source code security

>what tools or methods do we have to secure the source code of php after

the application is ready. or else anyone could tamper with the source.
If just anyone can tamper with the source code of anything stored
on your server, then shut down that server and don't bring it back
up on the net until you've secured it. It's soon going to be
spreading viruses and SPAM if it's not already.
if we put it directly on to the server.
is there any method to make a set up to install application

No matter how you install stuff on an insecure server, it's still
insecure.

Gordon L. Burditt

Can anyone upload to the directories where your code resides?
Is system sensitive data (database passwords etc) stored outside the
webroot?

Josh wrote:

hi frns
i m a new member of the group.
just wanted to ask a question

what tools or methods do we have to secure the source code of php after
the application is ready. or else anyone could tamper with the source.
if we put it directly on to the server.
is there any method to make a set up to install application

thanx in advance

Josh

If you own and control the server you can keep people from getting to the
source by simply not giving them premisions to read it. If you are putting
your php source on someone else's server, a server where they control
permissions consider the source code as given away. The best way to protect
your code is to put it on your own server.

Kilo Bravo

"Josh" <vi**********@gmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...

hi frns
i m a new member of the group.
just wanted to ask a question

what tools or methods do we have to secure the source code of php after
the application is ready. or else anyone could tamper with the source.
if we put it directly on to the server.
is there any method to make a set up to install application

thanx in advance

Josh

Josh wrote:

hi frns
i m a new member of the group.
just wanted to ask a question

what tools or methods do we have to secure the source code of php after
the application is ready. or else anyone could tamper with the source.
if we put it directly on to the server.
None - but merely not having access to the source code does not provide
intrinsic security. C and Java are compiled but can still be
hacked/subverted/reverse engineered - even on relatively secure
architectures (e.g. non-executable stacks). What you are really asking
about is Digital Rights Management which is a real can of worms. If it were
easy everybody would be doing it.

There's a couple of packages which make it difficult to read the code
including Zend IonCube and Turck.
is there any method to make a set up to install application

Yes - there's a few deployment tools for PHP, I believe it's possible to use
Apache Ant, PEAR, and probably more. Since its just files with PHP,
deployment is not a big deal - like it is for Java - more just a case of
copying over the files - so most cluster file systems or even rsync may
suffice.

C.

> what tools or methods do we have to secure the source code of php after

the application is ready. or else anyone could tamper with the source.
if we put it directly on to the server.
You might want to take a look at the various encoders out there. Zend
Encoder immediately comes to mind but there are a few others. Do a Google
search and see which one best fits your needs. But, keep in mind, your
application still isn't 100% secure even if it is encoded/encrypted. An
enterprising hacker will always find a way to make your code do unintended
things. The only thing you, as a programmer, can do is to make that as hard
a task as possible.
is there any method to make a set up to install application

In what way to you want to "setup" your application? Do you mean set
variables, paths, etc? If so, just take a page from other applications and
have a page and script that allows the user to do this and autodetect what
you can.

HTH,
Anthony Papillion
Advanced Data Concepts
URL: http://www.adcl.biz
PHONE: (918) 926-0139

--
Posted via a free Usenet account from http://www.teranews.com