PHP Deployment!

[vikkiatbipl]

Hi there,

We have an application developed in PHP. It will be deployed in intranet. My question is, Is it possible to deploye the PHP pages in a secure manner i.e., none of them should see the source code even the administrator of the server?

Is it possible or Any alternative suggestions ?

Thank you

Vikram

[egami]

It is possible, but you have to encrypt the php scripts, and use a decrypting engine with your webserver.
Very expensive, the cheapest one I saw is the ION, and it's 200 a license.

[Nullsig]

Is the software being hosted in the building on an Intranet? OR can you host it remotely and just filter out IPs so only their static IP can access it.

Are you worried about them seeing the html source or just the PHP source?

Why is seeing the source such an issue? I would argue that if they have paid for a license and own the hardware that is running the system they have the right to read the source.

Lastly, if you are installing the hardware that will be hosting the PHP you can lock down access so they can't get to the source. They could still do "View Source" on the site itself but it is pointless to try to protect the HTML.

[vikkiatbipl]

Hi Nullsig!

Thank you for the reply!
Is the software being hosted in the building on an Intranet? OR can you host it remotely and just filter out IPs so only their static IP can access it.

Vikram: It is hosted in the Intranet; with their own server

Are you worried about them seeing the html source or just the PHP source?
Vikram: It is about the PHP source

Why is seeing the source such an issue? I would argue that if they have paid for a license and own the hardware that is running the system they have the right to read the source.
Vikram: Is it ? They have right to read the source? Of course though they have right to see, they should not re produce the same and re distribution has to be banned know?

Lastly, if you are installing the hardware that will be hosting the PHP you can lock down access so they can't get to the source. They could still do "View Source" on the site itself but it is pointless to try to protect the HTML.
Vikram: This i agree with you.

Thank you
Vikram

[Nullsig]

You could try obfuscating the code. It would make it difficult to reverse engineer and modify and it maintains the execution speed.

As far as redistribution prevention, you could use a licensing server to check the license of the software on your own server to prevent resale of the product after installation.

Other than that you should just make sure that you have an air tight EULA so you can sue the pants off them when they try to step out of line. Redistribution and Reproduction are against general copyright law, in America at least.

[vikkiatbipl]

Thank you for the comments!

Vikram A

[KaranS]

Why see the source of this problem? I would say if they have paid for a license and has the hardware that runs the system they have the right to read the source.

Finally, if you are installing the equipment, which is home to access PHP can be locked so that they can not reach the source. You could even make the "View Source" to the scene, but it is useless to try to protect your HTML code.