Encrypt and Secure php application

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
doc55
Forum Newbie
Posts: 3
Joined: Wed Mar 14, 2012 11:04 pm

Encrypt and Secure php application

Post by doc55 »

Hi,
I'm new to php and also new to this website and I hope that find an answer to my question.
I hired a developer to write code in php for my website application. A company wants to purchase my application, but instead of using it on my hosted server on the INTERNET, they want me to setup the application on their INTRANET because of data protection and privacy.
So, I asked my developer on how can we do this, and he suggested to write a new set of code in C# with SQL database to setup on the INTRANET server and for the company users to connect to that application via ASP.NET. He mentioned that this is the only way we can protect our codes and to prevent that company to simply edit it.
My Questions:
1-Is there a way to simply secure my php code and mySQL database so that I prevent starting application from scratch in a different language
2-Can I setup my application written in php/zend/mySQL on a Windows based INTRANET without the need to make changes to the server, like installing php server and so on? The reason is I like it to be simple for my customers to set it up and use it, instead of making changes to their server which most organizations wont do that easily.
3-If the answer to either one of the above is NO, what would be your suggestion on how to proceed?[/list]

Thank you in advance and I'm sorry for my long question.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Encrypt and Secure php application

Post by Christopher »

1. You might want look at Zend Guard (http://www.zend.com/en/products/guard/) That is probably the best supported solution.

2. Your PHP application should run fine on either a Unix or Windows server. You may need to make small modifications, mainly to work with IIS.
(#10850)
doc55
Forum Newbie
Posts: 3
Joined: Wed Mar 14, 2012 11:04 pm

Re: Encrypt and Secure php application

Post by doc55 »

Great,
Thank you for quick reply. Is there also such an encoder for MySQL database of the application or not?

I appreciate your help.
User avatar
Weiry
Forum Contributor
Posts: 323
Joined: Wed Sep 09, 2009 5:55 am
Location: Australia

Re: Encrypt and Secure php application

Post by Weiry »

There are ways in order to have an encrypted database, but it may be easier if you look at configuring MySQL so that only a user which you have defined inside of your encrypted php code (zend guard), has access to the database instead. This though, doesn't protect your data much.

The only database software which I am aware of that does full encryption to the point where plain text is never disclosed would be CryptDB [ Link ]
However you would have to really work to get an application running with something like this.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Encrypt and Secure php application

Post by Christopher »

doc55 wrote:Is there also such an encoder for MySQL database of the application or not?
What does "encode" the database mean?
(#10850)
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Encrypt and Secure php application

Post by Eric! »

You could also create a compiled version with Hip Hop or other similar free tools. Zend Guard is the most professional method but it also costs $600.

Do you want to encrypt your database because you are exporting customized data along with your code which you don't want the customer to access?
doc55
Forum Newbie
Posts: 3
Joined: Wed Mar 14, 2012 11:04 pm

Re: Encrypt and Secure php application

Post by doc55 »

Thank you for your replies.
What I meant by encode, I actually meant encrypt (sorry). The reason is, I don't want my users to be able to add records to the database directly so that they could bypass the license restriction n my php. Unless this is something that I don't need to be worried about and can be controlled in php files without the need to encrypt the database.
Thanks
JefK
Forum Newbie
Posts: 5
Joined: Tue Jul 21, 2009 2:36 am

Re: Encrypt and Secure php application

Post by JefK »

For encode you should go only for ionCube that is the best on market, it compiles your source in bytecode. To automate your licenses you can use something like spbas or PHPLicengine. They are a php license management system. You can try their trial version to get an idea to implement your own.
Post Reply