[FX.php List] Encrypting Solutions?

Jonathan Schwartz jonathan at eschwartz.com
Wed Feb 7 07:26:51 MST 2007


Dale, Steve,ggt:

Up until now, my business hasn't been development for hire.  It's 
been for services rendered, specifically in the user registration and 
content management area.   In short, organizations need online 
registration systems and the ability to manage the resulting records. 
Compensation has either been Pro Bono (!), on a project basis for a 
given registration event or period, or on a per-person registered 
basis.  In no case does the client think that they are buying the 
code. I believe that makes me an Application Service Provider (ASP). 
No?

Now, I recall assisting a client with a Content Management System a 
while back. They paid a modest monthly fee ($39) to use the system 
which was hosted by the CMS company.  There was ftp access to the 
server and the php files that ran the service where right there in 
view....but they were encrypted.  Aha!, I said to myself. This is how 
they can offer access to the server and not suffer loss of the code 
that they had developed. I made a mental note to remember this 
technique in case I ever needed it.

So here we are today, and I was thinking about if/when I need to 
protect my own code from prying eyes.  Of course I Googled also, 
coming up with dozens of alternatives.  Back to my original post...I 
was asking for any particular solutions that were recommended.

However, I *am* enjoying the lively conversation about the business 
side of the fx.php world. ;-)

Jonathan



At 12:08 AM -0600 2/7/07, Dale Bengston wrote:
>Right. If the client has paid you to develop something, depending on 
>how your contracts are written, they probably own the 
>implementation. That's not to say you can't re-deploy the same stuff 
>for someone else.
>
>I was thinking of hosting as something more equivalent to a runtime. 
>There are at least a couple members of this list that host FileMaker 
>solutions to the web. In such a scenario, the client has no access 
>to the data structure or the PHP files. There's nothing you can do 
>about clients viewing source or parsing GET queries in the URL, but 
>it's a start.
>
>If I am deploying on a client's servers, I make sure I am explicit 
>in my contracts about who is responsible for securing the server(s) 
>and backing up data. (The client is.) As Steven Blackwell always 
>says, having the servers in a locked room with restricted access at 
>least prevents casual observers from messing around with your stuff. 
>In most cases, my clients have people who are responsible for the 
>health and security of the solutions I deploy, so it's in their best 
>interest to secure the servers properly. I also have a client that 
>insists on leaving my servers in a public room where their Mac IT 
>support person services machines, and where there's a shared network 
>printer. I have notified them in writing that I do not recommend 
>such a scenario.
>
>I am also explicit that I won't support any modifications they might 
>make to my code deployed at their site.
>
>Like any business relationship, I make sure all the various 
>responsibilities are documented in writing, and then I can relax and 
>forge a partnership with my client based on trust and understanding.
>
>Dale
>
>On Feb 6, 2007, at 11:23 PM, Steve Winter wrote:
>
>>Hi Jonathan,
>>
>>I understand what you're saying here, and there are a plethora of products
>>out there which will do what you want... a quick Google turned up;
>>   http://www.sourceguardian.com/products/php_encoder.htm
>>   http://www.protware.com/default.htm
>>and about a hundred more...
>>
>>The other aspect of this is that in my view if the client has paid you to
>>create the php for them, then they own the code that you wrote anyway, and
>>therefore have any/every right to see what you've written... ??...
>>
>>Just my 0.5c ;-)
>>
>>Cheers
>>Steve
>>
>>-----Original Message-----
>>From: Jonathan Schwartz <jonathan at eschwartz.com>
>>To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
>>Date: Tue, 6 Feb 2007 21:06:54 -0800
>>Subject: Re: [FX.php List] Encrypting Solutions?
>>
>>>Excellent!  This is the discussion I wanted to have.
>>>
>>>So far, I have also been in that model...developing a solution for a
>>>client and serving it up.  So far, also, I have been the only person
>>>with access to the files.  However, that could change.
>>>
>>>A client might require the solution to be hosted on their own server,
>>>to manage data privacy and security issues.  In this case, the files
>>>would no longer be under my control.
>>>
>>>Another situation: My server, but client has access to the web
>>>folder/directory.
>>>
>>>Don't both of these examples merit/demand protecting the php files
>>>from prying eyes?
>>>
>>>Jonathan
>>>
>>>
>>>
>>>
>>>
>>>
>>>At 10:41 PM -0600 2/6/07, Dale Bengston wrote:
>>>>I tend to think of that in terms of a different model for the web:
>>>>clients pay you a fee to access a hosted solution via the web.
>>>>
>>>>Dale
>>>>
>>>>On Feb 6, 2007, at 10:08 PM, Jonathan Schwartz wrote:
>>>>
>>>>>Hmmm.  I thought that this was  a common practice.
>>>>>
>>>>>The purpose would be to provide a locked solution, much like we do
>>>>>with our FileMaker solutions.
>>>>>
>>>>>J
>>>>>
>>>>>>Not sure why you want to encrypt them, since their source code
>>>>>>can't be viewed in browsers... ?
>>>>>>Or is there something I should know? :)
>>>>>>
>>>>>>If the site's using an SSL cert when the page is viewed, it'll be
>>>>>>encrypted anyway; why would you need more than that?
>>>>>>
>>>>>>Bob Patin
>>>>>>Longterm Solutions
>>>>>>bob at longtermsolutions.com
>>>>>>615-333-6858
>>>>>>http://www.longtermsolutions.com
>>>>>>
>>>>>>   CONTACT US VIA INSTANT MESSAGING:
>>>>>>      AIM or iChat: longterm1954
>>>>>>      Yahoo: longterm_solutions
>>>>>>      MSN: tech at longtermsolutions.com
>>>>>>      ICQ: 159333060
>>>>>>
>>>>>>
>>>>>>On Feb 6, 2007, at 9:29 PM, Jonathan Schwartz wrote:
>>>>>>
>>>>>>>Actually, I was referring to encrypting the php files themselves.
>>>>>>>
>>>>>>>Jonathan
>>>>>>>
>>>>>>>
>>>>>>>At 10:19 PM -0500 2/6/07, Andy Gaunt wrote:
>>>>>>>>Jonathan,
>>>>>>>>
>>>>>>>>We use SSL certificates provided by a number of vendors to
>>>>>>>>encrypt the data
>>>>>>>>transmitted on sites.
>>>>>>>>
>>>>>>>>This encryption varies in use from credit card details for payment
>>>>>>>>processing to entire secure areas for members only.
>>>>>>>>
>>>>>>>>Is this what you meant?
>>>>>>>>
>>>>>>>>Andy Gaunt
>>>>>>>>Office: 321.206.3658
>>>>>>>>Mobile: 407.810.4722
>>>>>>>>andy at fmpug.com
>>>>>>>>http://www.fmpug.com
>>>>>>>>2006 FileMaker Excellence Award Winner
>>>>>>>>Recipient of FileMaker's 2005 "Mad Dog" Public Relations Award
>>>>>>>>
>>>>>>>>For chapter locations, dates & times please visit the website at
>>>>>>>>http://www.fmpug.com If you can make it to a meeting, please RSVP
>>>at
>>>>>>>>http://www.fmpug.com/rsvp.php
>>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>>From: fx.php_list-bounces at mail.iviking.org
>>>>>>>>[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of
>>>>>>>>Jonathan Schwartz
>>>>>>>>Sent: Tuesday, February 06, 2007 10:03 PM
>>>>>>>>To: FX.php Discussion List
>>>>>>>>Subject: [FX.php List] Encrypting Solutions?
>>>>>>>>
>>>>>>>>Hi Folks,
>>>>>>>>
>>>>>>>>Is anyone encrypting their php solutions?  If so, what sw products
>>>>>>>>work the best?
>>>>>>>>
>>>>>>>>Thanks,
>>>>>>>>
>>>>>>>>Jonathan
>>>>>>>>
>>>>>>>>--
>>>>>>>>
>>>>>>>>Jonathan Schwartz
>>>>>>>>FileMaker 8 Certified  Developer
>>>>>>>>Associate Member, FileMaker Solutions Alliance
>>>>>>>>Schwartz & Company
>>>>>>>>jonathan at eschwartz.com
>>>>>>>>http://www.eschwartz.com
>>>>>>>>http://www.exit445.com
>>>>>>>>415-381-1852
>>>>>>>>
>>>>>>>>_______________________________________________
>>>>>>>>FX.php_List mailing list
>>>>>>>>FX.php_List at mail.iviking.org
>>>>>>>>http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>>>>
>>>>>>>>_______________________________________________
>>>>>>>>FX.php_List mailing list
>>>>>>>>FX.php_List at mail.iviking.org
>>>>>>>>http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>>>
>>>>>>>
>>>>>>>--
>>>>>>>
>>>>>>>Jonathan Schwartz
>>>>>>>FileMaker 8 Certified  Developer
>>>>>>>Associate Member, FileMaker Solutions Alliance
>>>>>>>Schwartz & Company
>>>>>>>jonathan at eschwartz.com
>>>>>>>http://www.eschwartz.com
>>>>>>>http://www.exit445.com
>>>>>>>415-381-1852
>>>>>>>
>>>>>>>_______________________________________________
>>>>>>>FX.php_List mailing list
>>>>>>>FX.php_List at mail.iviking.org
>>>>>>>http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>>
>>>>>>_______________________________________________
>>>>>>FX.php_List mailing list
>>>>>>FX.php_List at mail.iviking.org
>>>>>>http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>
>>>>>
>>>>>--
>>>>>
>>>>>Jonathan Schwartz
>>>>>FileMaker 8 Certified  Developer
>>>>>Associate Member, FileMaker Solutions Alliance
>>>>>Schwartz & Company
>>>>>jonathan at eschwartz.com
>>>>>http://www.eschwartz.com
>>>>>http://www.exit445.com
>>>>>415-381-1852
>>>>>
>>>>>_______________________________________________
>>>>>FX.php_List mailing list
>>>>>FX.php_List at mail.iviking.org
>>>>>http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>>>_______________________________________________
>>>>FX.php_List mailing list
>>>>FX.php_List at mail.iviking.org
>>>>http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>>
>>>--
>>>
>>>Jonathan Schwartz
>>>FileMaker 8 Certified  Developer
>>>Associate Member, FileMaker Solutions Alliance
>>>Schwartz & Company
>>>jonathan at eschwartz.com
>>>http://www.eschwartz.com
>>>http://www.exit445.com
>>>415-381-1852
>>>
>>>_______________________________________________
>>>FX.php_List mailing list
>>>FX.php_List at mail.iviking.org
>>>http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>>
>>_______________________________________________
>>FX.php_List mailing list
>>FX.php_List at mail.iviking.org
>>http://www.iviking.org/mailman/listinfo/fx.php_list
>
>_______________________________________________
>FX.php_List mailing list
>FX.php_List at mail.iviking.org
>http://www.iviking.org/mailman/listinfo/fx.php_list


-- 

Jonathan Schwartz
FileMaker 8 Certified  Developer
Associate Member, FileMaker Solutions Alliance
Schwartz & Company
jonathan at eschwartz.com
http://www.eschwartz.com
http://www.exit445.com
415-381-1852



More information about the FX.php_List mailing list