Related
I'm creating a windows form app and the underlying code needs to be secure. In the code is database information and many equations which people should not be able to see.
What I'm asking is if I install the app on someone's computer, how easy is it for them to "break" into the application and view this sensitive information? If it's not difficult for them to find the code, are there ways to prevent this from happening? I would appreciate any input.
It's very easy to view code. Tools like ILSpy or .NET Reflector can practically show your code as you have written it in C# or VB.NET.
There are some possibilities, some free or cheap, some will cost you:
Obfuscation: This replaces names and sometimes logic in your excutable with other code that is hardly human readable. This is easy to do and there are tools like Confuser that do a good job, but the code is still there and can be read. It's only slowing attackers down.
Another option that I have evaluated myself is using hardware protection in the form of Dongles. Here the whole application is encrypted with a secret key that is stored on a smartcard. Portions of the code that are needed are decrypted on the fly at runtime and executed. Since the code is encrypted you can't read it easily. Solutions like Codemeter are pretty hard to beat (there are no real cracks for these if implemented correctly, which isn't hard. But this is not for free.
You always need to have the scope of your protection in mind. Who do you want to keep from getting your code?
The average guy who also has used .NET some times and knows how to google and download ILSpy? Obfuscate it mildly and he will be annoyed enough to leave it be.
Some other people who really know what they are doing but still without financial interest? Use some more drastic obfuscation like code restructuring and so on and they will probably not invest weeks of their time to just finding some formulas.
Some other company who is willing to put in the financial ressources and the knowhow of talented people to get your code to make a profit? Obfuscation will not help you. Maybe encryption will, maybe not.
We went with the Dongle solution since we also want to manage licensing in an easy way for the customers (of which most have very restricted online capabilities), while the code protection is a very nice additional feature.
You can use two-way cryptography before storing the information on the database. This question's answer has an explanation of how to do that very simply: Simple insecure two-way "obfuscation" for C#
About the equations, if they're hardcode in your app, and you don't deliver the source code of the app, the only way to retrieve it is using disassembly, wich, even with very simple tools, you have to be "computer savy" to do it.
My team is currently working on windows forms project using VB.NET. We are curently focused on functionality and the UI seems to very basic (if you drag and drop from the toolbox to your windows forms)
Is there any recommendations or standards when it comes to UI for windows forms development? I want to ensure that the client gets a great UI.
I appreciate your support.
Yes, it's a simple standard: make sure that you follow the Windows User Experience Interaction Guidelines.
There's absolutely nothing wrong with "simple". In fact, in many cases, simple is good!
Your focus should be on making things easy, intuitive, and conform to user's expectations. Modeling your app after other applications, particularly those included with Windows, is a good way to make sure that you're on the right path.
Breaking new ground is dangerous territory; leave that to the big shops like Microsoft. Even new UI concepts that have panels of user interface/experience experts behind them like the Ribbon are slow to be accepted and even slower to be adopted. This isn't where a small software shop wants to be. There's no advantage in being out on the leading edge here.
The recommendations you'll inevitably get to use third-party controls are well-meaning, but ultimately misplaced. There's nothing wrong with the built-in controls and a lot of reasons to prefer them.
Once you've got a functional UI that conforms to the standard guidelines for your platform, the next step is real-world testing with actual human users who have never worked on any aspect of your application.
If they like it and they find it easy to use, then you know you're on the right path. I've never heard a user complain that something looks "too simple". Google Chrome is a huge hit precisely because it's simple. Remember that you're not designing a web page here. Desktop applications are very different.
In fact, it blows my mind how often questions like this one get asked here. Why do desktop app programmers spend so much time wishing that their app looked "cooler"? These are often the same developers who complained loudly because Visual Studio 2010 switched to WPF, broke a lot of their standard expectations, and got a lot slower, with little noticeable benefit. Sure, it looked cooler (unless you didn't like the color blue), but there was little in the way of functionality that the UI change alone was responsible for. Look at the apps you use every day. Do you really pine for a more whiz-bang UI? Or do you appreciate them and integrate them into your workflow because of how they work—because they conform to your hard-learned expectations of how a standard Windows application should work?
