[thelist] PHP/ASP/ColdFusion - Keeping application private...

Seth Bienek seth at sethbienek.com
Tue May 8 22:29:12 CDT 2001


Hi Jon,

> You don't want them to see the
> code, but they have access to the raw server-side files through their
> ftp/etc. What would you do?

The only way to keep an application private is to keep the application.  No amount of encrypting/compiling/passwording will do you any good if the host machine is not under your control.

If keeping the application private is a necessity, you may consider hosting it on your server.  You can have their `net guy(s) point a DNS entry to an IP assigned to your app server, and host it as "FOO.theirdomain.com" or whatever (which opens up a whole new can of worms if you are maintaining session persistence), but it will still have to reside on your server.  Does that make sense?  Let me rephrase it.  You can make it look like their site, and act like a part of their site, but it MUST stay ON YOUR SERVER for you to be able to keep the code private.

If they need to change content on the site, you can do includes for the content, keep it in a seperate directory, and give them an FTP login for that directory.  Again, whole new can of worms if you want to keep them from running script code from within the includes (ok, not that hard, but still a consideration).

HTH,

Seth

------------------------------
Seth Bienek
Solutions Development Manager
Stonebridge Technologies, Inc.
972.455.7294 tel
972.404.9754 fax
ICQ #7673959
------------------------------






More information about the thelist mailing list