On 30/01/07, peter lovatt <peter.lovatt@stripped> wrote:
> You probably cant make it 100% secure, because php is not a fully compiled
> language, and as such an expert techie could probably add extra code to your
> app that wouild allow access to the database, BUT you can get pretty close.
> You will need to encrypt everything in the database using MySql encryption
> This will mean you can only access the data using the password it was
> encrypted with. This will stop anyone installing the database accessing the
> data using another MySql client.
> Next you need to encrypt the php so that the user cannot get the encryption
> password. There are a couple of options I can think of, there are probably
> more. The first is Zend Accelerator ( http://www.zend.com) , which I think
> compiles the php (check this though). The second is ioncube (
> http://www.ioncube.com/) which is intended to prevent unauthorised access to
> php code.
> As above, your app needs MySql, and is not open source so you need a mysql
> Hope this helps
Actually, I'm pretty sure that you _can_ compile PHP with the Zend optimizer.
Another option: host the MySQL server on your own hardware, and
configure the php script to connect to that. Then you can control
everything coming in/going out.
What are you trying to protect? And what's the sense in protecting it
such, if in any case the php script has access to it?