怎么看待github上的大厨网服务器端源码?
看了一下整个服务器端都有,这是咋泄露的?
那个readme里面的内容应该是原来就有,也就是说大厨网用git做版本控制咯?
以及这个服务器端源码,有熟悉服务器端的大神从架构、采用技术、安全、代码规范等方面评价一下么?
回复内容:
前端方面还行,就是后端PHP有点奇葩1, 使用的框架比较古老,编码规范等都有点OUT,不符合PSR规范,整个项目没有使用namespace, 虽然使用了注释,但也大部分不符合PHPdoc格式,所以就无法借助IDE(包括Subl)来提高编码效率,开发和维护这个项目是有点痛苦的。
2,内部大量使用了如下http转发方式来解耦:
//CRM子系统里的用户编辑就转发到S系统的user/edit下
$return = $this->format_query('/user/edit', $_POST);
$this->_return_json($return);
粗糙看了下,这个与其说是泄漏,还不如说是公司有计划的开源。
且听我娓娓道来:
1、如果这套项目是泄漏出来的,那它们集团已经报警,估计当事人也已经被抓,而不会让你们在知乎上谈论。
2、看了下那个github帐号,不像是小号,而是一个常规号。常规号一般都很容易顺藤摸瓜找到拥有者,假设这套代码真的是偷来的,一般都直接打个压缩包扔上网,最多命名为“XXX泄漏源码”就算了,不可能还放github,这得低IQ和EQ才会这么做啊。
3、再看看那个readme,上面的东西写得非常清楚,连怎么用Angularjs都教了,同样的,这得多敬(傻)业(逼)的小偷才会这么做?
4、源代码开源或者开放,并不代表不安全,而事实上,我看这里的标签是“PHP”,就PHP而言,网上有多少的论坛是用DNZ?有多少框架是用ThinkPHP?这些东西都是开源的,你能够因此就判定不安全吗?
5、既然该代码敢于开放源码,相信也对自己的代码有足够的信心,至少应该不会有 eval($_GET["e"]) 出现吧?或许,人家公司已经换了新代码,把这套废弃了,然后扔出来。
以上~~ 我司某员工离职后不慎备份到自己的github,后被gdby迅速恶意fork,而gdby还泄漏了苏宁的客户端代码,总感觉就是被牵连的啊(虽然已经离职了,代码泄漏不关我事233
另外看到上面有人说做了几年,其实这些东西总共就写了半年而已(所以你们大可以从时间上推断出来一些东西233 1 公司为了出名自我炒作
2 离职员工so show
3 无良在职员工
你们要知道,自己泄露出去不是件很容易的事情 初略看了一下,模块划分清晰,代码格式很规范,代码质量相当不错,值得学习。 其实就是一个公司,做了几年以后,积累的一些代码啦~ 实在是没什么耐心仔细去研究,没什么好学的啦。随便看了两眼,看出来几个东西,就是用的CI框架,写了好多好多的网站,做不同的用途。也有API。后端service是尤其关心的,可惜也没什么看头啦,就一个imgUpload和一个geoip,用了python,lua之类的东西,可见,代码异构总是难以避免的。
前端看Readme.md貌似有用Angular,正好最近在看,所以先fork了,看看他们前端怎么写Angular的。
另外,上个月还是更久一点前,我在朋友圈看到了好多一亩田的负面……
7月29日,南京一家媒体发表《一亩田万亿奇迹疑云:夸张和欺骗其实只隔一层纸》,直接指出一亩田造假,此文迅速在朋友圈热转。
类似这种的,百度一搜一大堆。
大体上,我认为,程序员干这种事情是不道德的,泄露这个代码的人,我是绝对不会建议雇佣的,没有基本职业道德。不管公司好还是不好,公司对你公平不公平,作为雇员,还是应该本分的。
代码泄露,说大,问题不大,说小,也绝不小。对于业务来说,拿到代码,也无法复刻该公司的业务,也无法实现该公司的价值,所以,代码本质上没什么用的。你以为给你百度的全部源码,你能打败百度么?没卵用的。
但是,代码事关公司的安全,别有用心的黑客,以代码为依据,发现漏洞,针对攻击,对公司的客户构成威胁,窃取商业机密,甚至要挟敲诈勒索,陷公司于极端被动的局面,真是糟糕透顶。
可是,也并没什么好方法防范啊~ 唉 小兄不才,有没有人把这个个项目跑通的,我想通过此方式学习一下PHP谢谢!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to install GitHub Copilot on Windows 11/10
Oct 21, 2023 pm 11:13 PM
GitHubCopilot is the next level for coders, with an AI-based model that successfully predicts and autocompletes your code. However, you might be wondering how to get this AI genius on your device so that your coding becomes even easier! However, using GitHub isn't exactly easy, and the initial setup process is a tricky one. Therefore, we created this step-by-step tutorial on how to install and implement GitHub Copilot in VSCode on Windows 11, 10. How to install GitHubCopilot on Windows There are several steps to this process. So, follow the steps below now. Step 1 – You must have the latest version of Visual Studio installed on your computer
How to use Nginx Proxy Manager to implement reverse proxy under HTTPS protocol
Sep 26, 2023 am 08:40 AM
How to use NginxProxyManager to implement reverse proxy under HTTPS protocol. In recent years, with the popularity of the Internet and the diversification of application scenarios, the access methods of websites and applications have become more and more complex. In order to improve website access efficiency and security, many websites have begun to use reverse proxies to handle user requests. The reverse proxy for the HTTPS protocol plays an important role in protecting user privacy and ensuring communication security. This article will introduce how to use NginxProxy
How to use Nginx Proxy Manager to implement automatic jump from HTTP to HTTPS
Sep 26, 2023 am 11:19 AM
