Re: Code Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




------------ Original Message ------------
> Date: Thursday, February 05, 2015 13:10:51 +0000
> From: Richard Quadling <rquadling@xxxxxxxxx>
> To: E Rosenberg <erosenberg@xxxxxxxxxxxxxxxxxxxx>
> Cc: PHP Database List <php-db@xxxxxxxxxxxxx>
> Subject: Re:  Code Security
>
> On 5 February 2015 at 05:52, Ethan Rosenberg <
> erosenberg@xxxxxxxxxxxxxxxxxxxx> wrote:
>> 
>> How do I prevent someone from opening a terminal window, going to
>> /var/www and stealing all my code?
>> 
> 
> 1 - Don't allow terminal access to your box.
> 2 - Use a PHP byte code encoder (IonCube, Zend Guard) - not
> perfect as they can be reversed to access the code in a form.
> 3 - Don't use PHP.

>  -- 
>  Richard Quadling


As Richard [Q...] implies, the only people who are going to be able
to "open[ing] a terminal window" to your site are those you've given
that level of access to. A "user" only has access to the
server-parsed php files (whether they are using a browser or
telnetting directly to port 80). They don't have filesystem access.

Now, if you have open/poorly secured ftp/sftp/scp/telnet/ssh ...
access, someone who can utilize that route will have fairly
unconstrained access to your site and its contents. However, that's
basic access control security and not a php-specific issue.

If it's contractors/co-workers who have filesystem access to the
site, in order to manage content, then you have a trust issue. 

If your concern is with others "on the site" (e.g., a shared hosting
environment) then you have a basic hosting security issue, and
problems well beyond the control/scope of anything php. 



    - Richard




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux