Protecting the php code [closed]

0

I am creating a system that encrypts some data and saves it in the database. Suppose this encryption is md5 and happens in the directory mysite.com/controller.php. How do I prevent anyone with malicious access to my files from discovering the type of encryption used and other information in my code? And what should be the security measures to prevent the code and the bank are accessed by those who should not, either through sql injection or any other means. (I am a layman in the subject). Thanks in advance.

    
asked by anonymous 06.02.2016 / 14:11

2 answers

1

Well I tried to comment on your comment but I do not have enough points, but since I said you want to hide your third party code ...

There are currently 2 methods to do this:

Code obfuscation : That is to shuffle variables, names, and so on. inside your code so that the reading is not simple, there are several softwares and services on the web just search on Google, I put 2 service links so for example:

It is worth mentioning that this method of glare is not 100% safe or indecipherable, it will only make it harder to read and will MAY drive away potential curious.

Compilation : Which is roughly the transformation from one language to another semantically equal but applied and executed in the OS , in the case of PHP there are some compilers that do this.

The most famous for PHP is the ionCube which is a PAGA tool, where you pass your codes by it and it does that service to compile, but your server needs to have a module installed to be able to receive those compiled files back.

Remember that in these two methods you need to have the original code if you want to make modifications, and apply the obfuscation or compilation again before publishing.

But at the beginning, when PHP is running inside the server the person does not have access to the source only the final output, if only you have access to the codes, it's okay, not to mention that compiling or obfuscating someone will still have access to the folder, files and so on. because the structure is maintained only the content is unreadable.

    
06.02.2016 / 18:18
0

Against SQL Injection you should handle the information received by GET and POST before interacting with the Bank ... using functions that remove special characters like = '/'; which are common in SQL Injection, as for your files , only if the guy invades the server or if you leave a gap type those sites that allow you to download by the name of the file in url, type site.com.br/download.php?file=arquivo.jpg ... this way if you do not do a function treatment the guy can replace the .jpg file with the controller.php and take your file with your information.

    
06.02.2016 / 17:46