Author |
Topic: Online program (Read 2361 times) |
|
MrX
Guest
|
 |
Re: Online program
« Reply #12 on: Oct 1st, 2013, 09:39am » |
|
JGHarston is correct and that is why we have CGI and server side scripting.
For the average person to expose an exe to the WWW is sheer lunacy.
Even scripts can sometimes have attack vectors if it does not "sanitize" potentially harmful characters such as \ and ~ let alone an exe compile by someone with no knowledge of online threats and vulnerabilities.
Simple concept, if it can't be done with a server side script, rethink your application.
|
| « Last Edit: Oct 1st, 2013, 09:43am by MrX » |
 Logged
|
|
|
|
admin
Administrator
member is offline
Posts: 1145
|
|
Re: Online program
« Reply #13 on: Oct 1st, 2013, 10:16am » |
|
on Oct 1st, 2013, 09:39am, MrX wrote:| For the average person to expose an exe to the WWW is sheer lunacy. |
|
I disagree. You only need to look at the various BB4W support sites, such as http://www.bbcbasic.co.uk/bbcwin/examples/ and http://www.bb4wgames.com/ to find many compiled BB4W EXEs which are available to be run directly from the web by a single-click. This is an extremely useful facility, and something that BB4W is well suited for.
There is fundamentally no difference between running such an EXE and running the installer for a piece of freeware. It is the responsibility of the end-user to be careful to run only EXEs which he is confident are safe. Ideally they should be digitally signed for added security, and BB4W has that capability.
Indeed the principal reason for Code Signing certificates existing is to support running EXEs which have been downloaded from the web! If you take the view that you should never put EXEs on a web site they would be largely unnecessary!
The whole basis of the World Wide Web is freedom; there are very few restrictions on what can be placed on a web site and that is how it should be. The responsibility lies with the user to use the web safely, and that means that he should use due caution when running an EXE. But it does not mean that such EXEs should not be made available.
There are many situations when a BB4W EXE is not an appropriate solution, not least if the application needs to run on a non-Windows client. In such cases a server side solution such as a CGI script (or even a BBC BASIC program serving HTML code) is obviously more appropriate.
Richard.
|
|
Logged
|
|
|
|
MrX
Guest
|
|
Re: Online program
« Reply #14 on: Oct 1st, 2013, 10:31am » |
|
Richard
I suspect you misunderstood me.
What I meant is that the exe runs on the server as opposed to a person clicking on it and it's run on the users machine.
The way I understood the OP when he wrote:
Quote:Can I make a program in BB4W that can be put on a website and there it will run and people can work with it?
|
|
and
Quote:I was meaning to make a web based program. There is no need for download but think of a booking program is a website. Normally they are made with a language like PHP.
|
|
Is that the exe is run server side and interacts with the user via a web browser as opposed to just hosting the exe which people can click on, it will be downloaded to their computer and run.
For the exact reasons I mentioned in my previous post, you will be very hard pressed to find a hosting provider that will allow you to run an exe server side even if the server is running Windows which 99% don't.
|
| « Last Edit: Oct 1st, 2013, 10:52am by MrX » |
Logged
|
|
|
|
admin
Administrator
member is offline
Posts: 1145
|
|
Re: Online program
« Reply #15 on: Oct 1st, 2013, 10:55am » |
|
on Oct 1st, 2013, 10:31am, MrX wrote:| you will be very hard pressed to find a hosting provider that will allow you to run an exe server side even if the server is running Windows which 99% don't. |
|
Major hosting providers will sometimes offer a choice of a Linux or Windows server (mine used to, but when I last looked they seemed to have discontinued the Windows product). But of course you can run BBC BASIC under Linux (e.g. by using Brandy or Wine) so that isn't necessarily an issue.
This Microsoft article explains how to write CGI applications in Visual BASIC; how is that any different from writing them in BBC BASIC?
http://support.microsoft.com/kb/239588
Richard.
|
|
Logged
|
|
|
|
MrX
Guest
|
|
Re: Online program
« Reply #16 on: Oct 1st, 2013, 11:10am » |
|
I think you are still not understanding the differences between running an exe on a server versus a client.
Quote: But of course you can run BBC BASIC under Linux (e.g. by using Brandy or Wine) so that isn't necessarily an issue.
|
|
Are you seriously suggesting that one loads Wine onto a server so it can run an exe?
