[FX.php List] Encrypting Solutions?

Dale Bengston dbengston at preservationstudio.com
Tue Feb 6 23:08:16 MST 2007


Right. If the client has paid you to develop something, depending on  
how your contracts are written, they probably own the implementation.  
That's not to say you can't re-deploy the same stuff for someone else.

I was thinking of hosting as something more equivalent to a runtime.  
There are at least a couple members of this list that host FileMaker  
solutions to the web. In such a scenario, the client has no access to  
the data structure or the PHP files. There's nothing you can do about  
clients viewing source or parsing GET queries in the URL, but it's a  
start.

If I am deploying on a client's servers, I make sure I am explicit in  
my contracts about who is responsible for securing the server(s) and  
backing up data. (The client is.) As Steven Blackwell always says,  
having the servers in a locked room with restricted access at least  
prevents casual observers from messing around with your stuff. In  
most cases, my clients have people who are responsible for the health  
and security of the solutions I deploy, so it's in their best  
interest to secure the servers properly. I also have a client that  
insists on leaving my servers in a public room where their Mac IT  
support person services machines, and where there's a shared network  
printer. I have notified them in writing that I do not recommend such  
a scenario.

I am also explicit that I won't support any modifications they might  
make to my code deployed at their site.

Like any business relationship, I make sure all the various  
responsibilities are documented in writing, and then I can relax and  
forge a partnership with my client based on trust and understanding.

Dale

On Feb 6, 2007, at 11:23 PM, Steve Winter wrote:

