Server Side Practice

Whether you're a newbie or an experienced programmer, any questions, help, or just talk of any language will be welcomed here.

Moderator: Coders of Rage

Benjamin100
ES Beta Backer
ES Beta Backer
Posts: 250
Joined: Tue Jul 19, 2011 9:37 pm

Server Side Practice

Post by Benjamin100 »

So, I was here a while ago. I had been programming in C++ and even learning some OpenGL, but I'm not good with math so I stopped that.

Now I'm trying to learn some more Web Development, and I want to learn PHP.
The issue is that I don't have a server to do server side scripting with. Apparently I can set one up, but if I do couldn't somebody get access to it and start using my computer as a server? Won't I have to use some sort of security to make sure nobody else uses it?
Rebornxeno
Chaos Rift Cool Newbie
Chaos Rift Cool Newbie
Posts: 85
Joined: Thu Jun 23, 2011 11:12 am

Re: Server Side Practice

Post by Rebornxeno »

That's a really interesting question that I hope someone answers. Here is my answer: Pretend you have a server! You can write up a server-simulator that acts like a server, but really isn't, and do your pcp on that.
User avatar
BugInTheSYS
Chaos Rift Cool Newbie
Chaos Rift Cool Newbie
Posts: 88
Joined: Mon Feb 07, 2011 4:16 pm
Current Project: Vintage Roads
Favorite Gaming Platforms: PC
Programming Language of Choice: C++, Delphi
Location: Pinneberg, Germany
Contact:

Re: Server Side Practice

Post by BugInTheSYS »

You don't need to write a server 'simulator,' things like that are already out there. Just take a look at XAMPP.
And keep in mind that there are more possibilities to write server-side programs than just PHP. Professional websites with a lot of traffic probably use a kind of server-side application that has been compiled previously, instead of interpreting PHP on each request.
Edit: if you set up you PC as a server with xampp, any router will prevent people from outside your network from accessing it, in default configuration.
Someday, everything will go to /dev/null. - Bug's prophecy 13:37
Rebornxeno
Chaos Rift Cool Newbie
Chaos Rift Cool Newbie
Posts: 85
Joined: Thu Jun 23, 2011 11:12 am

Re: Server Side Practice

Post by Rebornxeno »

This might really be siding on off topic, but I want to ask, could a router be bypassed in some way? As in, even if he is using a router, is there some way when he uses XAMPP that security could still be a risk?
User avatar
bbguimaraes
Chaos Rift Junior
Chaos Rift Junior
Posts: 294
Joined: Wed Apr 11, 2012 4:34 pm
Programming Language of Choice: c++
Location: Brazil
Contact:

Re: Server Side Practice

Post by bbguimaraes »

Most (if not all) modems/routers come with a built-in firewall, and the rules are usually deny every connection from the outside to the inside and allow all connections from the inside to the outside. You have to check it to be sure, but I'm pretty sure every sane device does that.
User avatar
superLED
Chaos Rift Junior
Chaos Rift Junior
Posts: 303
Joined: Sun Nov 21, 2010 10:56 am
Current Project: Engine
Favorite Gaming Platforms: N64
Programming Language of Choice: C++, PHP
Location: Norway

Re: Server Side Practice

Post by superLED »

Where I work, we use XAMPP (Windows) and LAMPP (Linux) all the time in early development.
I do it from home as well, while working on personal projects.

I have never ever been affected by outsiders.

If you are dumb and port-forward a port (so your can access your localhost from elsewhere) && give away your IP address, then you might have a problem.
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Re: Server Side Practice

Post by dandymcgee »

I've used XAMPP before as well, which works fine for local web development. However, I personally prefer: USB Webserver
It's completely portable (no installer), and runs out of a single directory. You can throw it on a flash drive or in your drop box and do your testing / development from anywhere.
Rebornxeno wrote:This might really be siding on off topic, but I want to ask, could a router be bypassed in some way? As in, even if he is using a router, is there some way when he uses XAMPP that security could still be a risk?
A router does exactly what the name implies: it routes packets to their intended destination. Conceptually, a router has no inherent security other than making sure packets get sent to the right host. However, most hardware that we refer to as "routers" have many other functions built-in, including a firewall. Many modern modems also have some routing and firewall functionality as well (even the ones with only one ethernet port!)
bbguimaraes wrote:Most (if not all) modems/routers come with a built-in firewall, and the rules are usually deny every connection from the outside to the inside and allow all connections from the inside to the outside. You have to check it to be sure, but I'm pretty sure every sane device does that.
I would agree. It's usually safe to bet your modem/router does this by default, but it never hurts to check the configuration yourself to make sure.
superLED wrote:If you are dumb and port-forward a port (so your can access your localhost from elsewhere) && give away your IP address, then you might have a problem.
If your host is not internet accessible then, by definition, it cannot be accessed by a malicious user via the internet. While there are plenty of convoluted exceptions to this general statement, it is highly unlikely anyone is going to target your machine specifically unless you are known to be storing very sensitive data.

Even if you were to accidentally make your web server internet accessible (unlikely, as it's usually fairly difficult to do on purpose), the hacker would still be confined the directories and applications in the web root. Short of finding a code execution vulnerability in your web application, they can't do much. Web hackers are usually more interested in convincing your database to spit out information its not supposed to.

If you were extremely paranoid, or wanted to play around with vulnerable software on purpose, you could always sandbox the web server in a virtual machine. This is most definitely overkill for simple local development use.

I'm happy to answer any other web dev questions you might have, as it's one of my favorite topics.

PS - Fun with PHP:
top20.php
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Re: Server Side Practice

Post by dandymcgee »

Rebornxeno wrote:You can write up a server-simulator that acts like a server, but really isn't, and do your pcp on that.
Also.. I highly discourage doing pcp. That shit will fuck you up. PHP is much healthier for your brain and your career.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
MarauderIIC
Respected Programmer
Respected Programmer
Posts: 3406
Joined: Sat Jul 10, 2004 3:05 pm
Location: Maryland, USA

Re: Server Side Practice

Post by MarauderIIC »

You can set the server to only listen to 127.0.0.1 (localhost), therefore alleviating all of your security concerns.
I realized the moment I fell into the fissure that the book would not be destroyed as I had planned.
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Re: Server Side Practice

Post by dandymcgee »

MarauderIIC wrote:You can set the server to only listen to 127.0.0.1 (localhost), therefore alleviating all of your security concerns.
Ahh yeah, I knew there was something like that but I forgot about loopback. Haven't set up a local server in quite a while.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
MarauderIIC
Respected Programmer
Respected Programmer
Posts: 3406
Joined: Sat Jul 10, 2004 3:05 pm
Location: Maryland, USA

Re: Server Side Practice

Post by MarauderIIC »

Yup, because
http://beej.us/guide/bgnet/output/html/multipage/syscalls.html#bind wrote:int bind(int sockfd, struct sockaddr *my_addr, int addrlen);
<snip> my_addr is a pointer to a struct sockaddr that contains information about your address, namely, port and IP address. <snip>
(Emphasis mine) Thus it's possible to listen only on desired IP addresses, and this is implemented in all (most) server software since a machine can have additional network cards in addition to its loopback :)

...but that's more than you wanted to know.
I realized the moment I fell into the fissure that the book would not be destroyed as I had planned.
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Re: Server Side Practice

Post by dandymcgee »

MarauderIIC wrote:...but that's more than you wanted to know.
No such thing.. unless we're talking about mathematic proofs.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
Benjamin100
ES Beta Backer
ES Beta Backer
Posts: 250
Joined: Tue Jul 19, 2011 9:37 pm

Re: Server Side Practice

Post by Benjamin100 »

Thanks guys.

I'm still confused. I was watching a tutorial and apparently you have to set it up and then open it up in a browser to
set a password. Does that mean that before I set the password it is open to the public? I'm confused.
I don't understand servers. I'm still learning this stuff.

p.s. Why is the text in the posting box so small?
Benjamin100
ES Beta Backer
ES Beta Backer
Posts: 250
Joined: Tue Jul 19, 2011 9:37 pm

Re: Server Side Practice

Post by Benjamin100 »

So I've set it up just this way; http://www.webassist.com/support/docume ... indows.php
Does that mean it won't allow any access to my server from outside?
Benjamin100
ES Beta Backer
ES Beta Backer
Posts: 250
Joined: Tue Jul 19, 2011 9:37 pm

Re: Server Side Practice

Post by Benjamin100 »

Now I just get an Access Forbidden whenever I try to test a webpage.
Post Reply