Quote:
No difference and I certainly was not trying to single out BBC BASIC.
The problem with compiling your own exe for running on a server (assuming that the server actually runs Windows) is the vulnerabilities associated with them such as buffer overflows and the like.
There have been many reports about this.
Furthermore, script interpreters such as Perl PHP and so on are actually sandboxed and run as separate user (with decreased authority) especially to decrease the chances of hacks if the proverbial hits the fan and the exe is compromised.
This is something that is not that easy to achieve with an exe and Microsoft should know better, actually they do but their security track record is not exactly an illustrious one.
My intention is not to try and say that Linux is better than Windows.
All I'm trying to point out is that running a Windows exe directly on a server is not a good idea like wise with a Linux ELF binary.
|
| « Last Edit: Oct 1st, 2013, 11:35am by MrX » |
Logged
|
|
|
|
admin
Administrator
member is offline
Posts: 1145
|
|
Re: Online program
« Reply #17 on: Oct 1st, 2013, 11:36am » |
|
on Oct 1st, 2013, 11:10am, MrX wrote:| Are you seriously suggesting that one loads Wine onto a server so it can run an exe? |
|
If I had a personal web server - and I didn't want it to run Windows - I would be prepared to do that; Wine is not a major overhead at run-time. But Brandy or Owl Basic (if and when it's ever finished) might be better choices, since they are more lightweight.
Given that support for graphics and GUI widgets would be irrelevant in a CGI application, another possibility would be recompiling BB4W as a Linux console application. That is something that has been on my wish list for a long time.
Until quite recently Jon Ripley ran a personal web server and I'm almost certain he had CGI programs written in BB4W. He was the author of the relevant Wiki article:
http://bb4w.wikispaces.com/Writing+console+mode+programs+that+will+also+run+in+the+IDE
Quote:| The problem with compiling your own exe for running on a server (assuming that the server actually runs Windows) is the vulnerabilities associated with them such as buffer overflows and the like. |
|
In that case writing a CGI application in an obscure language like BBC BASIC, which is unlikely to be targetted by hackers, sounds like a good idea! 
Richard.
|
|
Logged
|
|
|
|
MrX
Guest
|
|
Re: Online program
« Reply #18 on: Oct 1st, 2013, 11:43am » |
|
on Oct 1st, 2013, 11:36am, Richard Russell wrote:If I had a personal web server - and I didn't want it to run Windows - I would be prepared to do that; Wine is not a major overhead at run-time. But Brandy or Owl Basic (if and when it's ever finished) might be better choices, since they are more lightweight.
|
|
Richard, it has very little to do with the load it may put on a server but more to do with security loop holes associated with them.
on Oct 1st, 2013, 11:36am, Richard Russell wrote:Given that support for graphics and GUI widgets would be irrelevant in a CGI application, another possibility would be recompiling BB4W as a Linux console application. That is something that has been on my wish list for a long time.
|
|
Then why not use FASM? and simply include the BBC BASIC syntax as macros?
on Oct 1st, 2013, 11:36am, Richard Russell wrote:In that case writing a CGI application in an obscure language like BBC BASIC, which is unlikely to be targetted by hackers, sounds like a good idea!
Richard. |
|
It has nothing to do with the obscurity of a language as once it's compiled, it's all much of a muchness.
It's how the Windows Kernel treats apps that have crashed that open ups security flaws.
|
|
Logged
|
|
|
|
admin
Administrator
member is offline
Posts: 1145
|
|
Re: Online program
« Reply #19 on: Oct 1st, 2013, 12:00pm » |
|
on Oct 1st, 2013, 11:43am, MrX wrote:| Then why not use FASM? and simply include the BBC BASIC syntax as macros? |
|
Clearly you don't know very much about BBC BASIC if you think that would be "simple", or indeed even practical.
Quote:| It has nothing to do with the obscurity of a language as once it's compiled, it's all much of a muchness. |
|
A buffer overflow attack relies on knowledge of the code being targetted (e.g. by disassembling), so obscurity is beneficial. It's user-mode code (not the kernel) which is vulnerable.
This has drifted off-topic now, and I have better things to do, so I am locking the thread.
Richard.
|
|
Logged
|
|
|
|
|
