Forgive me for sticking my nose in the middle of this, but stupid question here:
This sounds like more of an architectural thing. A further abstracted view of the information you're dealing with. You (Smita) stated that the admin needs to see all of the data and you're concerned about him (or her) seeing your code. Aren't the two separate? Application layer and data layer? This seems to suggest placing the data and application content in two separate areas of the web server and restricting rights to those directories. I believe this can be pulled off in the httpd.conf file if you're using Apache. I'm also pretty sure that's what the cgi-bin folder is for in most web hosting scenarios. As the admin of the site I can see what's in that folder, but nodody else can. I can't even see the folder from my browser. So I stick my scripts in there. Everything else goes in the public-html folder and users can see the source for that stuff, but they only see the results of the scripts executed on the server. Access to cgi-bin and public-html are both set in Apache's httpd.conf file. This would effectively differentiate between a data admin and the application admin (you). I haven't had to deal with this in the past and could definitely see it as a mjor concern down the road so I'm interested in what the real solution is. -----Original Message----- From: Ryan Jameson (USA) [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 3:18 PM To: [EMAIL PROTECTED] Subject: RE: [PHP-DB] how to hide source code?? Seems to me the truth is there is really no way to do this. Since an admin can take ownership any time he wants, and world read would allow anyone to view the source which is part of the problem. I've always thought that scripting languages should allow for source code encryption and have the parser program able to decrypt it based on a seed. No encryption is fool proof but it would be a step to protecting our intellectual property as coders. Compiled applications have this advantage already because once compiled to decompile it is an ugly process. In one case, in an ethically questionable situation, I chose to keep the applications "guts" on my own server, and had the customer's server request the page from my server using PHP's file() function. Checked things like requestor domain and such to validate the source of the request. It worked quite well, but added a point of failure to the system. It turned out I was correct to be concerned, the customer decided to not pay for it, and attempted to move the code to a production machine at which point it simply stopped working. :-) All they had was a few php files of only a few lines each. <>< Ryan -----Original Message----- From: Adam Williams [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 1:06 PM To: Ryan Jameson (USA) Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] how to hide source code?? oh yeah duh me, set it 701 Adam On Thu, 29 Aug 2002, Ryan Jameson (USA) wrote: > Wouldn't that make php unable to read it as well? Then it is useless as well. > <>< Ryan > > -----Original Message----- > From: Adam Williams [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 29, 2002 1:00 PM > To: Smita Manohar > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP-DB] how to hide source code?? > > > set you to owner of the script and then chmod 700 it > > Adam > > On Thu, 29 Aug 2002, Smita Manohar wrote: > > > hii > > im using php script with mysql. i want to hide the script from the admin or > > from the person who has privileges to access all the data. bcos i use ftp to > > upload the files. and i don't want anyone should be able to view the source. > > > > is it possible to do so? > > > > thnx and regds, > > smita. > > > > > > > > _________________________________________________________________ > > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > > > > > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
