Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
We have a commercial application created on CakePHP. I'm about to install it on a client's server, so we'd like to protect my code from being modyfied and/or copied and reselled, changing trial period terms, etc.
I want to know if obfuscating the Cake PHP code breaks Cake specific libraries, or make the application unusable.
I've been searching on this forum and over internet and found several options for obfuscating PHP code, but none related to CakePHP. (I just asked to some of the commercial tools providers if they support Cake obfuscating but haven't received an answer yet).
Does anybody know if this is possible or if there's a better approach to do that?
I'll try to use one of the trial versions of the commercial tools this weekend, but if someone has an advice about this would be great
My company, Semantic Designs, is one of the commercial vendors.
With a decent obfuscator (ahem :) you shouldn't have any trouble doing this. You need to tell the obfuscator somehow (with ours you just provide a list of symbol names) what identifiers have to be retained as cleartext (e.g., any calls to the CakePHP framework), and any public APIs your software may offer.
I'd recommend, you give it a shot and try it out.
Usually, an obfuscator should obfuscate frameworks, too. It should be independent of what kind of PHP Code you use.
Test it in a test environment. If it's successful, you can enroll it to your production environment.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
Does anyone have any recommendations for good vulnerability testing software for c# window forms (not .net) applications.
Preferably one that can also test with a mysql server or sql server connection.
There is no tool that is going to match a good code reviewer or penetration tester. But a few tips to get you aimed in the right direction:
Static analysis tools like HP Fortify, IBM AppScan, and CheckMarx do a wonderful job at finding security issues with code. But you really need an experienced code reviewer to get the most out of them. Also, they are not cheap! These tools operate by scanning code, and the main requirement is to provide to the tool everything you need to build your software (at least this is the case for Fortify and AppScan, not sure if the same requirement holds for CheckMarx).
IAST tools such as Contrast are also not cheap. However at least in the case of Contrast, they are specifically trying to make it more developer-friendly. IAST tools work by hooking into your binary in your test environment and looking under the hood for bad things that happen.
Dynamic analysis tools such as OWASP ZAP (free) and Burp (not free, but affordable) can run automated scans in your environment, but if you lack experience with these, then your value is limited. These tools work by scanning in a test environment and sending malicious payloads to see how the server responds. A lot of effort is being put to make ZAP work in continuous integration build environments.
All of these should work for the technologies that you are using.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Hi I have been given a task to design tool to monitor database server health like cpu usage, memory usage etc. Now there is one such tool like MySQL Spotlight. I want to know is there any open source software available with same functionalities? I want software which has nice visualization with charts. Please guide. Thanks in advance.
You could use Cacti for this. Also look at Nagios.
Check out http://code.openark.org/forge/mycheckpoint. It is an open sourced monitoring tool, primarily for db monitoring, even including custom queries and custom alerts! Graphs come pre-packaged and pre-generated. It's written in python, so mods can added to the code easily. I've used it a bit, and it seems to work pretty well. The only caveat I see is the extensive schema that comes pre-packaged which, ostensibly, can't be customized. One thing I will note for the email alerts, if you're getting login or credential alerts, go to line 4338 of the code and just add what you need to the smtplib.SMTP instance.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I am developing a web based opensource project. I was considering the AGPL v3, but I explicitly want to prevent commercial use. Non-profit orgs are welcome to use it for free.
It seems to be a common thing in the software world, but I am looking for a pre-written license that I could use or adapt.
Any ideas where I can find such a thing? Are there accepted opensource licenses that fit this criteria?
It is not a good idea to use such a license, because it is sometimes very hard to draw the line between commercial and non-commercial, especially juridically.
However, you may check out Creative Commons licenses.
You won't find any open source licenses that prevent commercial use. That's against the spirit of open source and wouldn't fit into the definition of open source.
There cannot possibly be such a license. Forbidding the use of the source code is the exact opposite of open source. Ergo, there cannot ever possible be an open source license which has such a restriction, and a license which has such a restriction cannot ever possibly be an open source license.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
Does anyone know of any libraries that decode one or more of the multitude of different scuba dive computer log file formats?
DAN DL7
IRIS / DRAK
Suunto
Oceanlog
Citizen
ProDive
NiTek Logic
DCDS
Ideally I'm looking for code that'll run in .NET, but I'm willing to transcode from other languages if that's the only option.
Links to articles describing formats is appreciated as well. Sample log files would be handy.
I'm considering creating an open source project for this if no such library already exists. If you'd like to contribute, please mention so as a comment or in your answer.
I have no experience with this but Google turned up the library libdivecomputer.
It supports a number of devices and platforms, and the library is LGPL licensed. However, not all brands you mention appear to be supported.
You can always try contacting the manufacturers to get the data. You might have better luck contacting the engineers specifically, if you can find them.
I don't know much about the industry, but I would suspect you can make a case for opening up their formats, because they are primarily hardware manufacturers.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I apologize if this question has been asked before. I did a rather extensive search for similar questions, however all I could find were answers related to C++ or C#. I'm using GNU C.
I'm writing a daemon that needs to be able to send e-mail using SMTP. I need to be able to login to an external mail server, send the email and interpret any error codes. For various reasons, I can not use the system's sendmail facility (if even one is present).
The library should support at least OpenSSL. GNUTLS would be a perk, but not really needed.
Ideally, the library would be licensed LGPL2 (and later) or 3 clause BSD.
Any suggestions?
This answer is more for anyone reading this post after the fact, but it looks like as of version 7.20.0 libcurl supports SMTP, including SSL.
It looks like SASL support is planned, but maybe not released yet. I did find this patch however.
Tim,
Have you looked at CyaSSL? It supports all current industry standards up to TLS 1.2 (as well as some cool features such as stream ciphers), has an OpenSSL compatibility layer, and focuses on optimizing speed and size.
It's dual licensed under both GPLv2 and a commercial license (if you need support). I recently used it with some Android work I was doing and was very pleased.
http://yassl.com/yaSSL/Products_cyassl.html
Regards,
Chris