Page 1 of 1
rolling out php web applications on client's intranet
Posted: Mon Jan 08, 2007 4:11 pm
by konstandinos
hi all
i would like to hear from you guys what your thoughts are on rolling out php apps at client sites. whether they're custom apps designed for the specific client, or generic apps that you've developed in your own time and are licensing out to numerous clients...
what are your thoughts on setting up the environment on the client's network?
the php programs i have in mind are web-apps to be used on client intranets, that make use of mysql databases (and if need be, apache).
please point out issues at hand (such as how you explain to clients that on top of paying for your software, they also need to purchase a linux box to run it for example).
selling tips would be appreciated.
thanks
Posted: Mon Jan 08, 2007 4:27 pm
by Burrito
Moved to 'The Enterprise'
Posted: Tue Jan 09, 2007 9:29 am
by Kieran Huggins
One idea is to have it run on an existing windows machine in one of those wamp packages (like uniform server).
Maybe a VM would be better suited... the VMware player is free - build a tiny web server image with your app on board.
Failing that, a Mac Mini could do wonders!
Posted: Wed Jan 10, 2007 3:17 am
by konstandinos
ok thanks kieran.
the VM/mini-server image sounds like a good option, since most of my clients use windows server anyway.
what would you recommend when it comes to protecting my php code? i'm aware of Zen Guard, but it costs far too much. i am hoping there is a cheap (read: free) alternative out there somewhere.
thanks
Posted: Wed Jan 10, 2007 9:39 am
by feyd
Be aware that all the "protection" (encoding) solutions have been broken. So if anything, it's a fairly thin veil of protection.
Posted: Wed Jan 10, 2007 2:49 pm
by konstandinos
that's bad news
my predicament is that i reside in a country where bandwidth is expensive.
i could offer to host my clients' php-based web-apps on my own servers, which although ends up costing the client far more. i don't have to worry about my code being copied around without my knowledge.
but this seems like narrow-minded thinking. thus i am considering the option of setting up apache based lan boxes (read: lamp) on the clients' intranet and running my php apps off of there. hence the concern about source code security.
i've even looked at Encfs for linux but that seems like an overkill.
i can't find a good solution to this problem. and it is frustrating.
Posted: Wed Jan 10, 2007 4:18 pm
by Kieran Huggins
EncFS and it's counterparts seem like the best solution to me so far - that way you could just populate a webroot in EncFS and it would drop-in to a non-encrypted VMware setup.
Posted: Wed Jan 10, 2007 8:52 pm
by feyd
I would recommend a well written contract that does not give them the rights to make copies of the software among other restrictions. If you are supplying these physical servers you can lock them, place security tape on their outsides and lock down their software if you want to deny them access to that level of information.
You could also get hosting in other countries that do not have such high bandwidth costs.