------------ Original Message ------------
> Date: Thursday, February 05, 2015 13:10:51 +0000
> From: Richard Quadling <rquadling@xxxxxxxxx>
> To: E Rosenberg <erosenberg@xxxxxxxxxxxxxxxxxxxx>
> Cc: PHP Database List <php-db@xxxxxxxxxxxxx>
> Subject: Re: Code Security
>
> On 5 February 2015 at 05:52, Ethan Rosenberg <
> erosenberg@xxxxxxxxxxxxxxxxxxxx> wrote:
>>
>> How do I prevent someone from opening a terminal window, going to
>> /var/www and stealing all my code?
>>
>
> 1 - Don't allow terminal access to your box.
> 2 - Use a PHP byte code encoder (IonCube, Zend Guard) - not
> perfect as they can be reversed to access the code in a form.
> 3 - Don't use PHP.
> --
> Richard Quadling
As Richard [Q...] implies, the only people who are going to be able
to "open[ing] a terminal window" to your site are those you've given
that level of access to. A "user" only has access to the
server-parsed php files (whether they are using a browser or
telnetting directly to port 80). They don't have filesystem access.
Now, if you have open/poorly secured ftp/sftp/scp/telnet/ssh ...
access, someone who can utilize that route will have fairly
unconstrained access to your site and its contents. However, that's
basic access control security and not a php-specific issue.
If it's contractors/co-workers who have filesystem access to the
site, in order to manage content, then you have a trust issue.
If your concern is with others "on the site" (e.g., a shared hosting
environment) then you have a basic hosting security issue, and
problems well beyond the control/scope of anything php.
- Richard
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
