Re: [PHP-DB] Code Security

2015-03-09 Thread Bastien Koert
Cloud computing is just another computer in a remote network. If you have a website with some host somewhere, you are cloud computing. Just run your site from a secure host On Sun, Mar 8, 2015 at 1:04 AM Ethan Rosenberg < erosenb...@hygeiabiomedical.com> wrote: > On 02/16/2015 12:10 AM, Mark Murp

Re: [PHP-DB] Code Security

2015-03-07 Thread Ethan Rosenberg
On 02/16/2015 12:10 AM, Mark Murphy wrote: How do you prevent access to the second partition? What good is a second partition going to do? Both partitions are visible to the OS. If you only have a single OS, then both the client and the server are running on the same OS, and there is only one l

Re: [PHP-DB] Code Security

2015-02-13 Thread Karl DeSaulniers
iomedical.com] > Sent: Friday, February 13, 2015 9:12 AM > To: php-db@lists.php.net > Subject: Re: [PHP-DB] Code Security > >> On 02/13/2015 02:58 AM, Karl DeSaulniers wrote: >> Prevent THIS from ever happening. >> >>> On Feb 12, 2015, at 11:03 P

RE: [PHP-DB] Code Security

2015-02-13 Thread Arneson, Joshua
ts.php.net Subject: Re: [PHP-DB] Code Security On 02/13/2015 02:58 AM, Karl DeSaulniers wrote: > Prevent THIS from ever happening. > > On Feb 12, 2015, at 11:03 PM, Ethan Rosenberg > wrote: > >> He asks Mr.[naive]Nice if he could look at the computer while it is logged >>

Re: [PHP-DB] Code Security

2015-02-13 Thread Ethan Rosenberg
On 02/13/2015 02:58 AM, Karl DeSaulniers wrote: Prevent THIS from ever happening. On Feb 12, 2015, at 11:03 PM, Ethan Rosenberg wrote: He asks Mr.[naive]Nice if he could look at the computer while it is logged in. Otherwise, I would say an external key that has a salt stored on it that th

Re: [PHP-DB] Code Security

2015-02-12 Thread Karl DeSaulniers
Prevent THIS from ever happening. On Feb 12, 2015, at 11:03 PM, Ethan Rosenberg wrote: > He asks Mr.[naive]Nice if he could look at the computer while it is logged in. Otherwise, I would say an external key that has a salt stored on it that the user has to insert in the computer before the s

Re: [PHP-DB] Code Security

2015-02-12 Thread Ethan Rosenberg
On 02/06/2015 02:45 PM, Bastien Koert wrote: Hold on, so you've written a point of sale app that exists on the client machine as whole? Does this take credit card data? If so, its so un-fucking-secure that this should never see the light of day. The CC companies won't accept this at all and wo

Re: [PHP-DB] Code Security

2015-02-06 Thread Bastien Koert
Hold on, so you've written a point of sale app that exists on the client machine as whole? Does this take credit card data? If so, its so un-fucking-secure that this should never see the light of day. The CC companies won't accept this at all and would remove any ability to accept CCs by the busin

Re: [PHP-DB] Code Security

2015-02-06 Thread Richard
Original Message >> On Feb 5, 2015, at 8:24 PM, Ethan Rosenberg >> wrote: >> >>> On 02/05/2015 11:04 AM, Bastien Koert wrote: >>> I'm with the two Richard's on this, those users shouldn't have >>> telnet access to the host server at all. Users should be using >>> the

Re: [PHP-DB] Code Security

2015-02-05 Thread Felicia Case
Hi Ethan, If the user is to neither write nor use the code then why do they have access in the first place? Just wondering. F > On Feb 5, 2015, at 8:24 PM, Ethan Rosenberg > wrote: > >> On 02/05/2015 11:04 AM, Bastien Koert wrote: >> I'm with the two Richard's on this, those users shoul

Re: [PHP-DB] Code Security

2015-02-05 Thread Ethan Rosenberg
On 02/05/2015 11:04 AM, Bastien Koert wrote: I'm with the two Richard's on this, those users shouldn't have telnet access to the host server at all. Users should be using the browser to access your site. Other than that, the most important thing you can do is to regularly back up your code and d

Re: [PHP-DB] Code Security

2015-02-05 Thread Bastien Koert
I'm with the two Richard's on this, those users shouldn't have telnet access to the host server at all. Users should be using the browser to access your site. Other than that, the most important thing you can do is to regularly back up your code and database to another location so that if somethin

Re: [PHP-DB] Code Security

2015-02-05 Thread Omar Muhsin
You forgot this one "keep the box OFFLINE ... best security" :-D On 05-02-15 14:10, Richard Quadling wrote: 1 - Don't allow terminal access to your box. 2 - Use a PHP byte code encoder (IonCube, Zend Guard) - not perfect as they can be reversed to access the code in a form. 3 - Don't use PHP.

Re: [PHP-DB] Code Security

2015-02-05 Thread Richard
Original Message > Date: Thursday, February 05, 2015 13:10:51 + > From: Richard Quadling > To: E Rosenberg > Cc: PHP Database List > Subject: Re: [PHP-DB] Code Security > > On 5 February 2015 at 05:52, Ethan Rosenberg < > erosenb...@

Re: [PHP-DB] Code Security

2015-02-05 Thread Richard Quadling
On 5 February 2015 at 05:52, Ethan Rosenberg < erosenb...@hygeiabiomedical.com> wrote: > > How do I prevent someone from opening a terminal window, going to /var/www > and stealing all my code? > 1 - Don't allow terminal access to your box. 2 - Use a PHP byte code encoder (IonCube, Zend Guard) - n

[PHP-DB] Code Security

2015-02-04 Thread Ethan Rosenberg
Dear List - How do I prevent someone from opening a terminal window, going to /var/www and stealing all my code? TIA Ethan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php