Page 1 of 1

Encrypt and Secure php application

Posted: Wed Mar 14, 2012 11:18 pm
by doc55
Hi,
I'm new to php and also new to this website and I hope that find an answer to my question.
I hired a developer to write code in php for my website application. A company wants to purchase my application, but instead of using it on my hosted server on the INTERNET, they want me to setup the application on their INTRANET because of data protection and privacy.
So, I asked my developer on how can we do this, and he suggested to write a new set of code in C# with SQL database to setup on the INTRANET server and for the company users to connect to that application via ASP.NET. He mentioned that this is the only way we can protect our codes and to prevent that company to simply edit it.
My Questions:
1-Is there a way to simply secure my php code and mySQL database so that I prevent starting application from scratch in a different language
2-Can I setup my application written in php/zend/mySQL on a Windows based INTRANET without the need to make changes to the server, like installing php server and so on? The reason is I like it to be simple for my customers to set it up and use it, instead of making changes to their server which most organizations wont do that easily.
3-If the answer to either one of the above is NO, what would be your suggestion on how to proceed?[/list]

Thank you in advance and I'm sorry for my long question.

Re: Encrypt and Secure php application

Posted: Thu Mar 15, 2012 12:32 am
by Christopher
1. You might want look at Zend Guard (http://www.zend.com/en/products/guard/) That is probably the best supported solution.

2. Your PHP application should run fine on either a Unix or Windows server. You may need to make small modifications, mainly to work with IIS.

Re: Encrypt and Secure php application

Posted: Thu Mar 15, 2012 9:53 am
by doc55
Great,
Thank you for quick reply. Is there also such an encoder for MySQL database of the application or not?

I appreciate your help.

Re: Encrypt and Secure php application

Posted: Thu Mar 15, 2012 11:54 pm
by Weiry
There are ways in order to have an encrypted database, but it may be easier if you look at configuring MySQL so that only a user which you have defined inside of your encrypted php code (zend guard), has access to the database instead. This though, doesn't protect your data much.

The only database software which I am aware of that does full encryption to the point where plain text is never disclosed would be CryptDB [ Link ]
However you would have to really work to get an application running with something like this.

Re: Encrypt and Secure php application

Posted: Fri Mar 16, 2012 12:27 am
by Christopher
doc55 wrote:Is there also such an encoder for MySQL database of the application or not?
What does "encode" the database mean?

Re: Encrypt and Secure php application

Posted: Fri Mar 16, 2012 10:29 am
by Eric!
You could also create a compiled version with Hip Hop or other similar free tools. Zend Guard is the most professional method but it also costs $600.

Do you want to encrypt your database because you are exporting customized data along with your code which you don't want the customer to access?

Re: Encrypt and Secure php application

Posted: Fri Mar 16, 2012 11:12 pm
by doc55
Thank you for your replies.
What I meant by encode, I actually meant encrypt (sorry). The reason is, I don't want my users to be able to add records to the database directly so that they could bypass the license restriction n my php. Unless this is something that I don't need to be worried about and can be controlled in php files without the need to encrypt the database.
Thanks

Re: Encrypt and Secure php application

Posted: Thu Aug 07, 2014 4:24 am
by JefK
For encode you should go only for ionCube that is the best on market, it compiles your source in bytecode. To automate your licenses you can use something like spbas or PHPLicengine. They are a php license management system. You can try their trial version to get an idea to implement your own.