On 02/16/2015 12:10 AM, Mark Murphy wrote:
How do you prevent access to the second partition? What good is a second 
partition going to do? Both
partitions are visible to the OS. If you only have a single OS, then both the 
client and the server
are running on the same OS, and there is only one logon. The number of 
partitions is irrelavant.

So your choices are choose a compiled language like C or Java, or use multiple 
computers. You can
use a hammer to drive a screw if you get a big enough hammer, but you will 
probably break something
and it won't work very well. You are trying to use PHP to do something it was 
never meant to do, and
that can only turn out badly. You can think about it all you want, but you are 
just looking for a
bigger hammer to drive something that isn't a nail.

On Sun, Feb 15, 2015 at 7:21 PM, Ethan Rosenberg 
<mailto:erosenb...@hygeiabiomedical.com>> wrote:

    On 02/15/2015 05:39 PM, Mark Murphy wrote:

        I would say no. It isn't the hard drive that is the problem, you need a 
separate operating
        My thought is that even a small retailer will already have a computer, 
so all you have to
        sell is
        the appliance which is all server. No one needs to log in to the 
server. To make it useable
        you just
        need a config application that will let the owner set the IP address.

        On Feb 15, 2015 1:25 PM, "Ethan Rosenberg" 
<mailto:erosenb...@hygeiabiomedical.com>>> wrote:

             On 02/14/2015 08:54 PM, Mark Murphy wrote:

                 There might be a virtual machine solution, probably not the 
VMWare hypervisor since you
                 can't get it
                 to boot into one of the VMs. I don't know about any of the 
others. Maybe put the
        server at a
                 service like pair networks. You just can't run any scripted 
solution stand alone
        because of the
                 security risks. You might be able to use something that 
encrypts the source, but it
                 have the
                 same security risks for a determined attacker. Look at Zend 
Guard or Ioncube. These
                 free, but
                 less expensive than a whole server.

                 That said, the most secure option is a separate server machine 
which you could set
        up as a
                 Linux box
                 without the GUI, and a cheap 4 port switch to hook up to your 
POS client. No one
        needs to
                 have logon
                 authority to the server except you, or other support 
personnel. Kind of like a POS

                 On Feb 14, 2015 8:27 PM, "Ethan Rosenberg" 
        <http://hygeiabiomedical.com> <mailto:erosenberg@__hygeiabiomedical.com
        <mailto:erosenb...@hygeiabiomedical.com>>>> wrote:

                      On 02/13/2015 02:12 PM, Mark Murphy wrote:

                          Ahh... You have both client and server on the same 
computer. While this
        might be
                 fine for
                          demonstration, it is not ok for production because 
you cannot keep anyone
        out of
                 the code.
                          If you
                          are going to use PHP, you MUST -- I can't emphasize 
that enough -- you
        MUST have
                 the server
                          (PHP, Apache, MySQL) on a server machine that is 
separate from the client
                 or you
                          will not
                          have any security. You can keep folks out of the 
database, but only until
        they look
                 at the
                          PHP code.

                          On Fri, Feb 13, 2015 at 12:03 AM, Ethan Rosenberg

        <http://hygeiabiomedical.com> <mailto:erosenberg@__hygeiabiomedical.com
                          <mailto:erosenberg@ <mailto:erosenberg@> 
                 <http://hygeiabiomedical.com> <mailto:erosenberg@
        <mailto:erosenb...@hygeiabiomedical.com>>>>> wrote:

                               On 02/06/2015 02:45 PM, Bastien Koert wrote:

                                   Hold on, so you've written a point of sale 
app that exists on the
                 machine as
                                   Does this
                                   take credit card data?

                                   If so, its so un-fucking-secure that this 
should never see the
        light of
                 day. The CC
                                   companies won't
                                   accept this at all and would remove any 
ability to accept CCs by the
                 business. This
                          style of
                                   app is
                                   in violation of so many terms of service 
(not to mention basic
                                   practices when
                                   dealing with sensitive data).

                                   I worked with a guy who wrote an app like 
that (but not POS, still
                 sensitive data.
                          I took
                                   one look
                                   at it and yanked it from production and 
replaced it with a proper
        client /
                          app. Its
                                   not safe,
                                   its not secure and to code a POS on a single 
machine that the
        user has
                 access to is
                          just dumb.

