Before I give out my question, I'd like to tell you my reasons of why I need this to work. I am currently making a game and in the future I'll need people to test the game to help me look for bugs. The purpose of this website I am making is to be used as a guide/wiki and for people to report the bugs and later on when the game is near to be open to public, to be the official page with a proper server/domain. With this said, I would like to temporarily have my PC as my webpage server and to be able to allow only the IPs of the game testers to connect my PC.
Can someone help me on this, please? Thank you in advance.
Exposing your ports publicly on the internet is always very tricky because it poses a huge security threat - especially since you just notified the world that you want to do that!
Instead, you should use Ngrok, a secure tool used extensively in the industry build specifically for this. It basically serves, in one line of code, a server running locally in a public url looking like https://<some-code>.ngrok.io. The only think you'll have to worry about would be hostname mismatch, but believe me, that's still a thousand times easier than to securely expose your personal machine to the internet ;)
Related
In the JetBrains` page for Code With Me, I can see a paragraph mentioning:
You can use Code With Me for real time collaboration, editing code, sharing a server, and running a debugging session.
However, I cannot see how a server can be shared. For example, if I start API server locally, I cannot find a way to share it through Code With Me.
I am just and only looking for a way of sharing that local server through Code With Me, not any third-party website or so.
I would appreciate any help
If I understand you correctly, you want to share access to your server running locally with a guest.
For this scenario, there is a Code With Me tool-window in the right bottom corner which allows you to forward a port. The tool-window appears when the Code With Me session is active.
Does it fit your needs?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I had to "sporadically" work with Heimdal / MIT Gssapi for kerberos authentication over past couple of years. I had to build an application that was to be used as a web-service running on a Linux box, and serve client applications like browsers, running on Windows and/or Linux Desktops and Workstations. Surely not the easiest of beasts to tame. Eventually when summarizing my work, I could record that the difficulties emanated due to challenges in multiple dimensions. Getting started with gssapi programming is truly a challenge just because of poor documentation, and practically non-existant tutorials. Googling mostly results in either some theoretical discussion on what's kerberos, or leads to content written with presumption that you already know everything besides some particular semantic issue.
Some really good hacks around here contributed to help me, I therefore suppose it would be a good idea to summarize the stuff, from a developer's perspective, and share it here as some sort of a wiki, to give something back to this fantastic place, and fellow programmers.
Haven't really done a wiki like this before, and I am surely no authority on GSSAPI nor Kerberos, so please be kind, but more than that please contribute and correct my mistakes. Site Editors, I am counting on you to do your magic ;)
Getting your project completed successfully will require 3 specific things to be done correctly:
Setup of your test environment
Setup of your libraries
Your code
As I said already, such projects are beasts, just because all the three haven't been put together on the same page anywhere.
Ok So let's begin at the beginning.
Unavoidable theory for a newbie
GSSAPI helps a client application to provide credentials for a server to authoritatively identify the user. Extremely useful because the server applications can modulate their served responses if they wish to, as per the user. Very naturally therefore both - the client and the server applications must be kerberized, or as some would state kerberos-aware.
The kerberos based authentication, requires both the client and server applications, to be members of a Kerberos Realm. KDC (Kerberos Domain Controller) is the designated authority that rules the realm. Microsoft's AD servers are one of the most popularly experienced examples of a KDC, though you can of course be using a *NIX based KDC. But surely without a KDC there can be no Kerberos business at all. Desktops, Servers & workstations joined into the domain identify each other as long as all of them remain joined into the domain.
For your initial experiments, setup the client & server applications in the same realm.
Though Kerberos Authentication can surely be also used across realms by creating trusts between KDCs of these realms, or even merging keytabs from different KDCs that do not trust each other. Your code will not really need any change to accommodate such different and complex-sounding scenarios.
Kerberos Authentication basically works via "tickets (or tokens)". When a member joins the realm, the KDC "grants tokens" to each of them. These tokens are unique; time and FQDN are essential factors for these tickets.
Before you even think of the very first line of your code make sure you have got these two right:
Pitfall #1 When you setup your development and test environment, make sure everything is tested and addressed as FQDN. For example if you want to check connectivity, ping using FQDN, not IP. Needless to say therefore, they must necessarily have the same DNS service configuration.
Pitfall #2 Make sure all the host systems - that are running your KDC, client software, server software have the same time server. Time synchronization is something that one forgets, and realizes to be amiss after a lot of hair-splitting, and head-banging!
Both, the client and server applications NEED kerberos keytabs. So if your application is going to run in a *NIX host, and be a part of a Microsoft Domain, you have to get a kerberos keytab generated, before we start to look at the remaining preparatory steps for gss programming.
Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability at is an absolute must-read.
GSS-API Programming Guide is an excellent bookmark.
