1

I have a online project working fine, but a customer ask me if it was possible to sell him the project but in a offline environment, mainly because he has trust issues with internet.

If the internet in his company goes down, the entire company would stop because of it and therefore he would like a offline solution. I don't want to write a windows application from scratch because the project is too big and the time lost wouldn't compensate.

So I thought about put the project in a RaspberryPi or USB with Server2Go server embbed.

Problem: How do I secure access to the code and database?

Linesofcode
  • 5,327
  • 13
  • 62
  • 116

3 Answers3

1

As I understand, you do not want your code / database to be read through any file access protocol.

With PHP, it will be hard to obtain. You could obfusctate your code... but, believe me, it is not the right solution.

See here: Is there a code obfuscator for PHP?

When selling code based on Open Source languages, the solution is perhaps in providing services.

Edited after comment

By default, the Raspberry Pi is accessible using pi / raspberry credentials. You'll just have to change the default password to a new one using this command

passwd

Files and DB will only be served through webserver.

Dominique Vienne
  • 405
  • 2
  • 9
  • I don't want to obfuscate the code. I want to prevent access to the folder. For example. If I set the project in a RaspberryPi, the customer would access the site through `http://127.0.0.1/....` and that's all. I don't want to allow him to open the RaspberryPi OS installed and look into the files. – Linesofcode Jun 12 '17 at 13:54
0

First i don't know about locking the web folder and prevent them from looking into it but..


As most of Applications do, read these steps:
- First the Legal protection:
1- make a Contract with a good lawyer to protect your work and money
2- Register your source code in a Rights Protection organizations.
- Second Source Code protection:
1- usually depending on JAVA or C#.NET for the Compiler to byte code or lower and its VM sandbox / Framework. but in PHP it's an interpreter language that supports open source.
2- you can mix Java/c# with php by making a small web application to link the server hardware serials (like hdd / motherboard serial / available mac address / Operating system installation date) in encrypted hidden place to prevent stalling your files to run on another machines.


3- Mixing PHP with a compiled language means also to make part of your site (logics) in a compiled language and the php are depends on it so you'll prevent coping them by normal way.


4- you can buy a Dongle usb for the previous purpose like (sindbad protection)


5- Encrypt the remaining part of your PHP files for less secure to prevent the read of them using one of those tools
A) free and working PHP obfuscators:

http://www.pipsomania.com/best_php_obfuscator.do

http://www.phpprotect.info/

B) Encode the source files by one of them:

http://php.net/manual/en/function.blenc-encrypt.php

http://www.showmycode.com/

http://phpshadow.com/

http://dezender.net/

http://www.zend.com/en/products/zend-guard

http://www.ioncube.com/php_encoder.php

Mohamed Abulnasr
  • 589
  • 7
  • 18
-1

May be php would not work since it requires a webserver to run. As rpi supports python try django, web2py or even jinja2

vinay rajan
  • 351
  • 4
  • 9
  • PHP-CLI does not require a webserver and runs in command line. Going offline (without internet) does not implies not using webserver. – Dominique Vienne Jun 12 '17 at 13:28