Forgive me for sticking my nose in the middle of this, but stupid question
here:

This sounds like more of an architectural thing. A further abstracted view
of the information you're dealing with. You (Smita) stated that the admin
needs to see all of the data and you're concerned about him (or her) seeing
your code. Aren't the two separate? Application layer and data layer? This
seems to suggest placing the data and application content in two separate
areas of the web server and restricting rights to those directories. I
believe this can be pulled off in the httpd.conf file if you're using
Apache.

I'm also pretty sure that's what the cgi-bin folder is for in most web
hosting scenarios. As the admin of the site I can see what's in that folder,
but nodody else can. I can't even see the folder from my browser. So I stick
my scripts in there. Everything else goes in the public-html folder and
users can see the source for that stuff, but they only see the results of
the scripts executed on the server.

Access to cgi-bin and public-html are both set in Apache's httpd.conf file.

This would effectively differentiate between a data admin and the
application admin (you).

I haven't had to deal with this in the past and could definitely see it as a
mjor concern down the road so I'm interested in what the real solution is.

-----Original Message-----
From: Ryan Jameson (USA) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 29, 2002 3:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] how to hide source code??


Seems to me the truth is there is really no way to do this. Since an admin
can take ownership any time he wants, and world read would allow anyone to
view the source which is part of the problem. I've always thought that
scripting languages should allow for source code encryption and have the
parser program able to decrypt it based on a seed. No encryption is fool
proof but it would be a step to protecting our intellectual property as
coders. Compiled applications have this advantage already because once
compiled to decompile it is an ugly process.

In one case, in an ethically questionable situation, I chose to keep the
applications "guts" on my own server, and had the customer's server request
the page from my server using PHP's file() function. Checked things like
requestor domain and such to validate the source of the request. It worked
quite well, but added a point of failure to the system. It turned out I was
correct to be concerned, the customer decided to not pay for it, and
attempted to move the code to a production machine at which point it simply
stopped working. :-) All they had was a few php files of only a few lines
each.

<>< Ryan

-----Original Message-----
From: Adam Williams [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 29, 2002 1:06 PM
To: Ryan Jameson (USA)
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] how to hide source code??


oh yeah duh me, set it 701

                        Adam

On Thu, 29 Aug 2002, Ryan Jameson (USA) wrote:

> Wouldn't that make php unable to read it as well? Then it is useless as
well.
> <>< Ryan
>
> -----Original Message-----
> From: Adam Williams [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 29, 2002 1:00 PM
> To: Smita Manohar
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] how to hide source code??
>
>
> set you to owner of the script and then chmod 700 it
>
>                       Adam
>
> On Thu, 29 Aug 2002, Smita Manohar wrote:
>
> > hii
> > im using php script with mysql. i want to hide the script from the admin
or
> > from the person who has privileges to access all the data. bcos i use
ftp to
> > upload the files. and i don't want anyone should be able to view the
source.
> >
> > is it possible to do so?
> >
> > thnx and regds,
> > smita.
> >
> >
> >
> > _________________________________________________________________
> > Send and receive Hotmail on your mobile device: http://mobile.msn.com
> >
> >
> >
>
>
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to