Posted by Jerry Stuckle on 09/02/05 18:22

Barry wrote:
> Hi All
>
> I have written an application in PHP that will be used by telecoms and
> ISP's. It will be installed on a server that will only be running this
> app. Will most probably be using the latest SuSE linux version.
> I need to provide them with root access to the server so that
> they may perform simple issues such as IP address changes and backups.
>
> I do not want them to have access to my code nor the postgres db.
> It is vital that this is protected.
> There are some php encoders available such as Zend Encoder.
> Do these encoders do the job well?
>
> Could someone please advise me on the best way forward.
>
> Much appreciated
>
> Barry

Barry,

As Colin said - you do not have to provide them with root access - nor should
you do so! What happens if, for instance, they do

rm -R /

(Hint: do NOT try it on a system you care about!).

Backups I understand. But IP address changes? Why would those need to be done?
Static IP's are generally set up at install time, dynamic ones are handled
automatically. In either case, you don't need root access.

Check some of the Unix groups for more information on security.

As for encoding - they will stop the casual peeker. But they won't stop someone
who really wants to get at the code. But then if they really want it, even
compiled code (i.e. C/C++) can be gotten at.

It's just a matter of how much effort they're willing to expend.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]