It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I'm currently developing a programming contest website, and want to implement support for submitting code and running it on the website. After quite a bit of googling, I still haven't found any "guides" for this.
Does anyone know of a website(or other sources) that contains some basic guidelines or ground rules for this?
Appreciate all replies.
PS: If anyone wonders about all the programming language tags, I'm planning on supporting at least these languages.
Careful -- if you're finding it difficult to break this project down into some smaller, more tactical problems, I'd strongly suggest that you make no attempt whatsoever to actually run anyone else's code on your site. In terms of creating the site itself, I'd suggest leveraging pre-built components or services where possible -- Wordpress, GitHub, etc.
Once you've got the submissions, you'll want to have a way to run them safely. For all practical purposes, this means that you should assume that any machine you run someone else's code on might spontaneously burst into flames. While it's true that some of these languages have features you should be able to use to run code in a "sandbox", you're probably not going to be expert enough in all these languages to be able to properly secure all of them.
It seems that something like Amazon's EC2 might be helpful -- spin up a VM when you need to run a submission, and throw it away when you're done. They've got some pre-configured images that would probably be well-suited to running this code, and if something gets buggered up because of buggy or malicious code, you don't mind too much because you're just going to throw it away when you're done.
There is a site that already does this, albeit for a particular purpose: scraping data.
https://scraperwiki.com/ - Unlike jsfiddle, scraperwiki executes server-side code. As far as I can gather, they likely sandbox the environment via amazon instances. Not sure that their code can be entirely audited and sanitized, given the variety of languages and scraping libraries they support.
I think most people are baffled as to how scraperwiki keeps hackers and spammers at bay from misusing their resources. They've been rather mum about it; either they've manually audited every bit of executed code, or hackers/spammers haven't caught onto them yet. Since the site has a specific function, they probably check data utilization to determine suspicious activity. ...but, one man's site scraping is another man's harassment and injection by get/post.
My hunch is that they'll never publicly spell out what their security audit process is like.
If you really had to do it, simplest mechanical way of doing this without virtualization is to use a variant of eval(). But, not all languages have that. Which brings you to option B, which is virtualization. Better people than I can explain how to regiment virtual machines to this effect, and will caution you properly on letting strangers abuse your resources. Instead, I'll share my PHP experience.
Some years back I've made a project that does code execution on the fly (on a local machine.) As you type, it takes the code via ajax and executes after each keystroke. Here's a video of its behavior: http://www.youtube.com/watch?v=Yfxrt2pc3pg.
Half a decade and 3 improvement prototypes later, I'm still not sure how I would responsibly lock this down as a common resource.
For Java it is quite simply:
You're have to create Servlet, for uploading source code into server (for
example, via POST request)
Use Java Compiler API to compile source code to bytecode ( tutorial )
Compiled bytecode you're might dynamically load via ClassLoader and launch it (also you're might configure SecurityManager)
And don't forget about MVC architecture :)
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I asked this the other day but it was closed, probably because I have a tendency to ramble so I'll get straight to the question.
I've written programs before so I'm not looking for an introduction to programming.
I was wondering if anyone had a good site/article/book that they think would be a good introduction to designing a server application.
The server will be a linux based amazon ec2 server with apache. I would prefer to use python, I know Java as well though if you think that would be a better programming language for server technology. It will be accessed over the internet via a web browser.
Again, does anyone know of a good site/article/book that they think would be a good introduction to designing a server application?
**Edit
The end application will be for use with a web browser to access via ajax to return information from a database/maintain a database and add/delete files from the server. Right now though I'm just looking to write a simple app that will take an ajax call, do something simple with it, and return the manipulated data.
**Edit
For starters I would like to just integrate with a static HTML page that uses javascript to ajax and update the HTML. Later I'll move onto creating the pages dynamically based on database information and templates with ajax calls to have the server update a database when I get more comfortable.
**Final Edit
Ok, for all the people who voted to close this. Where in your mind is "where is a good place to start learning to write a server application" not a straightforward or vague question? Seriously it isn't vague or unanswerable. The only way it would be overly broad is if you assume that when I ask about learning how to write a server application you are assuming that I already have a working knowledge of how server applications work and just left out what should be assumed to your elite hacker mind as given. To summarize, you had to learn about server application theory somewhere. All I'm asking is where (outside of school) and how can I learn the same thing.
Outside of those guys thank you all for providing the information I was looking for. It changed my thinking about how applications run on servers and gave me some insights.
