I want to convert my struts2 web application into an exe format so that exe file will load my project into server and database into MySQL.
Are there any such tools available for loading files into a folder?
Are there any forms other than .exe to which I could convert my project to do this action?
Is it possible to decrypt the code from class file to java file?
Which is the most secure form for a struts2 project for loading into a server?
You want to convert it to executable one?? generally installer came to assist auto installation like if you have created a product using all these technology and you want save your customer from all the setting and installation processes like database configuration,other configurations etc.
Is it possible to decrypt the code from class format to java format
there are many java d-compilers available which help you to convert .class files to java files though they sometime fails to convert it 100% but in most cases they tend to show some one what they actually want to see.
You can't load an exe file into a web server.
I suppose you could create an executable that includes a server and your war file, but I would strongly discourage the practice.
You could obfuscate (e.g., with ProGuard) and/or encrypt your .class files, but if they're determined to get to your unobfuscated byte code, they almost certainly will.
If they're not that determined, then it's probably not important enough to go through all the effort, debugging, and so on.
Related
I am working on a web application using Rails which user can upload a zip file which contains its data/file/docs and etc. But I'm concerned with security right now, I want to scan the uploaded zip file and remove all kind of executable such exe, bash and etc how can I do this?
Edit: I am aware of clamav API for rails but it would only scan the file for malicious files not removing the executable, just imagine opening a wrong uploaded executable file in the server and the cost of this action server/business-wide!
First, it would be better and more robust to whitelist allowed file types, and not blacklist disallowed ones (eg. executables). So you should have a list of types you allow if that is possible in your application.
Then the question is how you determine the type of a file.
The trivial way is checking the file extension, but that's not very strong. It may still be good for a first check to avoid spending precious cpu time on further checks.
After that, you can use the filemagic database to quite reliably find the type of uploaded files. You have two options:
If your application runs on linux, you can call the file tool directly, something like filetype = `file -Ib #{filename}` to get the filetype. Note that filename in this example needs to be sanitized to avoid OS command injection!
If you want to support Windows too (or just want to avoid calling shell commands and have nicer code), you can use the ruby-filemagic gem:
require 'filemagic'
filename = 'yourfile.ext'
magic = FileMagic.new
filetype = magic.file(filename)
The problem with ruby-filemagic is that it's not maintained anymore, but it would probably still work fine to find executables.
I've created an ISAPI Extension in Delphi which works just fine, but I am wondering if there is a best practice on how to store configuration settings? I can think of a number of ways to do this, but I would of course like to do it the best way. I might have looked in all the wrong places, but I can't find anything that helps me out...
Is an ini or xml file in the same directory as the dll a good way? Or use the windows registry? Or is is possible (and sensible) to put ISAPI Extension-specific configuration in web.config and thereby utilize the IIS Manager to configure? Or something else?
I generally use GetModuleFileName(HInstance); to find out where the DLL is stored, and keep a file there (ini or xml). It's advisable to keep it, and the DLL, out of reach of IIS so it's not accessible over a URL.
You can use an INI file (make sure it's outside the \InetPub\ folder. Make sure you cache the INI file using TMemIniFile.
You can use a XML file. Make sure you read the XML file to cache and release the file handler after that, to prevent locked files during a concurrent read.
To check for changes while the ISAPI is loaded, check the Date/Time
stamp of the XML file before re-reading it again.
Another suggestion is to use an in-memory database and load/save the data file to and from disk.
If we want to store critical information, like passwords and server addresses, inside the executable file generated by the Delphi compiler, how can we do that, without knowing the final executable size and binary structure, like at the end of the file for example?
Side note:
The text to be stored is already encrypted; and in some computers the windows don't give access to write in the registry, specially when the user is not administrator, and there are hacks to monitor registry changes and the smart user can find the new windows registry entry.
Comment
Why this question was down voted? This is achievable! Doesn't meter if not interesting for most people.
I think about the bios and other firmware upgradeable, like satelite tv signal decoders that update themselves. How is that possible?
You can use an .rc file to put your data into a custom resource inside the final .exe file. You can then access that resource at run-time, such as with a TResourceStream, and decrypt and use its content as needed. However, you cannot write new data into the resource while the .exe is running, as the file is locked by the OS. If you need to write new settings, and do not have write access to the Registry, you will have to use a separate file instead. Windows has special folders set aside that users have write access to within their user profiles.
Create a string table resource is one way.
Create a text file. say secretstuff.rc (has to have .rc extension)
with something like this in it.
STRINGTABLE
{
1,"This is my encrypted password in say Base64"
}
Compile it to a .res file with BRCC32.
Include it in the relevant code with a compiler directive
{$R secretstuff.res}
After that you access with TResourceStream.
If you want to manage it a bit better might be wise to stuff them in a dll instead of an exe, then you can update things by delivering a new version of the dll.
There's an example with a it more detail, another purpose but same principle here
I have .Net desktop app which users can download from my website. I want to customize this app to per user basis.
