Protecting Files in a shared environment

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
klopp
Forum Newbie
Posts: 2
Joined: Fri Jul 22, 2005 11:28 am

Protecting Files in a shared environment

Post by klopp »

We currently have a shared environment in which all of our clients run off of our system classes by simply extending them. While this doesn't present any problems when our clients do not want to have access to their site directories, it does present problems when they do as they would then have access to all of our business logic. We have partially solved this problem by encoding our class files and making them read only, however it still doesn't prevent the clients from including our database class, or doing other malicious things.

I was wondering in such a scenario what is the best practice to dealing with this type of situation where the clients applications require your core classes and thus need access to these files, however you still want to protect your application code. I have thought about doing the seperation using webservices (soap or xml-rpc) however that would likely be a lot of work. I was also alerted to php beans as another possible solution, however I have not heard too much about php beans and how well it works. Anyone have any ideas?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

A couple of simple solutions, remain the large pool files, but don't give your clients access to them...

Create a new directory, make symlinks to the allowed files, and give your clients access to them...


You could also add some code to check if the code is being run from an allowed domain..

Code: Select all

if ($_SERVER['SERVER_NAME'] != 'our.example.com')
{
  trigger_error('Illegal access', E_USER_ERROR);
}
Post Reply