How to use NginxProxyManager to implement automatic jump from HTTP to HTTPS. With the development of the Internet, more and more websites are beginning to use the HTTPS protocol to encrypt data transmission to improve data security and user privacy protection. Since the HTTPS protocol requires the support of an SSL certificate, certain technical support is required when deploying the HTTPS protocol. Nginx is a powerful and commonly used HTTP server and reverse proxy server, and NginxProxy
Nginx with SSL: Configure HTTPS to protect your web server
Jun 09, 2023 pm 09:24 PM
Nginx is a high-performance web server software and a powerful reverse proxy server and load balancer. With the rapid development of the Internet, more and more websites are beginning to use the SSL protocol to protect sensitive user data, and Nginx also provides powerful SSL support, making the security performance of the web server even further. This article will introduce how to configure Nginx to support the SSL protocol and protect the security performance of the web server. What is SSL protocol? SSL (SecureSocket
Git installation process on Ubuntu
Mar 20, 2024 pm 04:51 PM
Git is a fast, reliable, and adaptable distributed version control system. It is designed to support distributed, non-linear workflows, making it ideal for software development teams of all sizes. Each Git working directory is an independent repository with a complete history of all changes and the ability to track versions even without network access or a central server. GitHub is a Git repository hosted on the cloud that provides all the features of distributed revision control. GitHub is a Git repository hosted on the cloud. Unlike Git which is a CLI tool, GitHub has a web-based graphical user interface. It is used for version control, which involves collaborating with other developers and tracking changes to scripts and
What does the https workflow look like?
Apr 07, 2024 am 09:27 AM
The https workflow includes steps such as client-initiated request, server response, SSL/TLS handshake, data transmission, and client-side rendering. Through these steps, the security and integrity of data during transmission can be ensured.
How to configure https in tomcat
Jan 05, 2024 pm 05:15 PM
Configuration steps: 1. Obtain the SSL certificate; 2. Configure the SSL certificate; 3. Edit the Tomcat configuration file; 4. Restart Tomcat. Detailed introduction: 1. You need to obtain an SSL certificate, either a self-signed certificate or a valid SSL certificate from a certification agency (such as Let's Encrypt); 2. Place the obtained SSL certificate and private key files on the server and ensure that these files Located in a safe location, only users with sufficient permissions can access; 3. Edit Tomcat configuration files, etc.
Solution: urllib3 ProxySchemeUnknown(proxy.scheme)
Feb 29, 2024 pm 07:01 PM
The reason for the error is that the ProxySchemeUnknown(proxy.scheme) error of urllib3 is usually caused by the use of an unsupported proxy protocol. In this case, urllib3 does not recognize the proxy server's protocol type and therefore cannot use the proxy for network connections. To resolve this issue, you need to ensure that you are using a supported proxy protocol, such as HTTP or https. How to resolve To resolve this issue, you need to ensure that you are using a supported proxy protocol, such as HTTP or HTTPS. You can solve this problem by setting the proxy parameters of urllib3. If you are using an http proxy, the code example is as follows: importurllib3http
