We have two machines:
server
client
Server is running Clojure + Ring + ... standard ClojureScript webstack.
Client = some machine running Chorme/Firefox/Safari
Now, suppose Server is running a ClojureScriptRepl connection at port 9000 that Client can connect to to setup the ClojureScriptOne Repl.
This allows the server to control the client behavior in certain ways.
However, does this also allow the client to control the server? I.e. does the very act of running a ClojureScript repl allow the client to compromise/control/execute arbitrary code on the server (as running a Clojure Repl would).
Thanks!
Nope. Only strings are moving to server, and server just prints then as string. Practicly there's no overflow attack possibilities, and succeeding with java virtualmachine is not likely, and if it were possible a ton of software woult be wunerable.
Related
Background: I've got an C++/Qt-based application that communicates with servers on the user's LAN. It uses non-blocking TCP and UDP sockets, and the networking is implemented via calls to the BSD sockets API (i.e. socket()/send()/recv()/select()/etc). It all works well.
The other day, just for fun, I decided to recompile the application using emscripten, so that it could run as a WebAssembly app inside a web browser.
This worked surprisingly well -- within an hour or two, I had my app up and running inside Google Chrome. However, the app's usefulness in this configuration is severely limited by the fact that it isn't able to connect to any servers -- presumably this is because it is running in a restricted/sandboxed environment.
If I wanted to pursue this line of development beyond the clever-hack-demo stage and try to make it useful, I would need to find a way for my program to discover and connect to servers on the user's LAN.
My question is: is that functionality at all possible for a Emscripten/WebAssembly-based app to perform? If so, what steps would I need to take? (i.e. would it require upgrading the LAN's servers to handle WebSocket-based connections? Would it require adding some sort of proxy server to run on the web server that the web page was served from? Is UDP even a thing in a web-app context? Are there other hoops that would also have to be jumped through?)
We are using AWS EC2(ubuntu-xenial-16.04-amd64-server) instance for running PHP Websocket server.
We are using following command, in order to keep WebSocket server running continuously.
nohup php -q server.php >/dev/null 2>&1 &
It is running very well up to two days.But if no client has
connected to WebSocket server in last two days,it automatically stops
responding.
I checked the status of WebSocket port with this command (lsof -i:9000).I got following output(5&6)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
php 1467 ubuntu 4u IPv4 17137 0t0 TCP *:9000 (LISTEN)
It seems WebSocket server is running.But client(i.e. mobile application) is not able to connect.
Is there any specific reason behind this problem? We are not able to figure out exact issue.
You'll need to provide more information for SO community to be able to help you.
Let's look at the layers for your infrastructure make an educated guess where the problem might be.
We have:
external connector (the mobile app)
PHP script acting as a server (receiver).
OS (Ubuntu)
OS kernel can kill running processes for various misbehaves. Most common OOM-killer (out-of-memory).
It's not uncommon to see PHP scripts becoming unresponsive especially when stream (sockets) programming is involved, we'll need to see that code.
You are saying that everything is fine for two days, so we can rule out external connector problem and concentrate on mismanaging of resources problems: garbage-collection, memory leaks, stream leaks, etc. Some external process is either killing your PHP script or PHP script itself becomes unresponsive.
The investigation should start at:
Sharing the server.php, and then moving to
Log analysis.
I'm writing a program in C++ that will run all the time in the background to do different tasks - a deamon.
Apart from it's usual tasks a web application should communicate with it (AJAX requests in doing a COMET pattern = lots of open but sleeping connections).
So the question is: how should I connect it to the web server (apache and lighttpd are relevant)?
Of what I've read FastCGI would be very interesting for that task, but all references I've read were talking about the web server starting the FastCGI application when necessary. This wouldn't work here as the deamon would already be running...
I've also read that the web server would talk via socets with the FastCGI application - so that could be an entry point for me, the deamon would "only" need to talk to such a socket.
But are there good libraries available for that?
Looking at the features of http://cppcms.com/wikipp/en/page/main it looks very interesting for me - but could that work in my case? And could it be stripped down - offering even a SQL connection is far too heavy for my case...
So what advice can you give me?
PS: Performance wise I recon a single threaded but asynchronous implementation would work for the deamon <-> web server glue.
