a web Portal?
Managing a UI page with different sections is fine if your users are using only your application. However, a portal allows your users to use multiple applications (and many of them not created by you) and kind of 'aggregate' their content on one page; well at least have a place which provides easy access to them on one page. The emphasis here is on multiple applications; these are applications that you as a developer may have no control over; they may have been written by a third party (such as Google, or any other developer).
The items on a portal page may not necessarily be from the problem domain that you are developing for. There's no reason why a user can't put the local weather on the same page that he's examining the inventory for his company.
Portals provide a single point of entry; that's the key point. A portal also provides some other niceties such as managed logins. If you are creating an application for a customer, and you don't have a need for a portal, a portal may be overkill (and probably is, if you have to ask).
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I have 3 JSF projects (let's say A, B, C) each having same database, server. I want to merge projects A, B into one and make it available over internet, similarly merge project A, C into one and make it available over intranet.
Intranet website will need an authentication layer, I will probably add JDBCRealm authentication.
What is the best procedure to do this, I want the code to be reusable. Do I need to use EJB?
Not sure I understand the question. But if you just want advice on how to manage projects and dependencies between them I would take a look at maven.
http://maven.apache.org/guides/mini/guide-multiple-modules.html
I have a setup I really like, it's basic but I will describe it anyway:
myproject-webapp: This module / project has JSF facelets, controllers, and other things specific for the web portal. It is the topmost project in terms of dependencies.
myproject: This module has the domain classes and the specific business logic.
Whenever I start a new project it is composite of those two parts. Now anytime I write some domain or business logic code that other projects can benefit from I put that code in it's own module called "core".
Respectively any time I write some jsf or web aware code that could (and should) be unspecific I make that generic as well and put it in "web-util".
So anytime I create a new project first thing I do is declare dependencies to "core" and "web-util". This makes each project really slim code-wise and straight to the point. Boilerplate code such as as generic dao, custom converters, custom interceptors/producers/events and whatnot is immediately available.
Separate out all your concerns, that is authentication and other environment specific information (a,b, &c)
Create deployment scripts that build target specific or deploy target environment specific.
Note there is a difference in the above ( user whichever is safest).
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
We have a new extension that we built for many months and is live on the webstore.
Our extension communicates with our API and we get many fake installs daily - installs that we see in our API and not in the web store.
After many sleepless nights - We suspect that a robot with chrome runs our extension and deletes the local storage every time - this is only our best guess, although we are not sure if it's likely because the IP of each installation is different.
There are many more details - so If you would like to help and need further info let me know what and I can elaborate.
I'm not familiar with this Chrome extension API, BUT, if someone earns money by letting people install your extension then I'd check that lead.
Eventually, the clients (many IPs you say) that apparently "install" your extension report this event by making an HTTP request - again I only presume!
Saying that, it might be that someone controls many computers which simply initiate these HTTP requests to "report" a (fake) installation, thus making money.
If that is the case, and someone does make money out of your extension (could be also INDIRECTLY) then check the affiliate code or whatever, this is even an issue to report to Google itself, they can certainly investigate that.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I want protect web-application for administrator/other with physical access to server.
Any ideas?
Thanks
How physical is physical? :P
Your webserver (let's say Apache) needs to access your files. It runs under a user account (www-data or apache or something). Ergo: the files for the webapplication should be accessible to this other user.
An administrator (root user?) can impersonate any user, and has access to all files, so if you're dealing with a very smart administrator he can always get to your files.
You could run your webserver on a different account, and encrypt the part of your disk where the web application files are running. But since the webserver needs to decrypt it, the decryption key has to be stored somewhere, and the administrator has access to it.
So, I'd go for obfuscating your web application with (in case of PHP) something like Zend Guard, this makes the source unreadable. With a license manager on top the source is quite useless outside the server. (Not completely unbreakable though).
The only way to make really sure your sources are safe, you should be the only one with access to the root/administrator account.
Physical access can only be prevented by hosting your own server in a secure data center...
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
how to minimize threat on website?can u list the way to minimize that problem?
This is an extremely broad topic, and can't really effectively be answered in one answer. But here's a few common vunerabilities you should be researching and learning about.
XSS (Cross-site scripting) attacks - A method by which the security of your users can be compromised by allowing arbitrary javascript to be executed on your page.
SQL Injection - By allowing arbitrary SQL scripts to be executed on your database, you can give attackers the ability to retrieve senstive information from your database or even destroy data.
Password Security best practices - There's a whole host of information about the proper way to deal with authentication and storage of user information in your database.
There are a handful of universal things to employ:
Good password policies
Avoid SQL injection vulnerabilities
Secure the server itself, not just the website
This list can, and does, go on just about forever. It's a little vague, but then so is your question really.
It sounds like you're asking "How do I do secure web programming?" That's just too broad for this site. You're asking us to impart years of industry knowledge about a very diverse subject into a few paragraphs. It just can't be done.
You're much better off getting some books on the subject. You can start with the Web Security Testing Cookbook. But there are a lot more places to go from there.
Keep in mind that two big parts of "securing a website" are:
Designing it with security in mind from the beginning. Retro-fitting security isn't very reliable. (As an old network admin I worked with once said, even if you put your cotton candy in a steel box, it's still soft and squishy.)
Knowing how to exploit security holes, so as to better test your own implementations.
As others have mentioned, this is a broad topic.
Personally, I would start here: http://www.owasp.org/index.php/Top_10_2010
The OWASP Top 10 list is the basis for PCI compliance, and considered the gold standard by many as far as web applicaiton security. OWASP offers general guidance, as well as specific guidance for any number of platforms. I've learned more about security here than anywhere else.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 12 years ago.
I have been trying to find a simple answer for a while now but I can't seem to get a direct answer?! Can someone please put it into simple terms? Thanks it would be much appreciated
SharePoint is a content management system (CMS) build with an ASP.NET front end, and an XML based backend running on IIS and SQL Server.
A good start is wikipedia:
http://en.wikipedia.org/wiki/Microsoft_SharePoint
Sharepoint is just a one stop shop portal. It allows you to manage documents, provide workflow, and collaboration. It even can be built to work like a CRM system, especially the 2010 version which is .net based.
All in all it is a good intranet tool for a company big or small. It can handle documents and provide information like when the document was updated, what was updated, checking in / out documents.
It also allows you to post notes, reminders, notifications for company wide functional groups. You can strict it to be departmental. It is a monster that is based on a SQL SERVER backend with some notorious tables. You can build lists of any sort, import Excel data, and create performance indicators for things like reports or management content.
Just a very large CMS (can be CRM) / Document Mgmt / Anything embedded from .net system.
Sharepoint is a system for shared calenders, appointments, discussions, document tracking, crm and cms solutions...
Good for internal use - but can equally be used external public face content manageable sites.