Is there way to modify exe before downloading, just to change few strings with appropriate for the users downloading ?
Or it is possible to pass command line parameters to this exe via URL ?
The .exe file needs to be customized for it to behave differently for certain downloads.
Skip below to find the solution I found tolerable.
Add section to the .EXE file – Not ideal.
The .exe file has sections one after the other. You could add a section with your data in it, which the executable would then read. This requires you to modify (have access to) the source code of the executable for it to do anything meaningful with the data. Also getting familiar with the .exe file format and modifying it on the web server side as well al playing with it in the program's source code is somewhat tedious.
Change resources section of the .EXE file – Not ideal.
A dedicated "resources" section exists in the executable. You could add custom strings or blob of data to it. Same cons as the first one.
Overwrite data in the .EXE at a fixed position – Passable.
Have the executable read data from itself from a fixed position in the file, which is overwritten with the customization data when serving the .exe file. Requires modifying the executable's source code.
Append data to the .EXE – Passable.
Append data to the executable. Again, reading it and doing anything special with it requires the executable itself doing so.
☑ Wrap the .EXE in another .EXE and append your data to it – Tolerable.
Create a program to which the original executable and the custom data will be appended to. When this custom program is then executed, it will extract the embedded executable and launch it with the custom data as it arguments.
This kind of a bundle-executable is also easy to produce on most server-side (scripting) languages. When the download is requested, the server sends the wrapper-exe, the original exe, the customized data and of course some statically-sized data fields denoting the sizes of both of those data blocks so it can extract them.
Cons: Requires such a wrapper program to be created, unless someone already has.
Related links:
1. Best practices to let my web users download custom .exe from my site using PHP
2. Modifying executable upon download (Like Ninite)
If the application is ClickOnce deployed, passing URL parameters is an option in the ClickOnce options dialog. However, I have not yet used this feature.
EDIT
You might want to change some user settings in your configuration depending on the user that actually runs the application. You could also make sure this is done only once per user by adding an appropriate SettingsNeedUpdate setting you set to true after the initial initialization.
Example:
Add new setting "Option1", "Option2" and "SettingsNeedUpdate" which are user settings. In Main you could add something like:
...
try
{
if (Properties.Settings.Default.SettingsNeedUpdate)
{
Properties.Settings.Default.Option1 = ...;
Properties.Settings.Default.Option2 = ...;
Properties.Settings.Default.SettingsNeedUpdate = false;
Properties.Settings.Default.Save();
}
}
catch (Exception exp)
{
...
}
...
You could write a library which can modify an assembly resources (here string table).
This library could benefit from reflection.
When a user asks for your file, asp.net page could customize the exe (using your library) and send it to client.
Not like that, No.
You could however automatically zip (on your server) your exe with a custom app.config file for each user.
Update
Point your download location to a custom HttpHandler that zips together your exe (using http://www.sharpdevelop.net/OpenSource/SharpZipLib/) with a generated (for the current user) application configuration file ( http://generally.wordpress.com/2007/09/27/using-appconfig-for-user-defined-runtime-parameters/).
The user then unzips the two files (MyApp.exe & MyApp.exe.config) to any location and run MyApp.exe.
This method does not work if you have an installer.
Wondered if anybody knows how customizable Flash swf files are made, where there appears to be a template swf that the user can then input some changes (eg text or image) and receives a newly-compiled swf file with their changes.
Some examples:
- http://flashfreezer.com/landingconfetti/index.html
Constraints:
- user receives a single output swf file that can be played with all their changes included. ie there is no reading from an xml file, or using Flashvars.
Been trying different things for a few weeks with no luck!
There are a number of ways, but generally the most common is to either use a SWF generating library (like PHP's) or through server-side compiling.
Normally, this will be a custom or proprietary library which uses the same language that the serve is running (and there are open-source libraries for this in PHP, Perl, Python, Java, C++... etc). The SWF is generated and served up with the appropriate headers so that the browser knows how to re-direct it. Often this will involve a pre-defined template which is then modified slightly for the new input. Only occasionally does this involve the manipulation of pre-generated SWF directly.
The other option is to have a command line call to the Flash IDE or the Flex compiler (and, technically, this can work for CS3 and CS4, though in a very nasty and hackish way) to generate a new version of the SWF on the fly. This is often slower, but it will generally yield a more finished feel to a product.
You could try Swiffotron. It can modify SWF files and do text replace type things on both text elements and in compiled actionscript.
Here's a swiffotron xml job file that does some text replacing.
And here's a swiffotron XML job file that modifies instances on the stage.
I didn't check the site, but the only way I can think of is to read the requirement details through flash (this can be done through plain html also) and then generate the AS files from their templates and compile them at the server side (using mxmlc or other compilers) and give back the SWF.
I get the impression that you're looking for SwfMill. SwfMill creates a swf based on an XML file that you create/define. You could use SwfMill on the server to generate a swf based on user input.