                                   I would strongly suggest that your client 
have a look at square
        or similar
                 if he
                          wants to
                                   process CC


                                   On Thu, Feb 5, 2015 at 11:24 PM, Ethan 
                                   <mailto:erosenberg@ <mailto:erosenberg@> 
                 <http://hygeiabiomedical.com> <mailto:erosenberg@
                                   <mailto:erosenberg@ <mailto:erosenberg@> 
        <mailto:erosenberg@>> <mailto:erosenberg@ <mailto:erosenberg@>
        <http://hygeiabi__o__medical.com> <http://hygeiabio__medical.com__>
                          <http://hygeiabiomedical.com> <mailto:erosenberg@ 
        <http://hygeiabio__medical.com> <http://hygeiabiomedical.com>
        <mailto:erosenb...@hygeiabiomedical.com>>>>>> wrote:

                                        On 02/05/2015 11:04 AM, Bastien Koert 

                                            I'm with the two Richard's on this, 
those users
        shouldn't have telnet
                                            access to the host server at all. 
Users should be using the
                 browser to
                                            access your site.

                                            Other than that, the most important 
thing you can do is to
                 regularly back
                                            up your code and database to 
another location so that if
                 something happens
                                            to the working box (and likely all 
tech products, its
        not IF its
                 WHEN) you
                                            can restore the code and database 
with minimal data loss


                                            On Thu Feb 05 2015 at 9:39:43 AM 
Omar Muhsin
        <mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>
                 <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>
        <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>>
        <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>
                 <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>
        <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>>>
        <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>
                 <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>
        <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>>
        <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>
                 <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>
        <mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>>>__>__> wrote:

                                                You forgot this one "keep the 
box OFFLINE ... best
        security" :-D

                                                On 05-02-15 14:10, Richard 
Quadling wrote:

                                                    1 - Don't allow terminal 
access to your box.
                                                    2 - Use a PHP byte code 
encoder (IonCube, Zend
        Guard) -
                 not perfect as


                                                    can be reversed to access 
the code in a form.
                                                    3 - Don't use PHP.

                                        Thanks to all.

                                        I apologize, but I did not properly 
define the problem I am
                 addressing. I have
                                   code for
                                        a POS [Point Of Sale] system to be used 
in a store.  I don't
                 the store
                          owner to
                                   play with
                                        the code.  His friends [or enemies] 
might try. There are two
                 to the
                                   ethan [me]
                                        and worker.  Worker has to be able to 
access the code to use
        it.  He
                 has to be
                          blocked from
                                        reading, writing or copying the code.





                                   Cat, the other other white meat  Grrr... I 
have a gingy cat, and
        she is
                 very nice.
                                   insult her [LOL]


                               Thanks all.....

                               Sorry, my fault by not being clear.

                               The POS system is free standing and not on a 

                               The server is Apache.

                               So ....

                               Mr Nice has bought my system.

                               His friend, Mr. Ugly, wants to steal my code.

                               He asks Mr.[naive]Nice if he could look at the 
computer while it is
        logged in.

                               Ctrl-Alt-F1  A terminal.

                               cd /var/www

                               cp *.* memoryStick  He now has my code

                               look at the code to find out where the passwords 
are stored and copy to

                               history |grep mys*  He has the login, and 
hopefully the password

                               show databases;

                                 /usr/bin/mysqldump -u root -p  Database >

                               Everything gone!!!

                               How do I prevent the above?



                      Thanks to ALL -

                      Mark, proceeding with your suggestion...  This is a 
stand-alone machine.
        Having two
                      with the server side code on one of them, in this case 
would not be practical
        [or cost
                      effective].  The question is how to implement your 

                      1] Can I partition the hard disk and turn it into a 
                      2] Should I use two hard drives?

                      Either way, I need to learn how to setup and run a 
server.  Would someone
        please give me
                      references as to working w/ a server.



             Mark -

             Thanks a lot.

             This is a stand alone system designed to be sold to small stores. 
A second computer
        will destroy
             any possible profit.

             Let's try to innovate.....

             Can I 1] partition the hard drive with one of the partitions being 
the server or 2]
        install a
             second hard drive?



    Mark -


    A  lot of these stores do not have computers.  If they did, they would have 
a POS system.  I'm
    trying to sell to these small "Mom & Pop" stores. BTW, a large bakery in 
this town does not have
    a computer.

    Let's try ...

    If I partition the hard drive, with the server on one partition [w/ no 
login].  Would it work?



Mark -

Your comments are well taken. A solution, I think, is to have an independent server. Two computers for each setup is not cost effective from my end.

Things in have to be changed. All customers will be required, to have or to acquire an internet connection.

The server will be "the cloud".

At this point, I have no knowledge of cloud computing.

I do not wish to pummel you with questions concerning cloud storage and computing. I have to learn it myself. To enable me to do this, I have some simple questions...

1] What sites would you recommend, with respect to both cost and data security?

2] What references, both in print and on the internet would you recommend for gaining knowledge in cloud computing?



PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to