You are here: Re: Is there a way to verify integrity of php/javascript code « PHP Programming Language « IT news, forums, messages
Re: Is there a way to verify integrity of php/javascript code

Posted by Gordon Burditt on 10/16/21 11:27

>Our app runs on end-users machines (apache2.x + php5). At this moment
>it is quite easy for someone (who has access to the console) to insert
>a couple lines of php code to steal sensitive info.

If you put sensitive info that you don't want end-users to see on
end-user machines, they don't have to "steal" it, you already gave
it to them.

And why would they need access to the console if they can log in
remotely?

>Is there a way to check the integrity of the php and javascript code by
>using digital signatures/simple hash/etc. ?

Anyone modifying the code can simply see what the hash is on
unmodified code and then modify the code to always send that. Or
they can modify the code to do the hash on an unmodified copy which
is never run.

>What do you do to verify that your code has not been changed by someone
>else and everything is leaked to a rogue site?

You can't. Remember, if the user can view your code on a display,
then someone can aim a webcam at that display and send it anywhere.

You could try using a tamper-proof smart card, but I don't know of any
of those with a graphical display or with networking capabilities.

Gordon L. Burditt

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация