[thelist] Protect PHP Application

Mark MacInnes mark.macinnes at gmail.com
Tue Jun 10 10:47:47 CDT 2008


Recently, one of my clients has employed an in-house web developer. Whilst I
am (relatively) happy to deal with this guy, he has been asking a huge
number of questions about how the site operates as well as questioning my
abilities (which blatantly being very inexperience himself). I amalso
concerned with this individual taking my application and selling it off as
his own work.

So I have two main issues. How would you/your company deal with this
situation? Would you answer every question in detail, thus effectively
training up this guy and giving work away that strictly should be ours? Or
would you politely state that it is not in your interests to train this
individual and that whilst you offer support to the client in terms of
running the site and any bugs that appear, you do not in terms of how it is

Secondly, how would you protect your application? Obviously copyright grants
me protection, but this is only effective when you know the product has been
stolen. I have come up with having a small function that checks the server
ip and e-mails back if it does not match authorised IPs, however this could
be easily disabled if removed. I also have come up with moving some core
files to another location on the server (the client is hosted on my own
server) and not giving the developer access to these files, thus if the
application is stolen the developer wouldn't be able to run the application
without lots of effort, however this still means that he would have access
to a lot of code. I realise there is only so much that can be done to
protect my work in this environment, however I want to employ at least a few


More information about the thelist mailing list