List:General Discussion« Previous MessageNext Message »
From:Dotan Cohen Date:January 30 2007 12:18pm
Subject:Re: Safe DB Distribution
View as plain text  
On 30/01/07, peter lovatt <peter.lovatt@stripped> wrote:
> Hi
>
> You probably cant make it 100% secure, because php is not a fully compiled
> language, and as such an expert techie could probably add extra code to your
> app that wouild allow access to the database, BUT you can get pretty close.
>
> You will need to encrypt everything in the database using MySql encryption
> functions
>
> http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html
>
> This will mean you can only access the data using the password it was
> encrypted with. This will stop anyone installing the database accessing the
> data using another MySql client.
>
> Next you need to encrypt the php so that the user cannot get the encryption
> password. There are a couple of options I can think of, there are probably
> more. The first is Zend Accelerator ( http://www.zend.com) , which I think
> compiles the php (check this though). The second is ioncube (
> http://www.ioncube.com/) which is intended to prevent unauthorised access to
> php code.
>
> As above, your app needs MySql, and is not open source so you need a mysql
> licence.
>
> Hope this helps
>
> Peter
>

Actually, I'm pretty sure that you _can_ compile PHP with the Zend optimizer.

Another option: host the MySQL server on your own hardware, and
configure the php script to connect to that. Then you can control
everything coming in/going out.

What are you trying to protect? And what's the sense in protecting it
such, if in any case the php script has access to it?

Dotan Cohen

http://lyricslist.com/lyrics/artist_albums/355/moody_blues.html
http://music-lyriks.com
Thread
Safe DB DistributionSuhas Pharkute29 Jan
  • Re: Safe DB DistributionFelix Geerinckx30 Jan
    • Re: Safe DB Distributionpeter lovatt30 Jan
      • Re: Safe DB DistributionDotan Cohen30 Jan
        • Re: Safe DB DistributionSuhas Pharkute30 Jan
    • Re: Safe DB Distributionmizioumt30 Jan
      • Re: Safe DB DistributionGerald L. Clark30 Jan
        • Re: Safe DB Distributionmizioumt30 Jan
        • Re: Safe DB Distributionmos30 Jan
  • Re: Safe DB DistributionFelix Geerinckx30 Jan
    • Re: Safe DB Distributionmizioumt30 Jan
Re: Safe DB DistributionAles Zoulek30 Jan
  • Re: Safe DB DistributionSuhas Pharkute30 Jan
    • RE: Safe DB DistributionSST - Adelaide)30 Jan
      • Re: Safe DB DistributionSuhas Pharkute30 Jan
      • Re: Safe DB DistributionSuhas Pharkute30 Jan
      • Re: Safe DB DistributionSuhas Pharkute30 Jan
        • Re: Safe DB DistributionDan Nelson30 Jan
          • Re: Safe DB DistributionAles Zoulek30 Jan