Posted by Han on 10/07/32 11:27

A simpler attack would be to disable that check.

I guess the solution has to be outside of php. I cannot figure out a
solution though.

-Han

Gordon Burditt wrote:
> >> Our app runs on end-users machines (apache2.x + php5). At this moment
> >> it is quite easy for someone (who has access to the console) to insert
> >> a couple lines of php code to steal sensitive info.
> >>
> >> Is there a way to check the integrity of the php and javascript code by
> >> using digital signatures/simple hash/etc. ?
> >>
> >> What do you do to verify that your code has not been changed by someone
> >> else and everything is leaked to a rogue site?
> >>
> >> Thanks for your help
> >> -Han
> >
> >the md5 of the files would change completly if it was tampered with at
> >all.
> >
> >you can use the php 'md5("path/to/file")' function to check the
> >integrity of files through php.
>
> Until, of course, someone modifies their copy so that the path/to/file
> points at an *unmodified* copy which is never run but is only used
> to pass the integrity check.
>
> Gordon L. Burditt

• Next in forum: Re: help needed - passing values between two loads of the same page
• Prev in forum: Re: Ping+Port Routine?
• Thread view: Re: Is there a way to verify integrity of php/javascript code

[Reply to this message]