Posted by Gordon Burditt on 09/26/35 11:27
>> Our app runs on end-users machines (apache2.x + php5). At this moment
>> it is quite easy for someone (who has access to the console) to insert
>> a couple lines of php code to steal sensitive info.
>>
>> Is there a way to check the integrity of the php and javascript code by
>> using digital signatures/simple hash/etc. ?
>>
>> What do you do to verify that your code has not been changed by someone
>> else and everything is leaked to a rogue site?
>>
>> Thanks for your help
>> -Han
>
>the md5 of the files would change completly if it was tampered with at
>all.
>
>you can use the php 'md5("path/to/file")' function to check the
>integrity of files through php.
Until, of course, someone modifies their copy so that the path/to/file
points at an *unmodified* copy which is never run but is only used
to pass the integrity check.
Gordon L. Burditt
[Back to original message]
|