Posted by Colin McKinnon on 06/10/06 22:03

Josh wrote:

> hi frns
> i m a new member of the group.
> just wanted to ask a question
>
> what tools or methods do we have to secure the source code of php after
> the application is ready. or else anyone could tamper with the source.
> if we put it directly on to the server.

None - but merely not having access to the source code does not provide
intrinsic security. C and Java are compiled but can still be
hacked/subverted/reverse engineered - even on relatively secure
architectures (e.g. non-executable stacks). What you are really asking
about is Digital Rights Management which is a real can of worms. If it were
easy everybody would be doing it.

There's a couple of packages which make it difficult to read the code
including Zend IonCube and Turck.

> is there any method to make a set up to install application
>

Yes - there's a few deployment tools for PHP, I believe it's possible to use
Apache Ant, PEAR, and probably more. Since its just files with PHP,
deployment is not a big deal - like it is for Java - more just a case of
copying over the files - so most cluster file systems or even rsync may
suffice.

C.

[Back to original message]