Hi Joe:
> I'm looking to protect data/information that could be the software code
> and/or customer's client info.. Protection should be from anyone who does
> not need to have access to the website data or the DB.
This is done by protecting access to the servers.
Encrypting the information is pointless because the data needs to be
decrypted in order to be served to the viewers.
So, for example, you're talking about using TrueCrypt. While that's a
great tool, it doesn't accomplish anything for your purposes, because the
volume will have to be mounted (decrypted) in order to serve it. Once
the volume is mounted, anyone with access to the server can read it.
If you're thinking of dynamically decrypting scripts, data, etc, on the
fly, you'll need to have the keys and passwords stored on the server.
Therefore anyone can use those to decrypt the stuff too.
It all comes down to server security. This includes things like using
encrypted means to access the machine and move files to/from it (SSH,
SFTP, etc), keeping the software up to date, running firewalls, etc.
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
