Hold on, so you've written a point of sale app that exists on the client machine as whole? Does this take credit card data? If so, its so un-fucking-secure that this should never see the light of day. The CC companies won't accept this at all and would remove any ability to accept CCs by the business. This style of app is in violation of so many terms of service (not to mention basic security programming practices when dealing with sensitive data). I worked with a guy who wrote an app like that (but not POS, still sensitive data. I took one look at it and yanked it from production and replaced it with a proper client / server app. Its not safe, its not secure and to code a POS on a single machine that the user has access to is just dumb. I would strongly suggest that your client have a look at square or similar if he wants to process CC data. Bastien On Thu, Feb 5, 2015 at 11:24 PM, Ethan Rosenberg < erosenberg@xxxxxxxxxxxxxxxxxxxx> wrote: > On 02/05/2015 11:04 AM, Bastien Koert wrote: > >> I'm with the two Richard's on this, those users shouldn't have telnet >> access to the host server at all. Users should be using the browser to >> access your site. >> >> Other than that, the most important thing you can do is to regularly back >> up your code and database to another location so that if something happens >> to the working box (and likely all tech products, its not IF its WHEN) you >> can restore the code and database with minimal data loss >> >> Bastien >> >> On Thu Feb 05 2015 at 9:39:43 AM Omar Muhsin <mrfroasty@xxxxxxxxx> wrote: >> >> You forgot this one "keep the box OFFLINE ... best security" :-D >>> >>> >>> On 05-02-15 14:10, Richard Quadling wrote: >>> >>>> 1 - Don't allow terminal access to your box. >>>> 2 - Use a PHP byte code encoder (IonCube, Zend Guard) - not perfect as >>>> >>> they >>> >>>> can be reversed to access the code in a form. >>>> 3 - Don't use PHP. >>>> >>>> > ---- > Thanks to all. > > I apologize, but I did not properly define the problem I am addressing. I > have written code for a POS [Point Of Sale] system to be used in a store. > I don't expect the store owner to play with the code. His friends [or > enemies] might try. There are two logins to the computer, ethan [me] and > worker. Worker has to be able to access the code to use it. He has to be > blocked from reading, writing or copying the code. > > How?? > > TIA > > Ethan > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Bastien Cat, the other other white meat
