Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
HTML5 code can easily be seen through "Inspect Element," or retrieved from "sources."
I am wondering if there is any way at all to hide a Web application's code completely on the client side from the browser.
All languages are welcome, so embedding applications (such as Java Applets) are acceptable. Are there any clever ways to approach this problem?
Vaadin
Using a server-side oriented web app framework such as Vaadin where your business logic lives only on the server written entirely in Java while the framework automatically generates the HTML, CSS, JavaScript, DOM, AJAX, and WebSocket code necessary for presentation within the web browser gives you much masking of your critical code.
Any user will be able to see the auto-generated HTML and JavaScript and such, but it won't mean much.
The hacker will be able to manipulate that client-side code but it won't do much. For example a hacker could alter the HTML/JavaScript defining the values in a pop-up menu to add another unintended item. But your Java code on the server can check for unexpected values and handle the fault or throw an Exception.
And Vaadin performs integrity tests to verify that the client and server remain "in sync". Hacking the client-side code is likely to rapidly throw them out of sync.
It's impossible to hide frontend code completely, because the user's browser must be able to read the code to execute it. This issue isn't limited to the web. Even native binaries can be inspected with a disassembler - again, the user's CPU must be able to interpret the code, so a sufficiently skilled attacker could interpret it as well.
That said, obfuscating code can make it more difficult to read. JavaScript is often minified before it's put in production - primarily for performance reasons. This also offers a basic level of obscuring the functionality, protecting against less-skilled or less-motivated attackers. Google's list of minifiy resources may be a good place to start.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm creating an Android application which will access data using a restful web application.
I have quite a lot of experience with Java, but minimal experience with PHP.
Having looked online, it is difficult to determine which language is more suitable, scalable, portable etc.
I'm hoping that the Application may one day have many concurrent users and therefore I need the most suitable option.
If anyone has any experience writing a web application in either language, I'd be really interested to hear about your experiences, and any problems you faced.. i.e. for a java web application do you need a tomcat server or another embeddded to server for it to be able to run?
Thanks, for any answers, Matt.
If you already have experience with java, I would suggest you use the following to build your REST services: http://restlet.com/
Its very easy, and efficient. The performance is very smooth. For PHP, you will have some learning curve, and also there is no standard. Mixing java with PHP is like combining a VERY STRICT LANGUAGE (java) with a VERY LENIENT LANGUAGE (PHP). So its safer to be on the same language.
Tutorials:
Official tutorials to get started: http://restlet.com/learn/tutorial/2.2/
Good step by step tutorial with screenshots and code snippets: http://java.dzone.com/articles/restlet-framework-hello-world
Short:
Take JAVA!
Always choose the language you are comfortable with. Also I think Java is better suited in the end.
PHP isn't my favorit. Most of the people like it, because it is easy to start with. (It was also for me the second (non Browser) language I touched.)
Framework Tips
WebFrontend: Play Framework
Back End&Scaleability: AKKA
JSON: Gson
Long:
Scaleability in the meaning to scale to lots of concurrent users:,
is more a architectonical issue, as a question for the right language. You can write scaleable software in any language. The difference isn't the scaleability of a language, but it could be the performance. One language will take longer for the same task as the other one. But you could always throw more Servers in, to scale out.
Architectures to consider if you want to scale out, are in my opinion message based designs. My favorite is the actor model, there is a very good framework for that in Java, the akka framework (production proved). But I think you first should get your software running. If you get enough users... scalability problems are the problems you like to have (they mean you have users).
Scaleable doesn't only mean, that you can scale to many concurrent users. But the ability, to handle the complexity of the software or can handle concurrent development and so on (your team will grow, thats also a problem to handle). In this topics Java is as clearly static typed OOP language, better suited.
Also the performance will not be as good as in Java (it is a interpreted language). But there are always options. Facebook started with PHP. In an interview one of the lead developers, told that PHP isn't that scaleable, because PHP wasn't designed for OOP. But the performance issue was handled, through writing a compiler for PHP (outputs C++). [If if find the link I will post it] .
Update the PHP Compiler is Called HipHop and it uses HHVM (Hiphop virtual machine), Facebook developed it after excessive CPU usage
You can consider looking at https://jersey.java.net/ As a web container you can use anything like Tomcat. I have used Google App Engine in the past.
To get started quickly with Java look into http://dropwizard.io/, using less EE frameworks and more standard Java.
Has Jersey for REST and is supereasy to run.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I'm starting a new web based enterprise application, and I'm thinking of using Wavemaker.
I'm a fairly experienced java-ee developer, but it seems to me that even in this case, WaveMaker still makes sense to develop the application fast and focus on the business logic.
My questions are :
1- Are their any drawbacks to this platform
2- Can I do all the normal things from the server side easily (like sending mail,building birt reports, adding jobs)
3- Can I freely manipulate javascript (for example for specific animations, using plugins....)
4- Can I integrate realtime processes, like websockets ?
Thank you
I've used Wavemaker in an Enterprise application with success. We used quite advanced features such as heavy use of backend logic based on JavaServices, an run-time SQL database selector made inhouse, JS plugins for the frontend, obfuscation etc
We later recruited a devteam to take support of this application and, although the community is small, the team learn quickly and was able to maintain the code base.
As I see it, Wavemaker is a excellent tool if you like to:
deploy a web-based CMS for your midsized SQL database
deploy a smaller web control page for your java back end system
To answer you questions:
1) Small community: Although the community is friendly and on their toes, it is too small to ensure the type of feeback you might be used to. You will have to spend quite some time banging your head to the wall when you try to go beyond the example applications.
2) Yes, you have all the freedom you would expect from a Java backend. Simply said; each REST api is assigned to a Java Method, its up to you to implement the logic. I have built wavemaker on SQL, mongoDB. With email interactions, data parsing, file upload/download etc You name it
3) Yes, you can add JS plugins and customize the scripts generated by Wavemaker. You might want to make sure that you don't edit the auto generated JS, since they will be overwritten. but as soon as you found the right entry point you are free to customize just the way you like it.
4) Yes, since you build you own back end in java you are free to open up any type of communication you like to have. And since you are able to customize the front end js you will be able to read this data. But as I said in question 1 - there will only be a small community helping you
So to sum it up:
I vote for Wavemaker, but make sure to only deploy it if you application will be similar to the templates/demo provided, if you build a unique system you might like to look into other solutions.
All choices have drawbacks. There is not a lot of WM expertise to be had. You'll need to deal with some issues in terms of the library at hand, dojo, spring etc instead.
you can,but it requires some java knowledge. You are operating in a spring MVC you can
you can, you are operating in a dojo client there
possible, probably. worth the effort, doubt it.
1- Drawbacks- It's enterprise focused platform, so will require own effort to learn it.
2- Yeah, you can do pretty much all normal things (at least from my experience, till now)
3- The tool has kind of open-source configuration so its easy to manipulate or customize your codes if needed
4- From my experience, WaveMaker has one of the best and most diverse integration options available.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I plan to build a product that would let users do what Google Docs is doing today (although, not as good as Microsoft would do it) - edit word docs. The reason I can't use Google Docs is coz I need to build something new on top of it - like annotation support/ metadata support and all that.
So, if I were to start from scratch, How big a task is this going to be? Can I start with some fancy JS libraries and extend them or something? For instance, something like yahoo pipes, non-flash, pure JS/HTML5 + ajax based web application. Are there open source alternatives that I can make use of?
Is it going to be pure JS editor(on the client side)? if so then.
Keep it modular(or try at least). Try Sea.js to separate stuff and load it on demand.
You need some editor to edit text of your doc: TinyMCE, CKEditor, jWysiwyg etc. (all of this uses iframes and contentEditable property to change page content on the fly).
Some proxy server to exchange information about docs(and keep info about docs too). Depending on the performance needed you can start off with Apache and PHP and MySQL(windows WAMP package).
2.a For php server side you need some framework to get your logic together. Maybe Symfony2, CakePHP or other MVC frameworks(cool to use).
For real-time update you can use Node.js and IOsocket(WebSockets) to create peer to peer communication between users(one changes text, the other sees it immediately). HTML5 browsers only tho.
The amount of work needed is depending on your requirements for this project. First of all create a specification, collect requirements, analyze the problem, implement, then test it.
4. For testing you can use some headless testing frameworks(still with node), jstestdriver etc.
That is what came to my mind first, Good luck.
Google Docs is an enormous and deceptively complicated application. It implements pretty much everything from scratch, including text selection, caret, text measurement and positioning and does easily the best job of this that I've seen in a browser. They've managed this, I assume, by having invested in an elite development team over a number of years.