Make your app work like that.
Believe it or not, UI is very important to the end user. Its good you focus on functionality first, but when its done, make sure the user will have a good experience with your system. Make it as easier as you can, keep in mind that every user does not know everything about softwares, dont let him/her make a mistake, the look and feel must be very nice from the user's point of view, its not important to the system but it is to the user.
I use to use third party controls that manage the look and feel (DevExpress) you can try but if you are going to try some third party controls, you will have to do it at beginning of development, because the functionality may change.
I hope it can help you some.
Regards.
We have over 100 applications in my company and we are trying to come up with a dashboard to show which applications use continuous integration and unit testing and other best practices.
I was going to put together my own database and a small website to start tracking this but first wanted to ask if there are any products on the market that allow you to track this.
Hmm, I will just throw this :)
We have smth similar on our company, we use inside wiki for that, there are list of our software and each responsible developer can comment it, is it using Unit Testing, little documentation attached, maybe an screenshoot, class diagram, a bit of design review. You can customize it as you want. No difference where it will be, on wiki, database, whiteboard, spreadsheet, the most important think is that ppl will have possiblity to edit that, and they will use it.
I really think a custom database with a pretty front-end is your best bet. Hell, a spreadsheet would even do the trick.
Whiteboard.
$41.29 on Amazon
I spend a lot of time (actually too much time) developping back-office applications whose main purpose is content management and web application configurations. Here is how I can describe these apps :
- Made with PHP
- Using a MySQL or Postgres or SQLite database
- Made of a lot of pages and features
- Very simple features, mostly data CRUD (create+read+update+delete into the database)
- Mostly made of forms
- UIs are usually quite simple (html + css + very basic javascript)
All of the data access code in these apps relies on a library I developped years ago and re-use every time I can. This part is not time-consuming.
What's time-consuming is the UI part, and mostly designing data-lists and forms. Using a WYSIWYG editor would make a lot of sense here, except those I tried (Dreamweaver, Frontpage, Expression, Eclipse, ...) don't really make it much faster, because the generated code is often bloated, and these tools can't rely on custom libraries such as the one I made and use.
I figured using a Web Tookit could be another way to spend less time developping these tools. So before I spend too much time looking for the perfect toolkit, I would appreciate your opinions and experiences on that kind of matter.
Disclaimer : I'm not looking for advices on how MVC is the way to go and how CodeIgniter/Zend/WhatEver is the framework I should use. My question is not about the frameworks or the design patterns I should build my applications upon. My question is about using the right tool to make simple web-applications development faster, and their code even more re-usable.
Is there an awesome web-application RAD tool I don't know about ?
Which toolkit do you use for simple but form-heavy web applications ?
Are there good, light, non-bloated, reliable toolkits written in PHP ?
Thanks in advance !
Edit : Not getting much feedback so far :/ I'm aware that my question is very broad, but I'm sure lots of people work on the same kind of projects I'm talking about, and have improved their productivity by using toolkits such as GWT, Wicket and such. Tell me about it, please :)
September 28 edit : Thanks everyone for the interesting answers. What I'm looking for is not covered by any framework I could try in the past months. PHP is probably not the best language to use for my vision of RAD, but since it's a language I know very well, and since I don't want to spend too much time learning Python as well as I know PHP (for the moment), I decided to do it by myself. Everytime I have a specific need for a widget, I code it in the most re-usable way...so far so good :)
I might open-source that toolkit at some point, and will let you guys know.
The PHP project I've been working on the past few years is a lot like that. Heavy on forms, heavy on server-side logic, but lots of redundant form coding. Too make matters worse, it wasn't all forms, sometimes we actually need to do fancy layout (even just doing a tree control is a pain without a library), and the home-grown nature of the UI meant that I would be battling browser quirks from start to finish.
So, I got to thinking about what a better architecture would be. We needed very powerful form controls, rich grids, rich trees, advanced layout, and we needed to migrate to that gradually. None of the PHP frameworks seemed to fit. Then I took a step back and realized that it didn't have to be PHP, it could be javascript also. We already had a requirement on javascript, so it was fine to go the distance with it. First I looked at the smaller libraries, jquery, prototype, but it became obvious that they didn't do enough. So I looked at Dojo, ExtJS, YUI, all the really heavy javascript toolkits, and settled on ExtJS as having the best controls.
We had a UI structure that relied heavily on iframes, a navigation frame on the outside, application frames inside that, feature frames inside that, and so on. What we ended up with is we're migrating those from the outside in. It's all becoming ExtJS, and it's all living in the same page. The server-side code is kept the same, but it's migrated into web services. At the same time we've integrated zend framework, and are porting some of the stuff you really shouldn't do home-grown to it, like authentication and translation.
The end goal is being able to write just the business logic without having to mess with all the boilerplate. It's too early to know if my approach will pan out, but I think my message would be to be critical towards your code base and decide which parts you want to keep writing yourself, and which parts you want to outsource to a library.
Please try http://agiletoolkit.org/. I think it's what you need. Results with minimum time/code.
At the moment I'm using a solid forms class to render HTML forms with client- and server-side validation, and a database class to write the SQL. I can get a CRUD section of my admin console up in about 10 lines of code. I wrote those classes myself so I can re-use them in all my projects. Hopefully that gives you some ideas?
I would stay away from WYSIWYG tools personally.
I'm testing NuBuilder.com, I discovered it does
within days, at first looks promising. If you take a look
please send me your feedbacks!
Maybe adopt or create an "app-based" infrastructure like Django's? In Django's case, the community has created some powerful baselines like Pinax.
I think Symfony may be the way to go because, like your apps:
it's written in PHP
ORM based on Propel/doctrine (so you can use MySQL, Postgres or SQLite)
Architecture and patterns used will help you with complex applicatons
You'll find tools helping you to debug, document, and test your application
Forms creation, validation, l10n & i18n, testing, AJAX is easy (forms within symfony explained here, check it out)
prototyping you webpages while developing your application is easy
Other tools/practices implemented in the symfony framework that will make your life easy:
full configuration using YAML syntax (easy to read and understand)
the scaffolding feature generates for you a simple CRUD interface for editing your data.
you don't have to worry about coding form sanitization, security, caching, ACL; configuration is needed, but no heavy coding.
The only downside, you need to read some documentation to understand "the symfony way of doing things". But hey, a good framework is 20% code and 80% good practices.
My point is, even if you don't want to use Symfony for your project, you should check its features and built-in tools, because that's the kind of tools you want for your project.
I started using Django and it has very helpful features, esp. the built-in admin (for general CRUD stuff) and really great form-handling code & widget rendering. I'd suggest taking a look, even if you don't plan on using python, just to get an idea.
You mentioned that you don't want advice on "Use X framework", since this is more about RAD & UI/forms than system architecture. But I've found that a good framework helps just as much with the UI & forms side of things as it does the architecture. That means that while frameworks are great for big projects, they're also very helpful in reducing code redundancy. I started creating my own helper functions in PHP that I would copy from app to app that would automatically render an HTML form based on a few parameters. Even after a lot of work, this was very rudimentary compared to what Django offers, and basically I was writing my own framework.
I think you may be looking for a GUI-style tool to help, but you might find that a good PHP framework is more helpful in this case. At the very least, have you tried creating your own helper libraries? I know those helped me a lot.
Simple Example:
function renderInput($name, $value="") {
print "<input type=\"input\" name=\"" . htmlentities($name) . "\" value=\"" . htmlentities($value) . "\" >";
}
function renderRadios($name, $value="", $choices=array()) {
for ($choices as $cvalue) {
print "<input type=\"checkbox\" name=\"" . htmlentities($name) . "\" value=\"" . htmlentities($cvalue) . "\" " . ($cvalue == $value ? "checked" : "") . ">";
}
}
And build up from there. Stupid things like this tend to make form creation just that much faster. A good framework will blow this out of the water. And I'm sure the above has some typos, I haven't done PHP in a little bit.
If this isn't what you're looking for, could you add some more to the question? I'm curious.
Although you're asking for PHP + MySql, I would like to recommend you to give a try to the OutSystems Agile Platform.
You can create a simple CRUD app in less that 10 minutes and grow it as you go to a more complex system.
Download the Community Edition for free at www.outsystems.com.
Best,
Not sure but looks like Tibco General Interface (http://www.generalinterface.org ) is what your looking for.
I maintain in-house business software for a living. Technologies included here are Java, Struts, Spring MVC, jsp, wicket, and a few others. I think it's time to branch out and learn something new.
I am hoping to show myself with a side project that writing code can, in fact, be fun (in some plane of the universe), and that I haven't wasted the past few years of my life doing something I can never love or have fun doing.
I'm thinking of having a fantasy-sport style web site - obviously much, much smaller with regards to features and all that. I was hoping I could get some recommendations for the newest or cleanest frameworks that will allow me to accomplish such a project. My goals are to work on following a real development process instead of just hacking a bunch of crap into an already crappy application on a daily basis. Also I will strive to follow best practices and create good, clean, understandable code that I don't shudder at the thought of having to modify. It's hard to do this at work, because the software I work on has already been developed by 50 guys from various continents that never took the time to design anything before jumping into coding.
I would need a simple database to store users and their picks for each event. Also at my job, the login security is all handled by another group completely. Do people usually write their own login systems from scratch, or are there open source utilities for that as well? I'd be interested in those, as my site will need to have a user login system, and be secure.
I had ruby and rails installed on my computer the last time I conjured up the motivation for this idea, but that was nixed by a hard drive crash. I figured before I just jumped straight to rails for this idea, that I would get a few other opinions off stack overflow to see if people liked something else that I didn't know about.
Also, if anyone has any good resources for how to think about OO design, I could brush up on that as well. I'm looking for anything that will help me to just think about the design from the start and how to get my thoughts into a diagram. I'd like it not to focus so much on patterns and other principles as much as just how to get started and actually put my thoughts in a professional document that I can use to build my project from. I tried to practice this prior to a card game that I wrote, and it got way too complicated way too fast, and the results ended up being not so great.
I’m more familiar with Django, although like you, the only frameworks I’ve really used are the Java/Struts/Spring/JSP, etc. The automatically generated administration interface in Django is amazing coming from these, and it comes with its own authentication system too.
Unless you’re especially predisposed against Python, I think you should give it a go.
Ruby on Rails, Python on Django, PHP on (not sure -- maybe Zend? or CakePHP?), are probably the most popular frameworks if I understand correctly that you want to learn a new language. If I misunderstood you, and you'd rather stick with Java, GWT seems pretty cool -- it's the only real way to avoid "explicitly" writing Javascript (if you DO want to learn and use some Javascript, I personally am in love with Dojo, but jQuery is substantially more popular: those are two good popular frameworks you should consider, though there are others of course, like for all languages I mentioned so far).
One advantage of picking Python and Django is that they work particularly well with Google App Engine (and with Dojo, too, thanks to the cool dojango project!) -- GAE supports JVM too, now, but it's supported Python for a much longer time and the Python side of it is more solid and complete at this time. So, if that's the technology stack you choose, you get to develop and deploy for free, on highly scalable infrastructure, at least until your app gets more than a few million page views per month -- and you really minimize your system adminsitration hassles, all you do is basically to code and write one simple configuration file.