> Hi Jonathan,
>
> I understand what you're saying here, and there are a plethora of  
> products
> out there which will do what you want... a quick Google turned up;
>   http://www.sourceguardian.com/products/php_encoder.htm
>   http://www.protware.com/default.htm
> and about a hundred more...
>
> The other aspect of this is that in my view if the client has paid  
> you to
> create the php for them, then they own the code that you wrote  
> anyway, and
> therefore have any/every right to see what you've written... ??...
>
> Just my 0.5c ;-)
>
> Cheers
> Steve
>
> -----Original Message-----
> From: Jonathan Schwartz <jonathan at eschwartz.com>
> To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
> Date: Tue, 6 Feb 2007 21:06:54 -0800
> Subject: Re: [FX.php List] Encrypting Solutions?
>
>> Excellent!  This is the discussion I wanted to have.
>>
>> So far, I have also been in that model...developing a solution for a
>> client and serving it up.  So far, also, I have been the only person
>> with access to the files.  However, that could change.
>>
>> A client might require the solution to be hosted on their own server,
>> to manage data privacy and security issues.  In this case, the files
>> would no longer be under my control.
>>
>> Another situation: My server, but client has access to the web
>> folder/directory.
>>
>> Don't both of these examples merit/demand protecting the php files
>> from prying eyes?
>>
>> Jonathan
>>
>>
>>
>>
>>
>>
>> At 10:41 PM -0600 2/6/07, Dale Bengston wrote:
>>> I tend to think of that in terms of a different model for the web:
>>> clients pay you a fee to access a hosted solution via the web.
>>>
>>> Dale
>>>
>>> On Feb 6, 2007, at 10:08 PM, Jonathan Schwartz wrote:
>>>
>>>> Hmmm.  I thought that this was  a common practice.
>>>>
>>>> The purpose would be to provide a locked solution, much like we do
>>>> with our FileMaker solutions.
>>>>
>>>> J
>>>>
>>>>> Not sure why you want to encrypt them, since their source code
>>>>> can't be viewed in browsers... ?
>>>>> Or is there something I should know? :)
>>>>>
>>>>> If the site's using an SSL cert when the page is viewed, it'll be
>>>>> encrypted anyway; why would you need more than that?
>>>>>
>>>>> Bob Patin
>>>>> Longterm Solutions
>>>>> bob at longtermsolutions.com
>>>>> 615-333-6858
>>>>> http://www.longtermsolutions.com
>>>>>
>>>>>   CONTACT US VIA INSTANT MESSAGING:
>>>>>      AIM or iChat: longterm1954
>>>>>      Yahoo: longterm_solutions
>>>>>      MSN: tech at longtermsolutions.com
>>>>>      ICQ: 159333060
>>>>>
>>>>>
>>>>> On Feb 6, 2007, at 9:29 PM, Jonathan Schwartz wrote:
>>>>>
>>>>>> Actually, I was referring to encrypting the php files themselves.
>>>>>>
>>>>>> Jonathan
>>>>>>
>>>>>>
>>>>>> At 10:19 PM -0500 2/6/07, Andy Gaunt wrote:
>>>>>>> Jonathan,
>>>>>>>
>>>>>>> We use SSL certificates provided by a number of vendors to
>>>>>>> encrypt the data
>>>>>>> transmitted on sites.
>>>>>>>
>>>>>>> This encryption varies in use from credit card details for  
>>>>>>> payment
>>>>>>> processing to entire secure areas for members only.
>>>>>>>
>>>>>>> Is this what you meant?
>>>>>>>
>>>>>>> Andy Gaunt
>>>>>>> Office: 321.206.3658
>>>>>>> Mobile: 407.810.4722
>>>>>>> andy at fmpug.com
>>>>>>> http://www.fmpug.com
>>>>>>> 2006 FileMaker Excellence Award Winner
>>>>>>> Recipient of FileMaker's 2005 "Mad Dog" Public Relations Award
>>>>>>>
>>>>>>> For chapter locations, dates & times please visit the website at
>>>>>>> http://www.fmpug.com If you can make it to a meeting, please  
>>>>>>> RSVP
>> at
>>>>>>> http://www.fmpug.com/rsvp.php
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: fx.php_list-bounces at mail.iviking.org
>>>>>>> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of
>>>>>>> Jonathan Schwartz
>>>>>>> Sent: Tuesday, February 06, 2007 10:03 PM
>>>>>>> To: FX.php Discussion List
>>>>>>> Subject: [FX.php List] Encrypting Solutions?
>>>>>>>
>>>>>>> Hi Folks,
>>>>>>>
>>>>>>> Is anyone encrypting their php solutions?  If so, what sw  
>>>>>>> products
>>>>>>> work the best?
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Jonathan
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Jonathan Schwartz
>>>>>>> FileMaker 8 Certified  Developer
>>>>>>> Associate Member, FileMaker Solutions Alliance
>>>>>>> Schwartz & Company
>>>>>>> jonathan at eschwartz.com
>>>>>>> http://www.eschwartz.com
>>>>>>> http://www.exit445.com
>>>>>>> 415-381-1852
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> FX.php_List mailing list
>>>>>>> FX.php_List at mail.iviking.org
>>>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> FX.php_List mailing list
>>>>>>> FX.php_List at mail.iviking.org
>>>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Jonathan Schwartz
>>>>>> FileMaker 8 Certified  Developer
>>>>>> Associate Member, FileMaker Solutions Alliance
>>>>>> Schwartz & Company
>>>>>> jonathan at eschwartz.com
>>>>>> http://www.eschwartz.com
>>>>>> http://www.exit445.com
>>>>>> 415-381-1852
>>>>>>
>>>>>> _______________________________________________
>>>>>> FX.php_List mailing list
>>>>>> FX.php_List at mail.iviking.org
>>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>>>
>>>> --
>>>>
>>>> Jonathan Schwartz
>>>> FileMaker 8 Certified  Developer
>>>> Associate Member, FileMaker Solutions Alliance
>>>> Schwartz & Company
>>>> jonathan at eschwartz.com
>>>> http://www.eschwartz.com
>>>> http://www.exit445.com
>>>> 415-381-1852
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>>
>> -- 
>>
>> Jonathan Schwartz
>> FileMaker 8 Certified  Developer
>> Associate Member, FileMaker Solutions Alliance
>> Schwartz & Company
>> jonathan at eschwartz.com
>> http://www.eschwartz.com
>> http://www.exit445.com
>> 415-381-1852
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list