1

I'm making an web application, it's a kind of online shop using PHP, jQuery, AJAX and JavaScript.

I want to launch my site on only one PC on local host. How should I set my site so that it only runs on my single PC?

Even if anybody copy my code files and database files to his/her own PC it should not run on their PC. How to do this?

The one way I know is by using the IP address. but I not quite sure about this method works or not.

Qadir Hussain
  • 8,721
  • 13
  • 89
  • 124
  • 1
    Everybody can change the IP address in the PHP script. There is no way to do what you want. – TiMESPLiNTER Nov 05 '13 at 08:18
  • There are a lot of methods to identify a PC . Please narrow your scope & clarify your requirements. Plus, show us what you have tried. – Raptor Nov 05 '13 at 08:19
  • 1
    If the requirement really is that even someone who has the source code can't run the program, it's obviously impossible because they can just remove the authentication from the code. – JJJ Nov 05 '13 at 08:19
  • See if this helps: http://stackoverflow.com/a/9905037/188331 – Raptor Nov 05 '13 at 08:20
  • Also, if you're running the app on localhost it should already be inaccessible from outside (if not there's something wrong with the server settings). – JJJ Nov 05 '13 at 08:21
  • @halfer yes this seems to be great solution. Can u provide me a link how to start with this. Authenticate a site using the MAC address – Qadir Hussain Nov 05 '13 at 08:23
  • 1
    Heh, I'm sure you know how to use a search engine `;)`. – halfer Nov 05 '13 at 08:24
  • How would these other people obtain a copy of your program, anyhow? – JAL Nov 05 '13 at 08:25
  • @JAL its just a case. may be this is possible – Qadir Hussain Nov 05 '13 at 08:26
  • 1
    You could do this by putting a cryptographic key on your computer, and in the php code... Then have the program test a decryption with that key file when it launches. However, as noted by others if someone has the ability to run your php they have the ability to modify it and remove this safeguard. – JAL Nov 05 '13 at 08:36
  • @halfer can you post your comment as answer so that I can accept it. this solutions is best for my requirements. and please include any tutorial or link regarding this in your answer. thanks – Qadir Hussain Nov 13 '13 at 07:41

4 Answers4

2

If someone gains access to your source code then there is nothing that you can do to stop them.

When hosting it on your own you can prevent external access but beyond that there is nothing you can do.

Scott Helme
  • 4,786
  • 2
  • 23
  • 35
  • Also worth mentioning: make sure your web server setup is secure, and your PHP code is free of security vulnerabilities like SQL injection, as these are some pretty common ways hackers use to grab your PHP source files. – jingtao Nov 05 '13 at 08:43
  • 1
    @scotthelme If source code is found then you're correct, but this is why there are technologies such as Zend and ionCube (which I'm associated with) for PHP. Although there's *always* a possibility of reverse engineering, transforming the code by compiling and associating licensing related metadata with files allows for restricting where files can run. As well as off-the-shelf products, bespoke ionCube solutions are available too, and ideal in cases such as the OP's where the install is to a private server and not a shared one where regular encoded files may need to run too. So options exist. – Nick Nov 14 '13 at 13:20
0

Make sure no one gains access to that PC (where your application resides). Only in that case you can protect your application from being run by unauthorized person. Once you take this security measure then you can easily disable your application from being accessed from any other LAN computers by using your IP. This is how professional servers works so should you.

Ali
  • 5,021
  • 4
  • 26
  • 45
0

You can change the webserver binding to localhost 127.0.0.1 only. Alternative way you can create a filter rule that the server only accepts remote from localhost/127.0.0.1 With apache you can do this by .htaccess or directory/server rules.

When you want to share that code, you need to encrypt it with zend-guard or equal tools. there is also some licence management inside it, where you can bind licences to machines.

coding Bott
  • 4,287
  • 1
  • 27
  • 44
0

You can use an encoder script to encrypt your source code, and some of these come with an ability to lock down to MAC address. I think they are all commercial solutions, though; start with IonCube and SourceGuardian. Zend might have something as well.

I would imagine each of these solutions would have comprehensive tutorials on their respective sites. Your workflow is basically to check out a copy of your source code from version control, and encode that folder as part of your build process.

Technically, encrypted code can be reverse-engineered, since the encryption key is built into the code. However, it is a lot of work for someone to do so, and even if they decode it, they won't have your comments or your meaningful variable/method/class names.

halfer
  • 19,824
  • 17
  • 99
  • 186