Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
we have a legacy Windows app written in C++ using the MFC framework. I want to now add capability to communicate with a database at a centralized server. There are ODBC Connection libraries for many of the popular databases which allow me to do exactly what I want (with MySQL for example). But upon further reading, the GPL or LGPL licensing for both the database but more importantly the connection library gets too complicated given my limited legal resources.
Opening up my source code is not an option for me as I am a small operation selling closed source software for profit. My preference is to choose a database with an available connection library with flexible licensing. I don't care if it is free or paid but I'd like it to be something relatively popular with tools, support, some user community, etc.
MySQL seemed simple and widely used but the licensing is a problem for me. The licensing for the PostgreSQL database itself seems much more flexible but the connection library I found is licensed under GPL. Are there perhaps paid options that I'm not aware of?
Should I be considering Microsoft SQL Server?
Can people please recommend any additional options to me?
LGPL is what you want. GPL is ambiguous about the status of other works (your code) which links to a GPL library (the ODBC drivers). LGPL purposely is explicit that using a LGPL library does not put your work under LGPL.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
Does anyone have any recommendations for good vulnerability testing software for c# window forms (not .net) applications.
Preferably one that can also test with a mysql server or sql server connection.
There is no tool that is going to match a good code reviewer or penetration tester. But a few tips to get you aimed in the right direction:
Static analysis tools like HP Fortify, IBM AppScan, and CheckMarx do a wonderful job at finding security issues with code. But you really need an experienced code reviewer to get the most out of them. Also, they are not cheap! These tools operate by scanning code, and the main requirement is to provide to the tool everything you need to build your software (at least this is the case for Fortify and AppScan, not sure if the same requirement holds for CheckMarx).
IAST tools such as Contrast are also not cheap. However at least in the case of Contrast, they are specifically trying to make it more developer-friendly. IAST tools work by hooking into your binary in your test environment and looking under the hood for bad things that happen.
Dynamic analysis tools such as OWASP ZAP (free) and Burp (not free, but affordable) can run automated scans in your environment, but if you lack experience with these, then your value is limited. These tools work by scanning in a test environment and sending malicious payloads to see how the server responds. A lot of effort is being put to make ZAP work in continuous integration build environments.
All of these should work for the technologies that you are using.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
We have a commercial application created on CakePHP. I'm about to install it on a client's server, so we'd like to protect my code from being modyfied and/or copied and reselled, changing trial period terms, etc.
I want to know if obfuscating the Cake PHP code breaks Cake specific libraries, or make the application unusable.
I've been searching on this forum and over internet and found several options for obfuscating PHP code, but none related to CakePHP. (I just asked to some of the commercial tools providers if they support Cake obfuscating but haven't received an answer yet).
Does anybody know if this is possible or if there's a better approach to do that?
I'll try to use one of the trial versions of the commercial tools this weekend, but if someone has an advice about this would be great
My company, Semantic Designs, is one of the commercial vendors.
With a decent obfuscator (ahem :) you shouldn't have any trouble doing this. You need to tell the obfuscator somehow (with ours you just provide a list of symbol names) what identifiers have to be retained as cleartext (e.g., any calls to the CakePHP framework), and any public APIs your software may offer.
I'd recommend, you give it a shot and try it out.
Usually, an obfuscator should obfuscate frameworks, too. It should be independent of what kind of PHP Code you use.
Test it in a test environment. If it's successful, you can enroll it to your production environment.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Is there an equivalent of Apache log4cxx that can be embedded in a distributed proprietary package?
The Apache license allows you to use this package in your product even if it is closed source and commercial. See http://en.wikipedia.org/wiki/Apache_License
Alternatively take a look at log4cpp which is under LGPL.
Log4cplus is a nice alternative.
In its production release 1.0.4 it misses AsyncAppender, but that is present in the coming 1.1 (I don't know when that is released).
We just switched from log4cxx to log4cplus since log4cxx depends on libapr/libaprutil (nice Apache 2 license) which on my Ubuntu 10.04 again depends on libdb4.8.so. The license for libdb4.8 not fit closed source commercial applications without buying a license from Oracle. From /usr/share/doc/libdb4.8/copyright:
... For a license to use the Berkeley DB software under conditions
other than those described here, or to purchase support for this software,
please contact Oracle at berkeleydb-info_us#oracle.com.
...(some more text)
3. Redistributions in any form must be accompanied by information on
how to obtain complete source code for the DB software and any
accompanying software that uses the DB software. ...
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I am developing a web based opensource project. I was considering the AGPL v3, but I explicitly want to prevent commercial use. Non-profit orgs are welcome to use it for free.
It seems to be a common thing in the software world, but I am looking for a pre-written license that I could use or adapt.
Any ideas where I can find such a thing? Are there accepted opensource licenses that fit this criteria?
It is not a good idea to use such a license, because it is sometimes very hard to draw the line between commercial and non-commercial, especially juridically.
However, you may check out Creative Commons licenses.
You won't find any open source licenses that prevent commercial use. That's against the spirit of open source and wouldn't fit into the definition of open source.
There cannot possibly be such a license. Forbidding the use of the source code is the exact opposite of open source. Ergo, there cannot ever possible be an open source license which has such a restriction, and a license which has such a restriction cannot ever possibly be an open source license.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I apologize if this question has been asked before. I did a rather extensive search for similar questions, however all I could find were answers related to C++ or C#. I'm using GNU C.
I'm writing a daemon that needs to be able to send e-mail using SMTP. I need to be able to login to an external mail server, send the email and interpret any error codes. For various reasons, I can not use the system's sendmail facility (if even one is present).
The library should support at least OpenSSL. GNUTLS would be a perk, but not really needed.
Ideally, the library would be licensed LGPL2 (and later) or 3 clause BSD.
Any suggestions?
This answer is more for anyone reading this post after the fact, but it looks like as of version 7.20.0 libcurl supports SMTP, including SSL.
It looks like SASL support is planned, but maybe not released yet. I did find this patch however.
Tim,
Have you looked at CyaSSL? It supports all current industry standards up to TLS 1.2 (as well as some cool features such as stream ciphers), has an OpenSSL compatibility layer, and focuses on optimizing speed and size.
It's dual licensed under both GPLv2 and a commercial license (if you need support). I recently used it with some Android work I was doing and was very pleased.
http://yassl.com/yaSSL/Products_cyassl.html
Regards,
Chris