|
|
Posted by dkruger on 10/22/07 18:11
I have not read all of the info here, I admit it. Just seems odd that
this post got to where it is when the original request was for a php
source code encrypting tool. Whatever the requestors reason was, that
was what they asked for.
It is not possible to prevent an attacker from accessing a system, by
obscurity or any other method short of disconnecting the system etc.
Obscurity may work well as a military defense, and may work as a
function to add a little more security with computer systems, but
there is no see all be all with regards to computer security, being
100% prevention/protection. All computer security is is basically
continually monitoring methods attackers are using, and trying to
close those holes as soon as possible, to prevent a particular method
being used. However for every hole you close, you potentially could
be opening another hole up, regardless of whether the security
professional realizes it at first or not...can't count the number of
security fixes released by some OS suppliers that seem to fix the same
problems time after time with the same programs etc. Obscurity is not
a valid computer security method in most cases, since obscuring the
computer system, makes it useless, whether it is a public accessible
system, or internal system, has essentially the same effect as turning
it off and not even using the thing. As others mentioned, if it can
be connected to, internally or externally, it is going to have
vulnerabilities, and eventually someone may find these
vulnerabilities, and use them to gain un authorized access. With any
new application installed on a system, or whatever, there is a whole
new set of vulnerabilities that would come along with it, which may or
may not be securable. In order to provide the necessary functionality
for a system, there will be vulnerabilities. You could only obscure
so much to a point, for example if you obscure your door, you still
may have a window visible, secure the window and you lose
functionality. If you built your house with no doors, no windows, you
would have a sealed box, that you could either remain built in, sealed
out, or whatever...not a very useful place. Same thing with
computers, if you close down everything, or built to not allow any
access, you have a useless box...useless to the intended users, and
useless to those choosing to crack the box. Sure you would have
security, but to what benefit? A security professional would make the
system as secure as possible, without eliminating this functionality
needed, by doing so, they know there are vulnerabilities in the
system, any security guy that said the box is uncrackable would be a
liar, an idiot, or both. It is an ever changing field, not one I am
involved heavily with, thank God. Securing computer systems is
basically just trying to stay ahead of the attackers, fixing holes as
possible, but never attaining super galactic preventative security.
As for the PHP encrypting, as others mentioned, you can encrypt your
php code, but without some sort of updating to your web server, it
will be unable to use the encrypted php...if the web server is
modified to read the php encrypted code, it would open up other
security holes I am sure, since I would imagine it would need to
decrypt the code at a point in the process, which may or may not be
exploitable. I am not aware of any php encrypter/encrypted php
interpreters for the web servers, though some might exist somewhere.
Navigation:
[Reply to this message]
|