Results 1 to 10 of 10
  1. #1
    radekkc is offline Member
    Join Date
    Mar 2017
    Posts
    8
    Rep Power
    0

    Default Cloud Java platform - feedback appreciated

    Hi All,

    For anyone interested in deploying Java in the cloud (or anyone skeptical about it!), we've launched a cloud application platform called Raimme:
    http://raimme.com (list of features: http://raimme.com/features)

    What you should do now is:

    1. Go to http://raimme.com
    2. Open a free cloud environment by entering your email.
    3. Play around and let us know your feedback.

    Or better still, start off by watching our kick start tutorial: https://www.youtube.com/watch?v=DZMQzrSzAaA

    Any feedback, criticism or word of advice will be much appreciated!
    Last edited by radekkc; 03-30-2017 at 11:58 PM.

  2. #2
    radekkc is offline Member
    Join Date
    Mar 2017
    Posts
    8
    Rep Power
    0

    Default Cloud application platform

    Hi All,

    We've launched a cloud platform for building an running apps and we'd appreciate your feedback. The platform allows you to build simple apps within a few hours, and provide a complete solution within just a few days.

    Check http://raimme to sign up for a free environment or visit http://raimme.com/features to see a list of features that are in store for anyone.


    It comes with built-in support for database modelling, REST APIs, user and permission management, and of course an online Java IDE.

    You can also watch our quick start tutorial at: https://www.youtube.com/watch?v=DZMQzrSzAaA

  3. #3
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,983
    Rep Power
    8

    Default Re: Cloud application platform

    I took the liberty to check your thingie out. Here are my comments:

    - When I visit http://raimme/ seen in your post above I get an error. Probably because you get your own domainname wrong....
    - Following the link "Read Beginner's tutorial" (sic) I end up here: http://raimme.com/devcenter?articleId=1cd0000000005. Most of the links on the left hand side are not working: Actions and Views, Users and Profiles, Javascript library, Permissions, and possibly more.
    - Entering an apostrophe in the "Ask a question" box results in an 500 Internal Server Error: Error calling action. Nested exception is: Error calling action method com.raimme.envs.env0010000000004.com.raimme.articl es.KnowledgeArticleController.findArticles. Nested: null" . It appears your stuff is sensitive for SQL Injection attacks. Besides, there is no need to throw an error 500 to the front end.
    - On the Tutorial page, when I click the links that *do* work, I see that ALL the javascript libraries are downloaded AGAIN, because they are used with a new timestamp, thus a new download is initiateed. This results in a nearly 700 KB download EVERY CLICK. This is EXTREMELY wasteful on bandwidth, not to mention the application performance going to hell.
    - Clicking the link in the footer: "Platform sign in", brings me to a page in Polish. If your site is English, the login screen should be English too.
    - The "Features" page is a 1.5 MB download due to 28 requests, of which only 2.2KB was cached. NOTHING is cached. Fix that.
    - Your webserver shows version information: Apache/2.4.10 (Debian) Server at 2a01:4f8:191:1c4::2 Port 80. This is usually a bad practice since that narrows down the possibilities for the possible attackers
    - Having seen that: update your platform. Apache HTTPD is now at version 2.4.25.

    You're welcome.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2 2013

  4. #4
    radekkc is offline Member
    Join Date
    Mar 2017
    Posts
    8
    Rep Power
    0

    Default Re: Cloud application platform

    Hi,

    Thanks for the in-depth analysis, I appreciate you took time to find so many bugs that needs fixing - most of them pretty basic, I agree.

    If you have the time and feel like it, feel free to also review the platform itself - the website is one thing, the platform is something totally different.

    In the meantime, we'll be doing our best to address all the issues you've indicated, they really suck.

  5. #5
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,983
    Rep Power
    8

    Default Re: Cloud application platform

    Since you're so interested, I gave it a closer look. Enjoy.

    - Entering random crap for articleID in http://raimme.com/devcenter?articleId=aaaaaa gives a page with a stacktrace.
    - That same page also shows the the vendor and version of the backend: Apache Tomcat/7.0.35
    - The response headers include the server's version too: Apache-Coyote/1.1
    - Having seen that, updates are required: Apache Tomcat is now at version 8.5.13
    - The emailbox on the front page accepts any input. Entering a single apostroph will say "Congratulations! Your environment will be set up within a few hours. Check your email.".
    - Entering rubbish as url, for example Raimme, leads me to the login page. There is no status 404 in the response, nor a proper 404 Not Found page.
    - On the login page, the "forgot password" button leads to a page that does not look like the other pages of the site (Raimme). It's ugly.
    - The "Send" button on the "forgot password" page is unreadable as it has white text on a light gray background.
    - The "Back to login" button next to the "Send" button is completely invisible.
    - When I enter an email address on the "forgot password" page, I get the message No user has been found with the given email. This first looks like a good idea, but this will give an attacker the possibility to scan for working usernames/emailaddresses. It's better to change that to "If you have an account with this emailaddress, we will send you a link to reset your password", keeping the hacker guessing.
    - When I mess with the url, i.e. change 0010000000004 to 0010000000002 on the "forgot password page", I come to some dashboard page that has the following error message: Could not get JDBC Connection; nested exception is com.atomikos.jdbc.AtomikosSQLException: Failed to grow the connection pool.
    - Setting the envId to 0010000000001 (Message - Raimme) returns a Status 400 Bad Request for url Message - Raimme. It also hands out some interesting JSON: { "success": false, "messages": [ "Error creating criteria from DAL: SELECT id, content, title FROM com.raimme.basic.Task WHERE assignedUser.id = '0040000000002'. Error message: Insufficient privileges to query type com.raimme.basic.Task" ] }
    - On that same page (Message - Raimme) there is a GET request for events (Raimme) that, according to the URL is supposed to return a REST response, probably JSON, but it returns an enthire HTML page.
    - On the http://raimme.com/contactus page hitting the "Send" button without any data entered, gives the message:"We're sorry, sending your message failed.". The JSON response however says: {"success":false,"message":"Field validation errorsField Email: Required field Message.email is empty"}. It looks like you want your form to say the same.
    - On the http://raimme.com/pricing page, I click the "Get it now" button. That takes me to the contact page, which is kinda weird, since the button suggests I cna get started with a free account right away.

    And please get an SSL certificate. It's very unprofessional looking to setup a business like this and seeing the Firefox warning about unsecure password transmission etc.

    I am not even remotely a hacker or a tester, I'm just a plain old Java developer. I am scared of what I find inside once I would have an account...

    PS: Some URLs are converted to links by this forum. See the statusbar to see that link I am pointing to.
    Last edited by SurfMan; 03-31-2017 at 05:01 PM.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2 2013

  6. #6
    DarrylBurke's Avatar
    DarrylBurke is offline Forum Police
    Join Date
    Sep 2008
    Location
    Madgaon, Goa, India
    Posts
    12,059
    Rep Power
    25

    Default Re: Cloud Java platform - feedback appreciated

    I've merged two threads here. radekkc, your other posts have been removed. Please read the forum rules about multi-posting.

    db
    If you're forever cleaning cobwebs, it's time to get rid of the spiders.

  7. #7
    radekkc is offline Member
    Join Date
    Mar 2017
    Posts
    8
    Rep Power
    0

    Default Re: Cloud Java platform - feedback appreciated

    Again Surfman, your feedback is much appreciated. We'll take time to carefully review all these points.

    As for the platform itself, I'm sure you'd find some security breaches and errors there are well, but on the functional side, perhaps you'd also find some value in the ideas and approach it presents :) I encourage you to take a look if you feel like it.

  8. #8
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,983
    Rep Power
    8

    Default Re: Cloud Java platform - feedback appreciated

    Quote Originally Posted by radekkc View Post
    Again Surfman, your feedback is much appreciated. We'll take time to carefully review all these points.

    As for the platform itself, I'm sure you'd find some security breaches and errors there are well, but on the functional side, perhaps you'd also find some value in the ideas and approach it presents :) I encourage you to take a look if you feel like it.
    First of all, doesn't that worry you? You are selling it big: "raimme platform might be the next big thing in #cloudcomputing", but I'd "find some security breaches"? Really?

    Second, letting your project being tested by the public, with all the UI, UX and security issues being posted in public, is not a smart thing to do. It scares off potential customers. So my advice is to put the "under construction" sign back up, and test it more vigorously. Programmers are lousy testers so hire a proper tester. Let a white hat do a pen test, before the black hats pwn your customer databases. If @troyhunt talks about you, you can close the shop.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2 2013

  9. #9
    radekkc is offline Member
    Join Date
    Mar 2017
    Posts
    8
    Rep Power
    0

    Default Re: Cloud Java platform - feedback appreciated

    Hi again Surfman. You're right in most of your tips, thanks for sharing them :)

  10. #10
    radekkc is offline Member
    Join Date
    Mar 2017
    Posts
    8
    Rep Power
    0

    Default Re: Cloud Java platform - feedback appreciated

    Hi All, Hi Surfman,

    I'm coming back to the subject here. Our last exchange and your feedback was very valuable. We took the time to refresh our website - it's not free of all bugs you indicated, but a large part of them is addressed.

    Also, we took your advise and decided not to brag too much about quality of the platform - though it is a great tool and we personally find it very useful - but to make it available to most developers for free.

    If you found time to review the tool itself (not the website), all your remarks, however harsh, would be much appreciated :)

    If you're interested, please register at https://raimme.com/register

    Looking for bugs and security leaks is all fine, but we'd also like to hear a general impression from the functional and user experience perspective, as well as whether the idea of such cloud seems interesting to you, or not.

    Thanks in advance!

Similar Threads

  1. Replies: 2
    Last Post: 09-28-2012, 12:52 PM
  2. Help with this java code? help appreciated
    By jordan123 in forum New To Java
    Replies: 2
    Last Post: 11-06-2011, 06:06 PM
  3. Java need help! Help will be very much appreciated
    By paccerz in forum New To Java
    Replies: 1
    Last Post: 08-23-2011, 08:47 PM
  4. Java Calculator Help Would Be Greatly Appreciated
    By TommyR in forum New To Java
    Replies: 1
    Last Post: 03-14-2011, 09:30 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •