On 04/02/2004 at 09:35 Chris W wrote: >>Hi, my company's looking to buy a PHP encoder to secure the source code. >>The encoded scripts should be able to run on Solaris platform (Apache >webserver), and should only require minimum changes to the server. >> >I'm sorry I can't help you but I am curious as to what the point of this >is. If you are running your php scripts on your servers, who are you >trying to prevent from seeing your code? It doesn't get sent to the >client, only the output of the script gets sent. So what is the point?
We have a server that need to be as secure as possible, since it's containing some very sensitive personal data. We have hardened the box, setup very restrictive firewall rules to it, keeping up to date with the security patches, and so on. But just in case that a cracker still manage to break in, we'd like to make it a real hassle for him/her to read the content in the server. So I was tasked to create a PHP application which will enable the following scenario: # Webteam will still create contents in Dreamweaver # Once done, upload the contents to the server using the upload script. # The upload script will put and encrypt the contents in the server using the strongest encryption available # Users will access the content using the second script, which will decrypt the content on-the-fly; so the URL will be something like this: https://www.mydomain.com/view.php?file=/mydata/index.html As you can see, the content will be secured, but the script is now becoming the weak point since it'll store the encryption key needed to decrypt the content. So double-encoding it (using a PHP encoder) will make life finally very hard for said cracker. by the way, if anyone's interested on such application, I'm planning to release it as an open-source application, so you'll be able to utilise it as well. cheers, HS -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya v0sw6Chw5ln3ck4u6Lw5-2Tl6+8Ds5MRr5e7t2Tb8TOp2/3en5+7g5HC - hackerkey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
