0

I have to build an Automated Chat Application which will have it's front end as a widget on the website and back-end logic at server. It's main purpose will be to provide an interface to the customers to solve their queries with a chat personnel sitting at a location with the server as the communication point. If there is no person available then the application will parse the string and try to give a few answers by checking among a database.

I have a very good experience in C++ and a little experience in Java. The main concerns of the application are source code security and highest efficiency.

The restrictions which i am facing from the server side is that i have to run it on IIS and the only scripting languages supported are PHPv5, ASP, ASP.NET and FastCGI.

I am not going for PHP since i have found from googling that it's possible to reverse engineer it and it will take me a lot of time to learn a new language, so a strict no.

I prefer going for FastCGI cause it will serve exactly what my requirements are, but i am unable to find a way to compile on windows with C++ or any good tutorial. Most of the results i found on google related to FastCGI development were about Linux or in Perl for windows. I am also unable to find a way as to how to compile it on windows platform.

I am now being forced to go for ASP.NET, which will be my last option since it's an Interpreted Language and Interpreted languages have a tendency to be weak against reverse engineering.

So can anyone suggest me how to go about with it. If there is no way out for FastCGI then suggest me which will be good amongst MVC and WebForms for the given situations. I am new to both of them and i need to complete the application within two weeks.

2 Answers2

0

First things first.

  1. EVERYTHING can be reverse-engineered. It just depends on how smart the guy trying to reverse engineer your code is. Obfuscating is not a replacement for securing your code. If your server side PHP is safely stowed away on your server with all the proper security parameters configured, then you have nothing to worry about. But if you don't know PHP already then fair enough.

  2. ASP.NET is only partly interpreted. The C# or visual basic that you use for the server side code is compiled. What IS interpreted is the code directly on the page. Remember though that most of your logic does not take place there... it takes place in the code pages which are compiled and the page code is mainly for displaying what you have already calculated. But don't forget that any server side tags that you put into your HTML on your pages get parsed and stripped out when the page is served to the user. If you have a tag <%: ViewData["value"] %>, the user will only see the value for "value" when they look at your source, and not the actual server side tag.

  3. You are going to have a tough time learning ASP.NET AND completing your app in two weeks. I personally love ASP.NET MVC, but if you don't have much of a web programming background then it probably isn't the easiest thing to learn in comparison to Web Forms. That said however...

  4. I'm not a fan of PHP, but it is widely used and a great language for setting up simple projects quickly. There are also tons of examples out there and it is of the first web languages that people learn (in part for those reasons). If you have two weeks to learn a language and set up a project, go with PHP. Even with a C background, there is a lot more to web programming than just knowing a server side language, so you'd be best off a quick and dirty language that gets what you want to get done, done, with minimal effort. That is to say, PHP.

Levi Botelho
  • 24,626
  • 5
  • 61
  • 96
  • ASP.NET WebPages will be just as fast to pick up as PHP. – CMircea Aug 04 '12 at 06:56
  • I would say there are more examples out there for PHP, given the number of programmers that there are. WebForms is easy but I suggested PHP because I wouldn't be surprised if someone out there had already written a similar project and posted it online. I'm a .NET developer and love C#/ASP.NET, but honestly the guy has 2 weeks he can't write all that alone from scratch with no prior web dev experience. – Levi Botelho Aug 04 '12 at 07:00
  • @Mr_Creosote Thank you very much for the quick reply. I guess i have to go for PHP now, and although code obfuscation is not a replacement for security, i'll be going for it as a precaution to minimize the chances. This might be a stupid question but since i don't know about PHP, can u tell me that is it possible that i write all of my logic in C++, make it a Win32 dll and then use the functions, just to increase a layer to the security, or can i simply trust the Website Hosting Provider for the security –  Aug 05 '12 at 10:45
  • One more benefit i get from PHP would be it's platform independence since my development platform is Fedora and i have to run it on windows so a lot of help. Although i use Windows XP in Virtual Box but still it'll be a lot faster working on my native machine since i am used to it. –  Aug 05 '12 at 11:07
  • You can do something like this http://webhole.net/2010/03/21/c-plus-plus-php-and-jquery/ which basically means that you execute a server program from your PHP. Keep in mind though that you are writing a WEB application... users will not have access to your code! If you wrote an application in PHP and then gave the application to people to execute on their machines, that is a different matter, but if you are hosting a web site people will not be able to access your code unless they hack your setup... in which case obfuscation is the least of your concerns. – Levi Botelho Aug 05 '12 at 12:25
0

FastCGI / C++ has a better performance. If you need a link on how-to: http://cgi.sourceforge.net/ and much more with google search.

wildneuro
  • 203
  • 2
  • 3