Depending upon your *NIX distribution you can install the headers & libraries for building your code. My suggestion however is to download the source and build it yourself. Yes, you might not get it right at one go, but it surely is worth the trouble.
Pitfall #3 Make sure that your application is running in an Kerberos aware environment.
I really learnt this the hard way, but maybe because I am not so smart. In my earliest stages of gssapi programming struggle, I had discovered that kerberos keytabs were absolutely necessary for making my application kerberos-aware. But I simply couldn't find anything about how to load these keytabs in my application. You know why?!! Because no such api exists!!!
Because: The application is to be run in an environment which is aware of the keytabs.
Ok, let me make this simple: Your application that is supposed to do the GSSAPI / Kerberos things has to run after you have set environment variable KRB5_KTNAME to the path where you have stored the keytabs. So either you do something like:
export KRB5_KTNAME=<path/to/your/keytab>
or make use of setenv to set KRB5_KTNAME in your application sufficiently before the very first line of your code that uses gssapi is run.
We are now ready to do the necessary things in the application's code.
I understand there are quite a few other aspects that must be reviewed by the application developer, to write and test an application. I know of a few environment variables, that can be important.
Can anybody please shed some more light upon that?
I'm building an app which upon login will connect you to certain ip addresses of which will also be running the same app.
The method of which i believe i should be using is direct tunnelling but as i say im a little new to c++, i have general coding skills, and i have sifted through a lot of forums and sites yet im still very unclear on what the best way forward is to achieve the requirement.
The reason for the connection will be to enable a secure chat, file transfer, and update software auto when connected to the program admin.
All those that have the app installed will once authorised, will be connected to admin client, then from that client all available ip's to connect to will become available to slave clients, this will increase the network size avilable to all users.
so the app needs to be able to handle ports but not via a server, instead it would be direct.
The connections also must ideally be encrypted.
Im kind of looking for what the application RetroShare does, but in text app.
(This is using C++ within Dev C++)
so just to recap, What method should i use to achieve the above?
I would take a look at SDL net to start with, its really simple to learn if you have never done any socket programming before.
for a secure connection you will probably want to start with TCP and then once you get the hang of network programming, start looking at other protocols.
Hope this helped! and good luck.
I know that it's bad to use the Django web server in production. There's been at least one Stackoveflow question on this already.
But I'm wondering about where to draw the line between development and production? If I'm only allowing HTTP access to one (or a few) IP addresses, then I know I'm in development. What if I open it to all IP addresses, but only e-mail a couple friends to see what they think of what I've built?
As far as I can tell, the problems with using the Django server are:
It's single-threaded
Security
I don't think (1) is likely to be an issue if I'm only sharing it with a few people. For (2)--what's the worst-case scenario? Does it make a difference that I'm running on an Amazon EC2 server that I could very easily restart from a backup if something bad happened?
Well, the answer is very simple actually, you've left development when you have something you must protect: real user personal information, real data in your database that you'd be afraid to lose, etc.
Security isn't a concern until these things are present. The rule about not using the dev server in "production" is guidance, not mandatory. You can fire up the dev server in your production environment any time you want. However, you'd be silly to do so and then open up universal access to it, once your site is truly live and in use by the world.
Setting up mod_wsgi (or some other WSGI container) on a development machine takes all of 5 minutes, and can help you sort out deployment issues before you actually reach deployment. So really, why ever use the development server if you don't have to?
We're making a product which requires a web service to hook up to an existing database used by one of our other products. Owing to time constraints we need to get this thing up and running pretty quickly. Our web server is Apache on a Linux machine, and the client software for the new product is constrained to communication on Port 80. Our dilemma is that we can't just get a new server in time (Apache can't share port 80) and so the plan is to route requests through the existing Apache server.
I know we can hook Apache up to Tomcat using mod_jk, but what I want to do is overlay Apache Axis on Tomcat to make use of SOAP. I'm currently downloading everything I need to test this out, but not having used Axis before, I'm just curious as to whether anybody has actually tried this before and if so, does it / can it work? If there are going to be any roadblocks stopping me from doing this then a heads-up would be much appreciated.
I can't seem to find anything which says this particular setup will or won't work, apart from a posting on the Ubuntu forums which looks similar to what I'm attempting to do but on closer inspection appears to be different.
So to summarise, what I'm curious about is whether accessing a SOAP Web Service through Apache web server, connected to an Axis / Tomcat combo would work?
I'm assuming for now that with a little jiggery-pokery it should be ok, but I'll admit I'm in unfamiliar territory here so any advice / information would be a big help.
Thanks,
Tom
Having just installed and configured all of the necessary components, it appears that this does work. I'm yet to test whether it allows a web service to work from a client machine properly yet, but all signs look good so far!
I worked on a product that had exactly this setup about a year ago. I'm afraid the details are a bit fuzzy, but I don't remember having any problems with the software stack. If you find you need help, comment back here and I'll try to dig up some more info.