Cloud computing is just another computer in a remote network. If you have a website with some host somewhere, you are cloud computing. Just run your site from a secure host On Sun, Mar 8, 2015 at 1:04 AM Ethan Rosenberg < erosenberg@xxxxxxxxxxxxxxxxxxxx> wrote: > On 02/16/2015 12:10 AM, Mark Murphy wrote: > > How do you prevent access to the second partition? What good is a second > partition going to do? Both > > partitions are visible to the OS. If you only have a single OS, then > both the client and the server > > are running on the same OS, and there is only one logon. The number of > partitions is irrelavant. > > > > So your choices are choose a compiled language like C or Java, or use > multiple computers. You can > > use a hammer to drive a screw if you get a big enough hammer, but you > will probably break something > > and it won't work very well. You are trying to use PHP to do something > it was never meant to do, and > > that can only turn out badly. You can think about it all you want, but > you are just looking for a > > bigger hammer to drive something that isn't a nail. > > > > On Sun, Feb 15, 2015 at 7:21 PM, Ethan Rosenberg < > erosenberg@xxxxxxxxxxxxxxxxxxxx > > <mailto:erosenberg@xxxxxxxxxxxxxxxxxxxx>> wrote: > > > > On 02/15/2015 05:39 PM, Mark Murphy wrote: > > > > I would say no. It isn't the hard drive that is the problem, you > need a separate operating > > system. > > My thought is that even a small retailer will already have a > computer, so all you have to > > sell is > > the appliance which is all server. No one needs to log in to the > server. To make it useable > > you just > > need a config application that will let the owner set the IP > address. > > > > On Feb 15, 2015 1:25 PM, "Ethan Rosenberg" > <erosenberg@hygeiabiomedical.__com > > <mailto:erosenberg@xxxxxxxxxxxxxxxxxxxx> > > <mailto:erosenberg@__hygeiabiomedical.com <mailto:erosenberg@ > hygeiabiomedical.com>>> wrote: > > > > On 02/14/2015 08:54 PM, Mark Murphy wrote: > > > > There might be a virtual machine solution, probably not > the VMWare hypervisor since you > > can't get it > > to boot into one of the VMs. I don't know about any of > the others. Maybe put the > > server at a > > hosting > > service like pair networks. You just can't run any > scripted solution stand alone > > because of the > > security risks. You might be able to use something that > encrypts the source, but it > > might > > have the > > same security risks for a determined attacker. Look at > Zend Guard or Ioncube. These > > aren't > > free, but > > less expensive than a whole server. > > > > That said, the most secure option is a separate server > machine which you could set > > up as a > > Linux box > > without the GUI, and a cheap 4 port switch to hook up > to your POS client. No one > > needs to > > have logon > > authority to the server except you, or other support > personnel. Kind of like a POS > > appliance. > > > > On Feb 14, 2015 8:27 PM, "Ethan Rosenberg" > <erosenberg@hygeiabiomedical.____com > > <mailto:erosenberg@__hygeiabiomedical.com <mailto: > erosenberg@xxxxxxxxxxxxxxxxxxxx>> > > <mailto:erosenberg@ <mailto:erosenberg@>__hygeiabi > o__medical.com > > <http://hygeiabiomedical.com> <mailto:erosenberg@__hygeiabio > medical.com > > <mailto:erosenberg@xxxxxxxxxxxxxxxxxxxx>>>> wrote: > > > > On 02/13/2015 02:12 PM, Mark Murphy wrote: > > > > Ahh... You have both client and server on the > same computer. While this > > might be > > fine for > > demonstration, it is not ok for production > because you cannot keep anyone > > out of > > the code. > > If you > > are going to use PHP, you MUST -- I can't > emphasize that enough -- you > > MUST have > > the server > > parts > > (PHP, Apache, MySQL) on a server machine that > is separate from the client > > machine > > or you > > will not > > have any security. You can keep folks out of > the database, but only until > > they look > > at the > > PHP code. > > > > On Fri, Feb 13, 2015 at 12:03 AM, Ethan > Rosenberg > > <erosenberg@hygeiabiomedical.