I think you should clarify exactly what you want to build first. Java and Python both have their own strengths and weaknesses for development and execution - they also have a multitude of libraries and frameworks that you can use. For example, in Python you could build web applications off of Tornado, Twisted, Pyramid, Django, and countless others. Java has numerous
Apache has been on a general decline from having a place in webapp stacks. It's a great general web server, but it's totally unneeded with the technologies you're mentioning. If you're deploying Java, you can use Tomcat and Jetty. If you're deploying Python, you can use something small like nginx to proxy http to the python app or use the uwsgi protocol. Most people I know have something like nginx or varnish on port 80, and just proxy everything back to python/java/php/apache/etc.
Once you explain exactly what you want to learn how to build , you'll likely have better answsers.
What are you looking for exactly. What will contains your server and what will the main application ? just web ? webservices ? cron ?
you could look at google app engine
These days site like Udacity Coursera etc are getting popular and are doing wonderful job. I am particularly attending a course CS253. http://www.udacity.com/view#Course/cs253/CourseRev/apr2012/Unit/20006/Nugget/51001
I think thats the best resource.
If you already know Java, look toward a Servlet application. It is a rather easy way to get introduced to HTTP servers, and Tomcat does enough of the heavy lifting to allow you to focus on the actual handling of requests in a manner that isn't heavily concerned with socket handling, protocol deciphering, etc.
If the low level server details are what you are after, Java is still a good choice, just look at a client / server socket tutorial, and start adding features / code structure.
Good luck, and have fun
in fact you wanna know how servers work. have you ever tried to google "how a server works" ?
After requests and responses theory, you have to learn differents kind of server (web, ftp, smtp etc.)
Finally, python provides networks modules
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I would like to give an executable jar file to my client and I have a code in it to expire after a certain time. But if the client uses some decompiler and reads the class file, he can modify and make the code to work Is there any way I can stop this from happening.
Can I use deleteOnExit() or some other technique ???
If you are so worried someone will crack your software, you'll need to use some kind of client/server architecture where your client can only log in to a webpage in your servers.
Any code can be cracked if there's someone who really wants too. Of course, most of the time its simply not worth it.
Best solution for this is PaaS (platform as a service)..
put your logic on a server as server-app and let client-app communicating with server-app through web-service or any other way .. this is the best real solution..
BTW: using obfuscation cannot protect your code.
Sorry, not possible in any kind of environment currently in use. If you are so worried about the client stealing your code, it might be good to reevaluate your relationship with him.
On the other hand, you could provide him with a gated VNC view of your software, whereby he can use it but where you remain in control of the environment.
In the past, I've used Zelix KlassMaster to perform obfuscation. It does a very good job, however, you have to spend time to configure it such that it works properly for your needs. If you use reflection, then you have to ensure that it doesn't obfuscate those class/method/property names, etc. One of its strong suits is that it will obfuscate strings as well.
All that being said, the end result is that your client will still have your code, alebit in a very difficult-to-understand format. However, if he truly has the time and effort, he can reverse engineer it.
A lot also depends on exactly what it is that you are trying to protect. If you are trying to protect the actual IP then obfuscation will help you out. If you are trying to protect licensing, then obfuscation just makes it a little more challenging for someone to figure out where your licencing module(s) are and how to circumvent them. In the latter case, I would then suggest that you use something like AspectJ to weave in licensing checks in several different classes just to make it more difficult to break. However that too is not fail-proof.
As others have already said, the only fool-proof system is to not give the client the code in the first place and change to a SAAS (Service as a software) solution.
What about using a modified classloader that is able to load your classes from an encrypted storage. As you do not directly expose the jar and the classes inside it might help but as all others said above - it won't be bulletproof.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I currently run a website on LAMP, I am currently in the process of refactoring my code from normal php to Zend framework with Doctrine. I am happy with setup but often find function not found errors on live site cause I have renamed function. Which is frustrating as most of time is wasted is patching these errors.
So I have decided to switch from php to java as the code gets compiled, so just error will not go to live site. With java netbeans will work better.
But as I have not been in touch to j2ee for many years. What is the best replacement for my above setup in java?
Option 1. Jsf 2 with Hibernate
Option 2. Seam
Option 3. Spring
Option 4. Struts with Hibernate
My server has 24 gig ram and 2 core i7 processor and ssd drive on raid 0
Will my server handle the same amount of visitors if java was used without any performance issues?
I like the way I can update my site without losing live sessions(logged-in users). Can I do the same in Java? from my experience each update to site will redeploy the App which resets all the Active Sessions.
I love to consider .Net but from what I have read on most forums, no one recommends it?
Kind regards
Zerone
You problem is not switching to Java from PHP your problem is an good test coverage via unit and in particular with integration tests. From what you wrote the best thing might be to take a look at Selenium and to automate testing as most as possible. You need a complete infrastructure to deploy to a test system and run integration tests on it (Selenium) and after that you can say everything is ok.
