Hello folks. I'm very new to PHP but it seems to be a pretty cool coding system.
Here is my problem: I purchased a program written in php, but failed to read their EULA which says they have written coding into the software that tracks where it is located. They say this is so they can ensure that it is only used on one site - since I only purchased one license. That, per se, isn't a huge deal really. I'm not a thief or I wouldn't have paid for the software. What concerns me is "What if they have written in other code that compromises my potential customers private information?"
Since PHP is new to me can someone give me an idea of what coding I might look for to ensure that private information isn't sent back to their server?
Thank you.
JRB
Privacy leaks(?)
Moderator: General Moderators
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
This (or worse) is valid for every application you use. If it were open source, and mature enough, the community behind it would have most likely weeded out most security problems, intentionally introduced or not. As it is, you have the option of paying for a pen-test or - if the code is available - a code review. This should be done by a competent professional, you as a PHP newbie (no offense) have little chance in finding all the potential problems - check the obfuscated PHP code contenst in the general forum AND the numerous security and code reviews done around here."What if they have written in other code that compromises my potential customers private information?"
-
jr_barnes1980
- Forum Newbie
- Posts: 2
- Joined: Tue Jan 23, 2007 8:48 pm
Pen-Test
No offense taken Mordred. Thanks for the advise. I considered going to the local university's computer department and seeing if one of their computer science majors could look at it for me, but they don't have any classes on PHP. They do have classes on Java, C++ and a few other languages; how close to PHP do these languages resemble and would they be able to track it down. Any suggestions as to where I can look to find someone that would know what they are looking for and can tell me if the software is compromised?
Another idea I had was to use the search function on Windows and look for words in the files that might hint at a backdoor into it - the problem is that I don't know what type of coding to look for - any suggestions?
Thanks for the help folks. Any other suggestions will be greatly appreciated.
JRB
Another idea I had was to use the search function on Windows and look for words in the files that might hint at a backdoor into it - the problem is that I don't know what type of coding to look for - any suggestions?
Thanks for the help folks. Any other suggestions will be greatly appreciated.
JRB
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact: