2

My Problem: I have been tasked with re-implementing a software key generator routine on an external web server running cPanel v.11.44.1.18. Currently, the key generator is implemented using a proprietary Database Management System (DBMS) which we run on a local server.

We want to relegate the key generator functionality to an external web server so that we can use our local server some something entirely different. So essentially, I have the algorithm written in a proprietary language, and I need to choose a cPanel supported environment on our external webserver to re-implement the algorithm in such a way that it can be called by the client's browser, updating a database, without the client being able to download the subroutine and view the code.

Our cPanel Hosting Package Offers Support For:

  • MySQL Databases
  • Ruby on Rails
  • Ruby Gems
  • Perl
  • CGI
  • PHP

My Research Shows:

I can create a Perl script and execute it as (or through) a CGI file. My (unsure) Idea for Implementation:

  • Implement the database back-end using MySQL Implement the keygen subroutine and database update subroutine using a custom Perl module(s)
  • Make the Perl module readable/executable by the web server, but hidden from everyone else
  • Use a CGI script as an interface between the client browser and the keygen Perl module

What I would really appreciate is someone with some expertise on this kind of arrangement to tell me:

  • If what I am thinking is possible (i.e. am I on the right track)
  • If there are any errors in my logic
  • If there is a better way to do this
  • What permissions I should use to make the script non-hackable

This would be much easier (because there would be a lot more options) if we were using a Virtual Private Server (VPS) as our webserver, but we are limited to our hosting package and the cPanel features it offers. I would appreciate any help/advice I can get.

Zanon
  • 329
  • 2
  • 3
  • 16
Aubrey Robertson
  • 123
  • 5
  • im guessing you would like to create a keygen service that will be accessed by your clients to get a key, so the browser will access it via something like `https://mysite.com/keygen` and get a corresponding key through plaintext html or JSON... did i get that right? – Maru Oct 28 '14 at 04:50
  • @Maru Exactly. I have limited experience with interfaces between web back-ends and front-ends, but I do know SQL, have some experience with Perl, a cursory introduction to PHP, and have lots of experience with HTML and CSS. In the past, I have found MySQL itself unsuitable for the implementation of complex subroutines because of limitations in the type of logic possible. I would rather not reinvent the wheel, so to speak, and my initial research is pointing me towards perl/cgi or php. – Aubrey Robertson Oct 28 '14 at 06:03
  • I am entirely responsible for the spec, design, and whatnot. I know the inputs and outputs, and I get to do everything from scratch, so I'm wide open to suggestions. – Aubrey Robertson Oct 28 '14 at 06:06
  • this comment has an implementation of class 4 GUIDs in php http://us2.php.net/manual/en/function.uniqid.php#94959 – tom Oct 28 '14 at 09:41
  • @AubreyRobertson have you tried looking into some MVC frameworks? You'd still have to write the logic and some of data layer but at least you dont have to worry about making the web service from ground up. :D i think php has cake, kohana and yii which have some nice mvc frameworks – Maru Oct 28 '14 at 11:13

1 Answers1

3

I think your approach is broadly sound.

I wouldn't go down the route of using an MVC framework, it's a bit of an overkill for this kind of thing. If you're using, for example, Perl's CGI module, then the output of the key as a simple text string or JSON string etc. is very simple, you just ask the CGI script to output a content header and the content as print strings, or the equivalent CGI output calls in your CGI scripts.

So, your CGI script does everything - it uses the DB connector (DBD::mysql through DBI), the function to calculate the next key is also defined in that single script, and a simple few lines to print the header to STDIO along with the key, and that's all you need.

If you think you might change the key generation code or use it elsewhere then modularise it, otherwise just define it inline.

If your web server is set to execute perl scripts in a give directory then nobody will be able to read the source anyway, it just gets executed by the server and the output (to STDOUT so anything 'print'ed is sent as the response to the client. The server will deal with setup and teardown of memory etc. Simple!

David Scholefield
  • 781
  • 4
  • 12