Server Side Practice
Moderator: Coders of Rage
-
- ES Beta Backer
- Posts: 250
- Joined: Tue Jul 19, 2011 9:37 pm
Server Side Practice
So, I was here a while ago. I had been programming in C++ and even learning some OpenGL, but I'm not good with math so I stopped that.
Now I'm trying to learn some more Web Development, and I want to learn PHP.
The issue is that I don't have a server to do server side scripting with. Apparently I can set one up, but if I do couldn't somebody get access to it and start using my computer as a server? Won't I have to use some sort of security to make sure nobody else uses it?
Now I'm trying to learn some more Web Development, and I want to learn PHP.
The issue is that I don't have a server to do server side scripting with. Apparently I can set one up, but if I do couldn't somebody get access to it and start using my computer as a server? Won't I have to use some sort of security to make sure nobody else uses it?
-
- Chaos Rift Cool Newbie
- Posts: 85
- Joined: Thu Jun 23, 2011 11:12 am
Re: Server Side Practice
That's a really interesting question that I hope someone answers. Here is my answer: Pretend you have a server! You can write up a server-simulator that acts like a server, but really isn't, and do your pcp on that.
- BugInTheSYS
- Chaos Rift Cool Newbie
- Posts: 88
- Joined: Mon Feb 07, 2011 4:16 pm
- Current Project: Vintage Roads
- Favorite Gaming Platforms: PC
- Programming Language of Choice: C++, Delphi
- Location: Pinneberg, Germany
- Contact:
Re: Server Side Practice
You don't need to write a server 'simulator,' things like that are already out there. Just take a look at XAMPP.
And keep in mind that there are more possibilities to write server-side programs than just PHP. Professional websites with a lot of traffic probably use a kind of server-side application that has been compiled previously, instead of interpreting PHP on each request.
Edit: if you set up you PC as a server with xampp, any router will prevent people from outside your network from accessing it, in default configuration.
And keep in mind that there are more possibilities to write server-side programs than just PHP. Professional websites with a lot of traffic probably use a kind of server-side application that has been compiled previously, instead of interpreting PHP on each request.
Edit: if you set up you PC as a server with xampp, any router will prevent people from outside your network from accessing it, in default configuration.
Someday, everything will go to /dev/null. - Bug's prophecy 13:37
-
- Chaos Rift Cool Newbie
- Posts: 85
- Joined: Thu Jun 23, 2011 11:12 am
Re: Server Side Practice
This might really be siding on off topic, but I want to ask, could a router be bypassed in some way? As in, even if he is using a router, is there some way when he uses XAMPP that security could still be a risk?
- bbguimaraes
- Chaos Rift Junior
- Posts: 294
- Joined: Wed Apr 11, 2012 4:34 pm
- Programming Language of Choice: c++
- Location: Brazil
- Contact:
Re: Server Side Practice
Most (if not all) modems/routers come with a built-in firewall, and the rules are usually deny every connection from the outside to the inside and allow all connections from the inside to the outside. You have to check it to be sure, but I'm pretty sure every sane device does that.
- superLED
- Chaos Rift Junior
- Posts: 303
- Joined: Sun Nov 21, 2010 10:56 am
- Current Project: Engine
- Favorite Gaming Platforms: N64
- Programming Language of Choice: C++, PHP
- Location: Norway
Re: Server Side Practice
Where I work, we use XAMPP (Windows) and LAMPP (Linux) all the time in early development.
I do it from home as well, while working on personal projects.
I have never ever been affected by outsiders.
If you are dumb and port-forward a port (so your can access your localhost from elsewhere) && give away your IP address, then you might have a problem.
I do it from home as well, while working on personal projects.
I have never ever been affected by outsiders.
If you are dumb and port-forward a port (so your can access your localhost from elsewhere) && give away your IP address, then you might have a problem.
- dandymcgee
- ES Beta Backer
- Posts: 4709
- Joined: Tue Apr 29, 2008 3:24 pm
- Current Project: https://github.com/dbechrd/RicoTech
- Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
- Programming Language of Choice: C
- Location: San Francisco
- Contact:
Re: Server Side Practice
I've used XAMPP before as well, which works fine for local web development. However, I personally prefer: USB Webserver
It's completely portable (no installer), and runs out of a single directory. You can throw it on a flash drive or in your drop box and do your testing / development from anywhere.
Even if you were to accidentally make your web server internet accessible (unlikely, as it's usually fairly difficult to do on purpose), the hacker would still be confined the directories and applications in the web root. Short of finding a code execution vulnerability in your web application, they can't do much. Web hackers are usually more interested in convincing your database to spit out information its not supposed to.
If you were extremely paranoid, or wanted to play around with vulnerable software on purpose, you could always sandbox the web server in a virtual machine. This is most definitely overkill for simple local development use.
I'm happy to answer any other web dev questions you might have, as it's one of my favorite topics.
PS - Fun with PHP:
top20.php
It's completely portable (no installer), and runs out of a single directory. You can throw it on a flash drive or in your drop box and do your testing / development from anywhere.
A router does exactly what the name implies: it routes packets to their intended destination. Conceptually, a router has no inherent security other than making sure packets get sent to the right host. However, most hardware that we refer to as "routers" have many other functions built-in, including a firewall. Many modern modems also have some routing and firewall functionality as well (even the ones with only one ethernet port!)Rebornxeno wrote:This might really be siding on off topic, but I want to ask, could a router be bypassed in some way? As in, even if he is using a router, is there some way when he uses XAMPP that security could still be a risk?
I would agree. It's usually safe to bet your modem/router does this by default, but it never hurts to check the configuration yourself to make sure.bbguimaraes wrote:Most (if not all) modems/routers come with a built-in firewall, and the rules are usually deny every connection from the outside to the inside and allow all connections from the inside to the outside. You have to check it to be sure, but I'm pretty sure every sane device does that.
If your host is not internet accessible then, by definition, it cannot be accessed by a malicious user via the internet. While there are plenty of convoluted exceptions to this general statement, it is highly unlikely anyone is going to target your machine specifically unless you are known to be storing very sensitive data.superLED wrote:If you are dumb and port-forward a port (so your can access your localhost from elsewhere) && give away your IP address, then you might have a problem.
Even if you were to accidentally make your web server internet accessible (unlikely, as it's usually fairly difficult to do on purpose), the hacker would still be confined the directories and applications in the web root. Short of finding a code execution vulnerability in your web application, they can't do much. Web hackers are usually more interested in convincing your database to spit out information its not supposed to.
If you were extremely paranoid, or wanted to play around with vulnerable software on purpose, you could always sandbox the web server in a virtual machine. This is most definitely overkill for simple local development use.
I'm happy to answer any other web dev questions you might have, as it's one of my favorite topics.
PS - Fun with PHP:
top20.php
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches!
- dandymcgee
- ES Beta Backer
- Posts: 4709
- Joined: Tue Apr 29, 2008 3:24 pm
- Current Project: https://github.com/dbechrd/RicoTech
- Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
- Programming Language of Choice: C
- Location: San Francisco
- Contact:
Re: Server Side Practice
Also.. I highly discourage doing pcp. That shit will fuck you up. PHP is much healthier for your brain and your career.Rebornxeno wrote:You can write up a server-simulator that acts like a server, but really isn't, and do your pcp on that.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches!
- MarauderIIC
- Respected Programmer
- Posts: 3406
- Joined: Sat Jul 10, 2004 3:05 pm
- Location: Maryland, USA
Re: Server Side Practice
You can set the server to only listen to 127.0.0.1 (localhost), therefore alleviating all of your security concerns.
I realized the moment I fell into the fissure that the book would not be destroyed as I had planned.
- dandymcgee
- ES Beta Backer
- Posts: 4709
- Joined: Tue Apr 29, 2008 3:24 pm
- Current Project: https://github.com/dbechrd/RicoTech
- Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
- Programming Language of Choice: C
- Location: San Francisco
- Contact:
Re: Server Side Practice
Ahh yeah, I knew there was something like that but I forgot about loopback. Haven't set up a local server in quite a while.MarauderIIC wrote:You can set the server to only listen to 127.0.0.1 (localhost), therefore alleviating all of your security concerns.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches!
- MarauderIIC
- Respected Programmer
- Posts: 3406
- Joined: Sat Jul 10, 2004 3:05 pm
- Location: Maryland, USA
Re: Server Side Practice
Yup, because
...but that's more than you wanted to know.
(Emphasis mine) Thus it's possible to listen only on desired IP addresses, and this is implemented in all (most) server software since a machine can have additional network cards in addition to its loopback :)http://beej.us/guide/bgnet/output/html/multipage/syscalls.html#bind wrote:int bind(int sockfd, struct sockaddr *my_addr, int addrlen);
<snip> my_addr is a pointer to a struct sockaddr that contains information about your address, namely, port and IP address. <snip>
...but that's more than you wanted to know.
I realized the moment I fell into the fissure that the book would not be destroyed as I had planned.
- dandymcgee
- ES Beta Backer
- Posts: 4709
- Joined: Tue Apr 29, 2008 3:24 pm
- Current Project: https://github.com/dbechrd/RicoTech
- Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
- Programming Language of Choice: C
- Location: San Francisco
- Contact:
Re: Server Side Practice
No such thing.. unless we're talking about mathematic proofs.MarauderIIC wrote:...but that's more than you wanted to know.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches!
-
- ES Beta Backer
- Posts: 250
- Joined: Tue Jul 19, 2011 9:37 pm
Re: Server Side Practice
Thanks guys.
I'm still confused. I was watching a tutorial and apparently you have to set it up and then open it up in a browser to
set a password. Does that mean that before I set the password it is open to the public? I'm confused.
I don't understand servers. I'm still learning this stuff.
p.s. Why is the text in the posting box so small?
I'm still confused. I was watching a tutorial and apparently you have to set it up and then open it up in a browser to
set a password. Does that mean that before I set the password it is open to the public? I'm confused.
I don't understand servers. I'm still learning this stuff.
p.s. Why is the text in the posting box so small?
-
- ES Beta Backer
- Posts: 250
- Joined: Tue Jul 19, 2011 9:37 pm
Re: Server Side Practice
So I've set it up just this way; http://www.webassist.com/support/docume ... indows.php
Does that mean it won't allow any access to my server from outside?
Does that mean it won't allow any access to my server from outside?
-
- ES Beta Backer
- Posts: 250
- Joined: Tue Jul 19, 2011 9:37 pm
Re: Server Side Practice
Now I just get an Access Forbidden whenever I try to test a webpage.