All that being the case, trying to write something of the level of Google Docs is almost certainly a non-starter. You can get limited editing capabilities using contenteditable elements, but taming that particular beast is also an extremely tricky task and I'd recommend using one of the larger editors (CKEditor or TinyMCE, for example) at least as a starting point.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I have a desktop application, to use that I need to login to it every time. But I want to automate this login process.
I want to write a little program which will:
load my desktop application (in a scheduled time)
type the user name
type the password
click the login button
My concern is, is this possible with a Desktop application? If possible what is the path I should follow?
I'm have worked with both Java and Ruby, so if I could get something developed by those two languages that would be great.
This would be around a four-line script in AutoHotkey, as it has function primitives that closely map to your operations.
I would advise using AutoIt if you are on Windows, it can do everything that you need easily.
http://www.autoitscript.com/site/autoit/
Also useful if you like python, there's a cool program called Sikuli that you should check out.
http://sikuli.org/
It can be done without programming. There are many applications that can save a user's scenario and repeat it many times !!! (that is helpful for stress testing).
Take a look at IBM Rational Robot. You can also find many similar free tools.
More details about your test environment (Windows, Mac, Linux) and what the technology the GUI is made of (Windows GUI, Qt, embedded browser), etc. would be very helpful for determining what solution is best for you.
If you are one Windows and dealing with native controls, RAutomation is a great gem that should do what you need. It even has an AutoIt adapter mode which makes it a strict superset of AutoIt functionality.
If you need more power, consider checking out the Windows UI Automation framework. It's mostly in .NET but you maybe able to find or write a Java or Ruby wrapper around it. See a .NET example here.
If you are dealing with a UI which is an embedded web browser, then consider using watir-webdriver to drive it. You need some platform specific code to get the embedded browser instance and bind to it. The rest should feel just like a web application.
Finally, the mention of Sikuli is certainly a good one for being able to deal with any UI without needing an API. It's also Jython (yay JVM!). That said, I've found it to be fiddly and brittle, even more than typical UI testing due to its lack of identification of elements based upon either IDs or some kind of object hierarchy and relying solely on appearance. That said, it's really quick to be up and running so give it a shot.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have not had much experience with Webservices or API's.
We have a website built on Oracle->Sun App Server->Java->Struts2 framework. We have a requirement to provide an API for our system. This API will be used by other systems outside of our system. API is just for a simple SP that we have on our database. The other system does not want to connect to our DB to gain access to the SP but instead and an API as a 'webservice'
Can the community please shed some light on how to go about this? Will the API be put on our webserver? is that how the other system will connect to it? And how to go about creating a public API?
Some things you'll need to think about are:
SOAP vs REST (Why would one use REST instead of SOAP based services?)
How will you handle authentication?
Does it need to scale?
You might want to take a look at https://jersey.dev.java.net/.
It would also be helpful to look at how another company does it, check http://www.flickr.com/services/api/ for some ideas.
If you are using the Sun App Server, it should be fairly trivial to make an EJB exposed as a web service with the #WebService tag, and then have that EJB call the Stored Proceedure and return the data. The app server gives you tools to publish a WSDL which is what they will use to know how to call you API.
That being said, what sounds easy at 50,000 feet is a real pain to deal with all the details. First, what about security? Second, are WebServices really required, or is there a better communication mechanism that is more obvious, such as (at a minimum) REST, if not some simple servlet communication. And the hardest part: In exactly what format will you return this result set?
Anyway, you could be dealing with a bit of a political football here ("what, you don't know how to do web services, everyone knows that, etc.") so it can be a bit hard to probe the requirements. The good news is that publishing a web service is pretty trivial in the latest Java EE (much easier than consuming one). The bad news is that the details will be a killer. I have seen experienced web service developers spend hours on namespace issues, for example.
Soap or Rest or .. is one side of the medal and depends on what the clients want.
The other (more) important thing is the api design itself. Shall it be stateless or stateful. Are clients co-located in the same VM (Appserver) or remote in the same LAN or even in a Wan.
As soon as the communication goes over the wire, it gets slow due to serialization. So you want API methods to obtain bigger (but not too big) chunks of data at a time.
Or in other words, your question can not really be answered without knowing a lot more about what you want and need to do.