I'm currently developing a support system for a university. The system is written in PHP and I would like to be able to get a current list of software and basic computer information on a computer. Basically when one of the faculty or staff creates a ticket from our web interface, I would like to have a Java Applet or similar that could be run and would return the information to the help desk PHP script. Does something like this exist?
There are lots of programs that do this sort of thing. Googling for "CMDB" should give you a reasonable start -- a couple of them are open source, though others aren't even close to free (e.g., BMC Atrium).
To keep things closer to topical (i.e., programming related), one of the main frameworks for this sort of situation is called Web-Based Enterprise Management (WBEM). On Windows this is implemented as WMI. On Linux there are a couple of implementations including OpenWBEM and HP WBEM.
In Java? You'd probably have a hard time even finding, let alone making, an applet that can get that info without already having some software installed on the user's end. The biggest features of java are (1) that it runs in a virtual machine (read: getting to the underlying OS/hardware is not something it likes to do), and (2) that in a browser, applets generally run in a "sandbox" that keeps the applet from doing anything remotely dangerous. Basically the most it can do is tie up resources.
Number 2 can be worked around by signing the applet, but that'll require you either buy a code signing certificate or install a self-signed certificate on any computer that'll run your app.
Number 1 might be worked around with some help from Runtime.exec and ...\wmic.exe, but that assumes the WMI stuff is installed -- which is rarely the case unless someone does a full install.
Related
i am currently writing a game on javaFX and i have plans to post it in the website i run in the future (end exploit the Ads while at it). The problem is that after searching around a little it seems there is no way to run a java application on a browser.
Allowing people to run it through the browser would really help sharing the program.
My question is: is there today(2018) any way to run a java application through the web? Though i like java, no browser support seems like a really, really bad idea.
Oh, i also heard of Java Web Start. Although it looks like it is just avoiding the problem (not running in the browser) it seems like a good way to share an application. The problem is that it seems it is (Will be?) deprecated? I am helpless, it is like java isn't even trying anymore...
PS: If it makes any difference my game would be a 2D game with 3rd person view. It will also require some server stuff since players will create "arenas" that others can challenge. I would say my game wouldn't be "simple".
Java Web Start does the job very well—if you are willing to pay for a code signing certificate. (They’re a lot more expensive than regular SSL certificates.) The idea is that a user clicks on a hyperlink on your page, which causes the user’s Java installation to launch your application (possibly after installing it). This requires users to have Java installed beforehand.
If you don’t have the resources or desire to go with a code signing certificate, you can look at https://docs.oracle.com/javase/9/deploy/self-contained-application-packaging.htm. It allows you to create native installation packages for JavaFX applications. The disadvantage: You need each platform to create an installer for it. Meaning, you need Windows to create a Windows installer, OS X to create an OS X installation image, and Linux to create a Linux package. Some may also require signing using native tools.
Java 9 includes the jmod and jlink tools, which are capable of creating a file tree with an executable shell script or .bat file. A major advantage is that you can build such a tree for any platform, regardless of your own platform, if you unpackage the foreign platform’s JDK on your machine. Another advantage is that the user doesn’t need to have Java installed at all. A disadvantage is that the script requires a terminal, unless running on Linux.
Of course, you can just go the manual route and distribute a zip file which contains your .jar file(s), a shell script you’ve written, and a .bat file you’ve written. It’s not elegant, but it’s better than nothing. But it may trip up some non-technical users.
There exist a number of tools which create a native executable from .jar files, but I am not familiar with them (and I prefer to avoid third party tools unless they are truly necessary).
Whatever approach you choose, the answer is the same: You distribute something on your web page which the user downloads and runs. Aside from the download process, the browser is not involved.
What you can’t do is have users run your application inside the browser. That is deprecated, with good reason: It’s a disaster for the browser performance, for the Java runtime, for security, and for the user experience. And Firefox has all but banned plugins, so you’d be locking out a substantial percentage of users.
I want to retrieve the following things from the user's desktop when the user uses logs into my website:
1) Mother Board Serial Number
2) Hard Disk Serial Number
3) CPU Serial Number
Now I am confused and not sure which way to go.
I cannot use Javascript because it will not provide these details because of security reasons.
I cannot use php because php runs on server side and not client side.
So last option is using Java Applets. As soon as the user logs in, the applet will be downloaded. When the user runs the applets, it will retrieve the necessary information. But I dont want to be using this because applets are obsolete these days and nobody uses them.
So is there any method in which I find find the user's hardware details without using Java Applets.
Using Java to get os level system Information will get you started in right direction.
Finding Operating System Information
How to get System Information using Java
I am creating a client program that talks to a server (which I programmed). I am making a little game for myself in which I roll a dice and the server does also. Whoever gets the higher numbers wins. However within my code, I send the server commands when the user presses a button, and then the server responds by sending back what it rolled, so it can be shown in the GUI window. However, I find this a very insecure method. For example, a person could just simply decompile the jar file, and make it so they always roll a 12. Since the only place that both rolls are together (the users and the servers) is the users screen, I have to evaluate the game from the client, obviously not very secure. I am trying to make my game more secure, and have found 2 options.
Obfuscators
Unless someone knows of a very easy one to use, I cannot figure out how to set any of them up, as they rarely come with a gui that I can easily "pop" my .jar file into
Binding to an .exe
I honestly dont know how secure this is. There are programs in which I can "bind" two things (mostly for making viruses which I am obviously not doing), into a single .exe file. I can bind my .jar into an .exe, but I still dont know if the .exe could be decompiled back into the .jar file and from there back into the .java code.
By the way, another security issue is that it connects to the server from my ip adress (which I do not want the client user to know about)
Never trust client input.
The only truly "secure" method is to have the server generate both its own roll and a roll for the client.
Of course, if the outcome of the comparison of the rolls has no impact beyond what the user sees (in other words, the client does not report back who won), then really, who cares? I could patch Solitaire to let me always win, but that's no fun.
If the code is on someone's computer, you should consider it compromised and exploited already. In the race between crackers and developers, the crackers always win because the crackers have everything they need. Jars can be (easily) decompiled and deobfuscated, .exes can be picked apart, and at extreme levels the OS can be modified to go behind your back - literally.
Instead, you should reconsider your architecture: do you really need the client to roll the dice? Could the server roll both?
Both obfuscation and compiling to a ".exe" can be defeated relatively easily. Hackers / crackers, and anti-virus security experts do this kind of thing every day.
Basically, you cannot trust any application that is running on any machine that could be controlled by someone you don't trust. In practice, this means anything that isn't in your (locked and firewalled) server room.
(Aside: even systems based on TPM are potentially vulnerable, since there have been successful attacks on TPM chips. And that wouldn't be practical anyway, since TPM is not available for securing application-level code. AFAIK, it is not even used at the OS level ... though I've heard that the next version of Windows is going to require hardware that is TPM encumbered.)
In this question's answers someone can find many sites (like ideone) allowing a user to write and run programs online. I'm interested in making something similar (only for Java code though) and was wondering on how can this be done.
A simple idea would be take user's given code, send it to server, compile it, run it and then send back the output to the user. But what if the user has malicious code like deleting my server files, etc.? If I wanted to create the same thing for the C programming language, I guess I could just get the assembly code of the C file, see what system calls are being used and decide whether the given code is malicious or not. Based on the previous idea, should I look in Java, the program's created bytecode? Is there any better/easier way to do it?
Don't reinvent the wheel, Java has the SecurityManager mechanism to restrict potentially malicious code
Reference
the Security Trail of the Java
Tutorial
Permissions in the Java™ SE 6
Development Kit (JDK)
In addition to what Sean Patrick Floyd said in his answer, you could also sandbox the process itself on your Operating System as an added measure. Create a new user on your host (the machine that executes the code) and assign it very few permissions (only what's required to run the code). Run the process as that user.
That way regardless of the SecurityManager present, the spawned process won't be able to harm anything.
sorry in the past I have not been able to formulate my question coherently. This will be my last try. =|
Basically, I want to do something like this website is doing: http://www.ninjavideo.net/video/56388. They are rendering an iframe that points to a port on localhost. You will see nothing in the iframe if you dont have their applet running (which can be found here: ninjavideo.net/applet.php ). I want to write a script that does something like what applet.php is doing, but I don't think they are using only php code as it won't run on computers that don't have php installed. Do you suppose they are using Java/C to do this?
Thanks for all your suggestions.
An Applet is basically a piece of Java code which is served by a webpage and is supposed to run at the client machine. You can learn more about Applets at Sun's own Applet tutorial. If you're green to Java as well, then I recommend to go through Trials Covering the Basics first. Opening sockets (ports) using Java code is covered here.
That PHP script is just serving the applet code from the server, so that the client can download it.
You could do this in PHP using a ready-to-run Apache setup (there are some that are ready to run from a USB key, should be possible to make into something that a client can install, but is complicated, see e.g. this tutorial) or a product like NuSphere Dock:
PhpDock is a deployment platform for PHP applications.
PhpDock enables you to deploy any PHP web application as a Stand Alone Windows Desktop application w/o any changes in the code.
PhpDock combines NuSphere's powerful embeded Srv webserver and browser components.
I would usually say that if you are looking to build a Windows application, you should go with a tool that is aimed at just that, i.e. C++, C#, Java, the .NET platform, Delphi, and the likes. But if you need some kind of daemon or local web server, you may actually be well off with a product bringing a web server to the desktop.