Category Archives: technology

Securing web application

Below are things to do to secure your web application

  1. Database user user for the system can only has access to insert, select, update, delete. Not other datase utilities like drop, create etc.
  2. Use recaptcha if wrong login attempt exceeds x times
  3. Never display id on url, use hashed id instead – checkout hashids.org
  4. Always check a user can’t view, access or update any data not belong to him/her. Especially on multi-tenant system
  5. Force at least 8 character length for user password. Better to include numbers, capital letters and special symbols
  6. If use cookies, make sure don’t save sensitive data and always save something that is encrypted that need to be decrypted by server in order to use. For example, for a remember me cookie, use user IP plus the username to construct the an encrypted “token” to be stored in cookie.
  7. Check again input at the back end even it has been check on front-end using javascript
  8. Make the 2-FA (2 factor authentication) available for user to choose
  9. Use SSL/HTTPS
  10. Always use production-standard settings. Not development-standard settings. For example, never display detail errors to the users such as sql error that show table and fields.
  11. Give developers/admins different username and access to what they can only do

Telegram bot to send message

This is a simple code for a telegram bot to send message to a person or to a group

function send_telegram($telegram_id, $message_text) {

        $secret_token='123456789:adfjalJNhahasdfHUsQ';

        // to get group telegram id (can be in negative value)
        // https://api.telegram.org/bot1228803793:AAEElKIr5OhBlnMpsvPVNLa_Gb4cjSriUsQ/getUpdates

        $url = "https://api.telegram.org/bot" . $secret_token . "/sendMessage?parse_mode=markdown&chat_id=" . $telegram_id;
        $url = $url . "&text=" . urlencode($message_text);
        $ch = curl_init();
        $optArray = array(
                CURLOPT_URL => $url,
                CURLOPT_RETURNTRANSFER => true
        );
        curl_setopt_array($ch, $optArray);
        $result = curl_exec($ch);
        curl_close($ch);
    }

Some important notes

  1. You need to create a bot using @botFather (search this bot in telegram and just follow the steps to create your own bot)
  2. Once your bot successfully created, you need to capture the secret token given
  3. To get the telegram id for user – can ask the user to send a message to @userinfobot – the telegram id is in integer
  4. To get telegram id for a group, you need to add the bot to the group and go to this link to get the group id, group id start with – (dash/negative sign)
    https://api.telegram.org/bot<your bot secret token>/getUpdates
  5. In order for bot able to send message to the group, you must add bot to the group
  6. In order for bot able to send message to a person, the person must send a message to the bot first

source

Send message to telegram via API

We can send message to a group or channel via API

What we need is token and chat_id. Bot and bot token to get from @botfather. While chat_id to get from telegram group/channel. i.e. @group_name

$token = "YOUR_BOT's_TOKEN";

$data = [
    'text' => 'your message here',
    'chat_id' => 'the_chat_id_here'
];

file_get_contents("https://api.telegram.org/bot$token/sendMessage?" . http_build_query($data) );

Server Management Tool

If you have VPS and don’t know much on linux command to manage, you have option to use server management tools like the following

  1. runcloud.io
    1. come with 5 day free trial for PRO
    2. free package available with limited features
  2. serverpilot.io
  3. laravel forge – no trial or free package

good reading on review of those tools

Notes on Azure

Some notes on Microsoft Azure

3 type of services provided

  1. App Service –  Scalable Web Apps, Mobile Apps, API Apps, and Logic Apps for any device
  2. Cloud Service – Highly available, scalable n-tier cloud apps with more control of the OS
  3. Virtual Machines – Customized Windows and Linux VMs with complete control of the OS

Important steps you should know in creating an application

  1. Create a “resource group”. All your services will be grouped under this resource group
  2. Create an “app service plan” – package of data center location, cpu and memory size
  3. Create an “web app service” – based on plan and under resource group created in step 1 and 2

More resources and references

  1. More info on services
  2. Azure calculator
  3. VM sizing options – compute, memory
  4. Azure roadmap – see what’s in preview and what have gone generally available (GA)

Summary of Azure services (click to enlarge)

Other readings/resources:

  1. Running a High Volume Website on Azure Infrastructure Services
  2. Azure documentation
  3. Step by step PHP on azure (starting from create resource, web app, transfer file via git, mysql etc)

AWS notes

Some notes on setting up AWS services.

EC2 (Elastic Compute Cloud)

Go to EC2 console and cilck Launch Instance.

There are 7 steps to go

  1. Choose an image to use – OS and services to use
    They call it as AMI – Amazon Machine Image
  2. Choose instance type – cpu, memory etc
    Refer available instance type with explanation
  3. Configure instance details – more configuration on the instance.
  4. Add storage
    The call it as EBS – Elastic Block Store
  5. Add tag – not sure what is this for
  6. Configure security group
  7. Review before launch

RDS (Relational Database Service)

S3 (Simple Storage Service)

AWS – full service diagram
(cilck to enlarge)

References:

  1. AWS 10-minute tutorial on some basic things
  2. AWS in plain english