Java will perform better, but switching to Java seems like overkill for this situation. That said, I would recommend something based on Spring and Hibernate. Spring can be a real godsend for configuring just about anything in Java and Hibernate is similar to Doctrine.
Apache Tapestry would make a good presentation toolkit for your site. It's a great templating library that is cleaner than JSP.
Java has a large variety of solutions to the same problem. Currently, the mainline Java solution to presenting items on the web is Java Server Faces.
Older (which doesn't always mean worse) solutions include Struts, Apache Tapestry, (parts of) Spring, etc. These solutions benefit from maturity, having an established following, etc. Basically they are good solutions because people already know the points where they fail, and already know how to work around them. The new solutions attempt to remove these pain points, and thus suffer from new pain points. Think of it as not noticing your headache until after you fix your broken arm.
Java will perform much better because the code that delivers the web pages is already in memory, so it avoids a number of items that take time (process spawning, disk access, webserver to language engine communications, etc). There are other PHP solutions which also attempt to solve similar problems using similar techniques; however, PHP has a different coding background and style. For example, Java doesn't need to discard any state between web page requests, something that PHP does (and often uses a number of libraries and workarounds to mitigate).
My recommendation is to use Java, but realize that a direct port will incur a lot of unnecessary expense. Choose a web facing toolkit (JavaServerFaces is the newest and part of the Java EE standard), and start off by porting the static portions of the HTML web pages. Organize your requests by scope (how long the side effect of the request should persist), and use the Servlet standard to store the artifacts generated by the request in the appropriate application, session, request, etc scope.
On the database side of things, there are many standards and solutions to pick from too. Personally, as you don't have a lot of legacy concerns, I would go with JPA. While it is not really a 100% complete solution, it will push you to use an interface which can be replaced by better implementations over time, without the need to recode your application. By stating it isn't 100% complete, I mean that you need to select a JPA provider as the default provider probably won't meet your real-world production needs. That said, the default provider should sustain development oriented work, and JPA's standards should protect you from unexpected differences when you run the code against different environments.
Whether you wish to fully restructure you code into a Java EE multi-tier architecture, of if you just want to embed a large Servlet (server faces is a type of servlet solution) that does everything is more of a function of how much you wish to architect your code. It is not a porting problem. That said, the biggest benefits of a typical Java solution over a typical PHP solution is that the Java architecture is designed to work faster and provide more features out-of-the-box. If you intend to do a port with no rearchitecting, you might be better off just finding out the bottlenecks in the PHP code and fixing them.
if you dont use ajax, i prefer 4 (struts + hibernate):
jsf needs an little bit of expiriences on such heavy load (getter-methods must be fast and so on).
if you use ajax, i prefer an combination of 3 and 1
regards
peter
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 12 years ago.
Firstly, in my opinion, this question is relative to programming, as much as the answers (and the question itself) is subjective, I would like to see some of these subjective opinions, and other ideas that come from it.
My company is deep in bed with oracle. They are making a strong move towards java, and well forcing JDeveloper down on us (me) as the 'best tool' for the job. Now, dont get me wrong, JDeveloper looks amazing, it has all these nice trinkets that would make anyone smile when unwrapping. But...
I tend to always end up having to investigate some tiny problem that the IDE suffers to do right. Essentially bugs. Like at times when for no reason EJB's do not deploy anymore. Or the ADF front end stop calling data controls for action buttons. Then I have the times that It crashes out completely when editing persistance information. In the end, I spend more time figuring out what is wrong with it, to no avail. And well, my company is not about the take out money to get support for the development tool. I end up sitting with problems that take hours up to days to resolve, which should be taking 10 minutes.
I have seen and experienced similar productivity killing problems in IBM's websphere products too. And not It's not just me, I have seen teams unable to work for days because of issues.
My solution to this has always been to use the eclipse j2ee set. It allows me to be more in control of everything that's being used. And so, even if eclipse gives me problems, I can resolve these issues. And well, personally, I would prefer my company accepting that as a preferred tool, as solving problems would be easier, and there would be more 'professionals' arround, as our problems would more likely be j2ee related, and server related rather than IDE related (We get tons of server side support). I feel the 'abstraction' that larger IDE's provide can cause lots of headache's and tend to be a project killer.
Why do I struggle so much with JDeveloper. Am I alone?
Is it wrong of me to take a stand and recommend going against JDeveloper as the core development tool in our company?
Because well, this is the 'campaign' I would like to walk into now, up to the point of demonstrating the flaws, as the video's only show the perfect moments.