______com > > > > <mailto:erosenberg@ <mailto:erosenberg@>__ > hygeiabio__medical.com > > <http://hygeiabiomedical.com> <mailto:erosenberg@__hygeiabio > medical.com > > <mailto:erosenberg@xxxxxxxxxxxxxxxxxxxx>>> > > <mailto:erosenberg@ <mailto:erosenberg@> > <mailto:erosenberg@ > > <mailto:erosenberg@>>__hygeiabi__o__medical.com < > http://hygeiabio__medical.com> > > <http://hygeiabiomedical.com> <mailto:erosenberg@ > > <mailto:erosenberg@>__hygeiabio__medical.com < > http://hygeiabiomedical.com> > > <mailto:erosenberg@__hygeiabiomedical.com > > <mailto:erosenberg@xxxxxxxxxxxxxxxxxxxx>>>>> wrote: > > > > On 02/06/2015 02:45 PM, Bastien Koert > wrote: > > > > Hold on, so you've written a point of > sale app that exists on the > > client > > machine as > > whole? > > Does this > > take credit card data? > > > > If so, its so un-fucking-secure that > this should never see the > > light of > > day. The CC > > companies won't > > accept this at all and would remove > any ability to accept CCs by the > > business. This > > style of > > app is > > in violation of so many terms of > service (not to mention basic > > security > > programming > > practices when > > dealing with sensitive data). > > > > I worked with a guy who wrote an app > like that (but not POS, still > > sensitive data. > > I took > > one look > > at it and yanked it from production > and replaced it with a proper > > client / > > server > > app. Its > > not safe, > > its not secure and to code a POS on a > single machine that the > > user has > > access to is > > just dumb. > > > > I would strongly suggest that your > client have a look at square > > or similar > > if he > > wants to > > process CC > > data. > > > > Bastien > > > > On Thu, Feb 5, 2015 at 11:24 PM, > Ethan Rosenberg > > <erosenberg@hygeiabiomedical.________com > > <mailto:erosenberg@ <mailto: > erosenberg@> <mailto:erosenberg@ > > <mailto:erosenberg@>>__hygeiabi__o__medical.com < > http://hygeiabio__medical.com> > > <http://hygeiabiomedical.com> <mailto:erosenberg@ > > <mailto:erosenberg@>__hygeiabio__medical.com < > http://hygeiabiomedical.com> > > <mailto:erosenberg@__hygeiabiomedical.com <mailto: > erosenberg@xxxxxxxxxxxxxxxxxxxx>>>> > > <mailto:erosenberg@ <mailto: > erosenberg@> <mailto:erosenberg@ > > <mailto:erosenberg@>> <mailto:erosenberg@ <mailto:erosenberg@> > > <mailto:erosenberg@ <mailto:erosenberg@>>>__hygeia > b__i__o__medical.com > > <http://hygeiabi__o__medical.com> <http://hygeiabio__medical. > com__> > > <http://hygeiabiomedical.com> <mailto: > erosenberg@ <mailto:erosenberg@> > > <mailto:erosenberg@ <mailto:erosenberg@>>__hygeiab > i__o__medical.com > > <http://hygeiabio__medical.com> <http://hygeiabiomedical.com> > > <mailto:erosenberg@ <mailto:erosenberg@>__ > hygeiabio__medical.com > > <http://hygeiabiomedical.com> > > <mailto:erosenberg@__hygeiabiomedical.com > > <mailto:erosenberg@xxxxxxxxxxxxxxxxxxxx>>>>>> wrote: > > > > On 02/05/2015 11:04 AM, Bastien > Koert wrote: > > > > I'm with the two Richard's > on this, those users > > shouldn't have telnet > > access to the host server at > all. Users should be using the > > browser to > > access your site. > > > > Other than that, the most > important thing you can do is to > > regularly back > > up your code and database to > another location so that if > > something happens > > to the working box (and > likely all tech products, its > > not IF its > > WHEN) you > > can restore the code and > database with minimal data loss > > > > Bastien > > > > On Thu Feb 05 2015 at > 9:39:43 AM Omar Muhsin > > <mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx> > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx > >> > > <mailto:mrfroasty@xxxxxxxxx <mailto: > mrfroasty@xxxxxxxxx> > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx>>> > > <mailto:mrfroasty@xxxxxxxxx <mailto: > mrfroasty@xxxxxxxxx> > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx>> > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx > > > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx>>>> > > <mailto:mrfroasty@xxxxxxxxx > <mailto:mrfroasty@xxxxxxxxx> > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx>> > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx > > > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx>>> > > <mailto:mrfroasty@xxxxxxxxx <mailto: > mrfroasty@xxxxxxxxx> > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx>> > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx > > > > <mailto:mrfroasty@xxxxxxxxx <mailto:mrfroasty@xxxxxxxxx>>>>__>__> > wrote: > > > > You forgot this one > "keep the box OFFLINE ... best > > security" :-D > > > > > > On 05-02-15 14:10, > Richard Quadling wrote: > > > > 1 - Don't allow > terminal access to your box. > > 2 - Use a PHP byte > code encoder (IonCube, Zend > > Guard) - > > not perfect as > > > > they > > > > can be reversed to > access the code in a form. > > 3 - Don't use PHP. > > > > > > ---- > > Thanks to all. > > > > I apologize, but I did not > properly define the problem I am > > addressing. I have > > written > > code for > > a POS [Point Of Sale] system to > be used in a store. I don't > > expect > > the store > > owner to > > play with > > the code. His friends [or > enemies] might try. There are two > > logins > > to the > > computer, > > ethan [me] > > and worker. Worker has to be > able to access the code to use > > it. He > > has to be > > blocked from > > reading, writing or copying the > code. > > > > How?? > > > > TIA > > > > Ethan > > > > > > Bastien > > > > Cat, the other other white meat > Grrr... I have a gingy cat, and > > she is > > very nice. > > Don't > > insult her [LOL] > > > > > > --- > > > > Thanks all..... > > > > Sorry, my fault by not being clear. > > > > The POS system is free standing and not > on a network. > > > > The server is Apache. > > > > So .... > > > > Mr Nice has bought my system. > > > > His friend, Mr. Ugly, wants to steal my > code. > > > > He asks Mr.[naive]Nice if he could look > at the computer while it is > > logged in. > > > > Ctrl-Alt-F1 A terminal. > > > > cd /var/www > > > > cp *.* memoryStick He now has my code > > > > look at the code to find out where the > passwords are stored and copy to > > memoryStick > > > > history |grep mys* He has the login, and > hopefully the password > > > > show databases; > > > > /usr/bin/mysqldump -u root -p Database > > > > /pathtodatabasefolder/________Database.sql > > > > Everything gone!!! > > > > How do I prevent the above? > > > > > > TIA > > > > Ethan > > > > > > Thanks to ALL - > > > > Mark, proceeding with your suggestion... This is > a stand-alone machine. > > Having two > > computers > > with the server side code on one of them, in this > case would not be practical > > [or cost > > effective]. The question is how to implement your > suggestion... > > > > 1] Can I partition the hard disk and turn it into > a server? > > 2] Should I use two hard drives? > > > > Either way, I need to learn how to setup and run a > server. Would someone > > please give me > > references as to working w/ a server. > > > > TIA > > > > Ethan > > > > Mark - > > > > Thanks a lot. > > > > This is a stand alone system designed to be sold to small > stores. A second computer > > will destroy > > any possible profit. > > > > Let's try to innovate..... > > > > Can I 1] partition the hard drive with one of the > partitions being the server or 2] > > install a > > second hard drive? > > > > TIA > > > > Ethan > > > > > > Mark - > > > > Thanks. > > > > A lot of these stores do not have computers. If they did, they > would have a POS system. I'm > > trying to sell to these small "Mom & Pop" stores. BTW, a large > bakery in this town does not have > > a computer. > > > > Let's try ... > > > > If I partition the hard drive, with the server on one partition [w/ > no login]. Would it work? > > > > TIA > > > > Ethan > > > > > ---- > Mark - > > Your comments are well taken. A solution, I think, is to have an > independent server. Two computers > for each setup is not cost effective from my end. > > Things in have to be changed. All customers will be required, to have or > to acquire an internet > connection. > > The server will be "the cloud". > > At this point, I have no knowledge of cloud computing. > > I do not wish to pummel you with questions concerning cloud storage and > computing. I have to learn > it myself. To enable me to do this, I have some simple questions... > > 1] What sites would you recommend, with respect to both cost and data > security? > > 2] What references, both in print and on the internet would you recommend > for gaining knowledge in > cloud computing? > > TIA > > Ethan > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
