You are here: Re: Is there a way to verify integrity of php/javascript code « PHP Programming Language « IT news, forums, messages
Re: Is there a way to verify integrity of php/javascript code

Posted by Dikkie Dik on 09/26/84 11:27

Han wrote:
> Our app runs on end-users machines (apache2.x + php5). At this moment
> it is quite easy for someone (who has access to the console) to insert
> a couple lines of php code to steal sensitive info.
>
> Is there a way to check the integrity of the php and javascript code by
> using digital signatures/simple hash/etc. ?
>
> What do you do to verify that your code has not been changed by someone
> else and everything is leaked to a rogue site?
>
> Thanks for your help
> -Han
>
Normal security measures are often taken on the web server. They include:
- making php files "execute only", so it is very difficult to download
ands investigate them.
- storing passwords, encrypted, somewhere outside of the public web
space. That makes them accessible for the server only. If you could
insert code, you would still need some inside info to find them.
Especially if the password file is called "packman.exe" instead of
"passwords.txt".
- allow uploading only on directories that do not have execute rights.

Off course, it does not stop the need for a PHP programmer to check the
URL request and the POST parameters for injections.

Best regards

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация