------------ Original Message ------------ > Date: Thursday, February 05, 2015 13:10:51 +0000 > From: Richard Quadling <rquadling@xxxxxxxxx> > To: E Rosenberg <erosenberg@xxxxxxxxxxxxxxxxxxxx> > Cc: PHP Database List <php-db@xxxxxxxxxxxxx> > Subject: Re: Code Security > > On 5 February 2015 at 05:52, Ethan Rosenberg < > erosenberg@xxxxxxxxxxxxxxxxxxxx> wrote: >> >> How do I prevent someone from opening a terminal window, going to >> /var/www and stealing all my code? >> > > 1 - Don't allow terminal access to your box. > 2 - Use a PHP byte code encoder (IonCube, Zend Guard) - not > perfect as they can be reversed to access the code in a form. > 3 - Don't use PHP. > -- > Richard Quadling As Richard [Q...] implies, the only people who are going to be able to "open[ing] a terminal window" to your site are those you've given that level of access to. A "user" only has access to the server-parsed php files (whether they are using a browser or telnetting directly to port 80). They don't have filesystem access. Now, if you have open/poorly secured ftp/sftp/scp/telnet/ssh ... access, someone who can utilize that route will have fairly unconstrained access to your site and its contents. However, that's basic access control security and not a php-specific issue. If it's contractors/co-workers who have filesystem access to the site, in order to manage content, then you have a trust issue. If your concern is with others "on the site" (e.g., a shared hosting environment) then you have a basic hosting security issue, and problems well beyond the control/scope of anything php. - Richard -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php