You are not alone! I could rail against JDeveloper but i'll restrain myself.
Unfortunately, JDeveloper is the only IDE that supports all the Oracle-centric technology. So, while i'm sorry for your pain, and, trust me when i say, i understand more than you know, but, in an Oracle house, no other IDE will do. It's a real shame that you don't have support though. You'll likely need to file lots of bugs.
It's really unfortunate that Oracle seems insistent on continuing with JDeveloper even now that they own NetBeans. JDeveloper is far behind Eclipse and NetBeans. They'd have far greater developer acceptance of their technology if they actively supported Eclipse and/or NetBeans, at the very least, in parallel with JDeveloper. There's actually quite a nice, extensive set of technology in ADF that is being hidden behind and hampered by such a horrendous development tool.
And as a means to try and help you solve all the problems you'll encounter with JDeveloper, try this. Use two local mercurial or git repositories. One for your JDev system folder (init in the parent of system/) and a repo for your application/project. Before finishing (or starting) any wizard, add and commit (hg com -Am 'savepoint' or git commit -am 'savepoint') both repos. This'll give you a way to rollback and also diffs of how JDeveloper broke a working project which might give you clues about how to fix things.
Also, you might want to keep a log for your managers to show how much time you spend managing JDeveloper instead of progressing on your projects.
Good luck.
Note: Version control on the jdev system folder is a little questionable for rollbacks since it seems jdev buffers some writes and keeps some files open. Which means you might take a snapshot of an inconsistent or incomplete state. It's better to use that repo as an ongoing view of what is changing.
EDIT: Also see Oracle Enterprise Pack for Eclipse
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
what is the best way to understand a big company project in java?
There's a nice podcast/interview with Dave Thomas ("The Pragmatic Programmer" Dave) about this topic, here.
He calls it "software archaeology".
For many different reasons organizations frequently lose control of their code bases. Knowledge gets forgotten, people leave. One could very easily mistake the code base for an archaeological concern were it not for the fact that mission critical applications built upon it keep chugging along until something needs to be modified or enhanced and then suddenly you have a vat of source code that no one understands but that has become the most important thing in the world overnight.
There are very few short cuts for coming to terms with big vats of code. Generally, one has to balance the quest for "understanding it" with the pressure to make pointed pragmatic changes to "complete the mission".
You'll never know every line of every piece of code at a company. What you CAN do is understand the classes, what they do, and how they relate to each other.
Start by getting the most basic understanding of the way the code flows from a class perspective focusing on the large classes that do that majority of the work. Once you understand what's happening there start focusing on smaller classes. Keep this up until you have a pretty good understanding of a handful of classes.
Additionally you can break it down in to common programming tasks that your company has. Once you have a list of these research what's involved in implementing each of them.
The final thing is just experience. You can study the code as long as you want, but there's no substitute for playing with the actual code. Writing programs, testing things out, and looking at how existing code runs are the best way to learn a new system.
Start writing unit tests - you do something useful (which will probably earn you more time to understand the code) and you get an in-depth look into the functionality. Also, start asking questions when they come up during that process, you will be able to ask very specific questions and you might impress your colleagues :)
Few places I often start from is the build/package/deploy scripts and configuration files - depending on the size of the application we are talking about, they can tell you a lot about the internal structure, external dependencies and highlight things to dig in further.
Next you can use code coverage tool and record the coverage for a simple scenario, which points roughly which areas are performing it. A variation of this is running under tracing profiler. Heap dumps are also useful for getting an idea of the basic data structures.
Finally, look application logs during various scenarios, though these are usually too much information and you need to know what are you looking for.
All these should give you a good idea of the overall application. After that, you need to fire up a debugger and start poking in the code. Ask your colleagues for their favourite breakpoint locations - usually everybody has some.
In case you are doing Java or C#, make sure you know your IDE and how to use find-usages. There are further more advanced tools for static analysis and comprehension like Structure101 (my favourite), SonarJ or LattixDSM.
Some UML reverse-engineering tools can generate class diagrams, but usually they create too much noise and doing the pruning manually assumes you can discern the important from the unimportant (which usually is not the case with new codebase). If you get one of these, I recommend starting with essential class and using the "Add dependencies" functionality to incrementally explore the application.
Take a simple first task, and don't rush anywhere. Look around, use the time to learn and understand the environment. Examine the call stack, use a debugger. And when you have a solution, ask your peers for a code review, and learn from them.
Then take another task, and another one, and another...
You'll get there soon :)
Documentation my friend, look for manager patterns seek the jsp play with the code dont be afraid to make small changes and see what happens, understand the logic and the building blocks, stay way from companies with poor documentation.