You are here: Re: Is there a way to verify integrity of php/javascript code « PHP Programming Language « IT news, forums, messages
Re: Is there a way to verify integrity of php/javascript code

Posted by rossz on 09/26/05 06:30

Han wrote:
> Our app runs on end-users machines (apache2.x + php5). At this moment
> it is quite easy for someone (who has access to the console) to insert
> a couple lines of php code to steal sensitive info.
>
> Is there a way to check the integrity of the php and javascript code by
> using digital signatures/simple hash/etc. ?
>
> What do you do to verify that your code has not been changed by someone
> else and everything is leaked to a rogue site?

The only way to secure this is to not put the program on the enduser
machines. Make it a proper client server app. Have the PHP on the
server only and properly secured.

You _might_ be able to secure some of the data if it's in a SQL database
and you set the permissions so that sensitive data can never be
retrieved with the username/password used to access the database. In
fact, you should be doing this even if the program is running on the
server side.

And no, a compiled program won't actually improve your security. Your
problem isn't in the type of program being executed. Your problem is
your complete lack of a proper security model.

--
Rossz
God kills a kitten each time someone uses Internet Explorer

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация