[thelist] Protect PHP Application

[Fred Jones]

> So I have two main issues. How would you/your company deal with this
> situation? Would you answer every question in detail, thus effectively
> training up this guy and giving work away that strictly should be ours?

Is there any reason you would do that? Your question seems to beg its
own answer, no?

> Or
> would you politely state that it is not in your interests to train this
> individual and that whilst you offer support to the client in terms of
> running the site and any bugs that appear, you do not in terms of how it is
> coded?

Same (well converse technically) answer here. :)

> Secondly, how would you protect your application? Obviously copyright grants
> me protection, but this is only effective when you know the product has been
> stolen. I have come up with having a small function that checks the server
> ip and e-mails back if it does not match authorised IPs, however this could
> be easily disabled if removed. I also have come up with moving some core
> files to another location on the server (the client is hosted on my own
> server) and not giving the developer access to these files, thus if the
> application is stolen the developer wouldn't be able to run the application
> without lots of effort, however this still means that he would have access
> to a lot of code. I realise there is only so much that can be done to
> protect my work in this environment, however I want to employ at least a few
> tactics.

Why does he need any access whatsoever? Move all the files away! Give
him access to templates or whatever files he NEEDS to access.

Why give them anything that's not theirs?

Fred