[thelist] PHP/ASP/ColdFusion - Keeping application private...

Ashish india_design at yahoo.com
Wed May 9 00:49:02 CDT 2001


Jon,

There are some ways, none of them are perfect and require some tweaking or
buying something extra.
For ASP, the only way that I know is to put most of your code in a DLL  and
then call the DLL methods from within your page. This will of course, call
for re-writing some of your code, and hence may not be the ideal solution.
Further overhead of registering the DLL, etc.
For PHP, Zend site (www.zend.com) promises some sort of encoder (based on
the product description), I have never used it, and hence am unsure about
its functionality.
For Perl, no idea. But given my attempts at Perl ( :-) ), if you are good,
you can make the Perl code highly complex and only a Perl expert can then
make sense of the code.
HTH,
Ashish

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Seth Bienek
Sent: Wednesday, May 09, 2001 8:59 AM
To: thelist at lists.evolt.org
Subject: RE: [thelist] PHP/ASP/ColdFusion - Keeping application
private...


Hi Jon,

> You don't want them to see the
> code, but they have access to the raw server-side files through their
> ftp/etc. What would you do?

The only way to keep an application private is to keep the application.  No
amount of encrypting/compiling/passwording will do you any good if the host
machine is not under your control.

If keeping the application private is a necessity, you may consider hosting
it on your server.  You can have their `net guy(s) point a DNS entry to an
IP assigned to your app server, and host it as "FOO.theirdomain.com" or
whatever (which opens up a whole new can of worms if you are maintaining
session persistence), but it will still have to reside on your server.  Does
that make sense?  Let me rephrase it.  You can make it look like their site,
and act like a part of their site, but it MUST stay ON YOUR SERVER for you
to be able to keep the code private.

If they need to change content on the site, you can do includes for the
content, keep it in a seperate directory, and give them an FTP login for
that directory.  Again, whole new can of worms if you want to keep them from
running script code from within the includes (ok, not that hard, but still a
consideration).

HTH,

Seth



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com





More information about the thelist mailing list