| Re: monitoring IP address calls of a PHP application [message #175058 is a reply to message #175057] |
Tue, 09 August 2011 06:19   |
Michael Vilain
Messages: 88
Registered: September 2010
Karma:
|
Member |
|
|
In article
<b0df5b47-ed75-48d0-9c50-1f9d02194c8a(at)l37g2000yqd(dot)googlegroups(dot)com>,
"E.Sajad" <amirehsans(at)yahoo(dot)com> wrote:
> Hi there,
>
> I have cross-posted this issue in two related groups: PHP and Software
> Testing.
>
> THE PROBLEM
> I have outsourced development of a web-based application to a
> freelancer. He will be delivering the software soon. However, after
> I perform acceptance testing and give the OK and release the funds to
> him, I might never be able to get hold of this person and according to
> our contract, once I "accept" the software, he will have no future
> obligations with respect to this project.
>
> So I'm trying to protect myself by somehow verifying that their
> delivered application:
>
> 1. Does not connect to/use/call any other web services or connect to
> other IP addresses (or servers) other than Google [note: the
> application extracts some info from Google search results]
> 2. Does not connect to any databases other than the one on the local
> server
> 3. Does not use any third-party libraries that I might have to pay for
> in the future.
> 4. Does not contain files that, although they need to be editable (for
> future modification, such as XML configuration files), have been
> converted into binary or non-editable or non-readable format.
>
> Basically, anything that will render me ³ripped off² after I fully pay
> for the application because I won¹t have access to the developer later
> on (and my budget is too tight to pay for consultants).
>
> Any fellow outsourcers who've run into this issue, please share what
> tools (preferably open-source) you used to verify any of the above
> items.
>
> I believe if I can somehow monitor all the IP addresses that the
> application calls (connects to) in
> real time, I'll be able to check if it's referencing any web services
> or sources other than Google as well as other than my own database.
> This alone will solve concerns number 1 and 2. But I don't even know
> how to do this! Should I install a monitoring application on my
> virtual dedicated server that would run in the background? What
> application(s) do you folks recommend?
>
> USEFUL INFO
> The application is written in PHP (not sure 4 or 5) and runs on a
> virtual dedicated server on a linux machine hosted by HostGator.
> Also, while acceptance testing, I will be testing the deliverable on
> this virtual dedicated server and I have full admin control over this
> hosting account. For this account I have access to a cPanel and a VZ
> control panel. Which control panel should I use for this purpose? I
> get lost in these control panels as it's the first time in my life I'm
> using a virtual dedicated server for a project.
>
> Thanks so much in advance! And hopefully this post will help other
> project managers as well.
> Kind regards,
> E. Sajad
I think if you don't trust this guy, you shouldn't be doing business
with him. Or factor in funds to 'find him with extreme prejudice' after
you've paid him. This is not a technology issue as much as it is a
business issue.
Seriously, if you don't trust him, don't pay him and find someone else
you trust and can contact after the project is over for follow-on work.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]