Reply to Re: Is there a way to verify integrity of php/javascript code

Your name:

Reply:


Posted by Han on 09/26/32 11:27

A simpler attack would be to disable that check.

I guess the solution has to be outside of php. I cannot figure out a
solution though.

-Han

Gordon Burditt wrote:
> >> Our app runs on end-users machines (apache2.x + php5). At this moment
> >> it is quite easy for someone (who has access to the console) to insert
> >> a couple lines of php code to steal sensitive info.
> >>
> >> Is there a way to check the integrity of the php and javascript code by
> >> using digital signatures/simple hash/etc. ?
> >>
> >> What do you do to verify that your code has not been changed by someone
> >> else and everything is leaked to a rogue site?
> >>
> >> Thanks for your help
> >> -Han
> >
> >the md5 of the files would change completly if it was tampered with at
> >all.
> >
> >you can use the php 'md5("path/to/file")' function to check the
> >integrity of files through php.
>
> Until, of course, someone modifies their copy so that the path/to/file
> points at an *unmodified* copy which is never run but is only used
> to pass the integrity check.
>
> Gordon L. Burditt

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация