php file security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
studylearn
Forum Newbie
Posts: 1
Joined: Fri Apr 03, 2009 2:56 am

php file security

Post by studylearn »

Hi,
I have developed a php web based application, which will be distributed with all the files and folders to the users who will purchase the same. I needs some security for my php code files, so that the users can not edit the files and use the code again. Any of the following options is possible?
1) encrypt the code and decrypt the same while running the application
2) hide the code
3) uneditable code so that no one can edit the code.

Any one can help me out in this?

Thanks
User avatar
greyhoundcode
Forum Regular
Posts: 613
Joined: Mon Feb 11, 2008 4:22 am

Re: php file security

Post by greyhoundcode »

Yeah there are various products that can help you out there, from vendors like Zend and NuSphere, to name just two.

You could also try some relevant web searches and check out other offerings.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: php file security

Post by kaisellgren »

Just be sure to stick with popular encoders, because less popular ones tend to be weak with their simplistic idea of runtime prec-encoding, which can be inverted. I recommend Zend Guard.
Raimo Roopertti
Forum Newbie
Posts: 6
Joined: Wed Apr 22, 2009 4:23 am

Re: php file security

Post by Raimo Roopertti »

Hi,
PHP is subject to the security built into most server systems with respect to permissions on a file and directory basis. This allows you to control which files in the filesystem may be read. Care should be taken with any files which are world readable to ensure that they are safe for reading by all users who have access to that filesystem.
Since PHP was designed to allow user level access to the filesystem, it's entirely possible to write a PHP script that will allow you to read system files such as /etc/passwd, modify your ethernet connections, send massive printer jobs out, etc. This has some obvious implications, in that you need to ensure that the files that you read from and write to are the appropriate ones.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: php file security

Post by kaisellgren »

Raimo Roopertti wrote:send massive printer jobs out
You can do it with the built-in functions :lol:
Post Reply