FastCGI is the standard protocol to communicate with the web server. All mentioned web servers can communicate with the remote deamon application via fastcgi.
http://cppcms.com/wikipp/en/page/cppcms_1x_tut_web_server_config
Also if you are looking for Comet support, that what CppCMS provides you natively:
http://blog.cppcms.com/post/107
And could it be stripped down - offering even a SQL connection is far too heavy for my case...
CppCMS library is very small also it allows to reduce its size:
http://cppcms.com/wikipp/en/page/cppcms_1x_build#Build.Options
also SQL connectivity CppDB is independent part.
Performance wise I recon a single threaded but asynchronous implementation would work for the deamon <-> web server glue.
It is one of the standard CppCMS run mode - running asynchronous web applications.
Update:
Of what I've read FastCGI would be very interesting for that task, but all references I've read were talking about the web server starting the FastCGI application when necessary. This wouldn't work here as the deamon would already be running..
Indeed some web servers start the fast cgi applications but:
Lighttpd allows both to start FastCGI and SCGI application or connect to independent one
Cherokee (AFAIR) allows both to start FastCGI and SCGI application or connect to independent one
Apache:
mod_fascgi allows both to start FastCGI application or connect to independent one
mod_scgi connects to independent application - does not start application.
mod_fcgid always starts application - does not suite you
Also as general note, apache does not suit a pattern of working with many idle connections as it uses thread (or even process depending mpm) per connection.
Nginx - does not start applications at all, however for fastcgi currently not the best for comet streaming because of buffering, so SCGI would be better with nginx (assuming you are using latest nginx version)
Small note: SCGI is a protocol that is very similar to FastCGI but significantly simpler.
I'm running a client/server application locally on my Windows XP PC and for testing purposes I want to run multiple clients.
The server has a configuration file containing the IP addresses of the clients that can connect; in the real world, these would all be on separate hosts with separate IP addresses.
Currently I am able to test locally with a single client which binds to 127.0.0.1 however because I can only have one client-IP mapping in the server configuration (that's how the system works and can't be redesigned!) I can only run one client on my development PC.
I've tried to start another client application bound to 127.0.0.2 connecting to the server which is bound to 0.0.0.0 however the server thinks that the client is connecting from 127.0.0.1 again and so rejects what it believes is a second connection from the first client.
Can anyone suggest a way to get around this problem? I believe I could run one more client bound to the external IP address of the PC but I'd really like to be able to run multiple.
I know I could use VirtualBox or similar to run new instances but I'd like all of the client applications to be running in the Visual Studio debugger.
Any help greatly appreciated!
Nick.
PS. Not sure if it matters but the applications are written in C++ using standard winsock sockets.
You might be able to create more loopback interfaces. See the chosen answer to How do you create a virtual network interface on Windows?
AFAIK Windows 7 (maybe Vista too) lets you add multiple IP addresses to a single interface (card).
I am writing a web application using ring and clojure. I am using the jetty adapter for the development server and emacs/SLIME for IDE. While wrap-reload does help, run-jetty blocks my slime session and I would like to be able to start/stop it at will without having to run it in a separate terminal session. Ideally, I would like to define a server agent and functions start-server and stop-server that would start/stop the server inside the agent. Is this possible?
I usually have a line in my Ring app that looks like the following:
(defonce server (run-jetty #'my-app {:port 8080 :join? false}))
This prevents locking up the REPL. It also allows me to recompile this file without worrying that my server will get redefined. It also lets you interact at the REPL like so:
user=> (.stop server)
and
user=> (.start server)
The Jetty documentation has some information on graceful shutdown of Jetty. That's probably not enough information but it may get you started.
I haven't started playing with compojure yet, but overall I prefer to work with Tomcat. It's more full-featured; among other things, there is a well-documented API for starting it up and shutting it down, it listens for the shutdown command on a dedicated port; there are ant tasks to do this, and they could of course be called from a Java app as well. I just don't know what kind of magic Compojure does with connecting the REPL to a running instance of the Web container, and if/how automatic class reloading happens... hopefully someone else will be able to provide more information.
12 years later.
VSCode / Calva:
If you are like me starting jetty from the repl inside VSCode / Calva
you have to CTRL-C the server process at the terminal not the REPL.
In fact the server process is bound to the terminal not to the REPL.