Advice greatly needed.

[jamesxg1]

Hiya!

 

I am in dir need of some advice, basically I cannot find a strategy to do the following.

 

I am building a website and basically I need to make it so that I can provide other companies my script without actually providing it to them, weird one I know LOL!

 

Basically let say I provide my script to 100 companies I need to make it so that they never actually get the script in hand, I need to make it so that they have a small script that they upload to their server and it will communicate with the script on my server, but I need to so that it is as if it where on their own server so all the data they input is theirs and when entering the site via their site/server it only displays their data.

 

I was thinking about providing them with the whole script except the main class file and making it so that they have to include it from my server for the script to work, but that turned out complicated and didnt work!

 

Does anyone here have any advice, tips or pointers that may help?

 

Much appreciated, many thanks,

 

James.

[Mchl]

http://www.zend.com/en/products/guard/

[jamesxg1]

http://www.zend.com/en/products/guard/

 

Holy christ, why didn't I think of that, thanks very much mate very much appreciated.

 

James.

[jamesxg1]

Is there any other points that may help? Maybe one that includes not having to give them the script in any way? If this is possible?

 

Many thanks,

 

James.

[monkeytooth]

If you want to keep your script, and force them to connect to it in a manor of speaking your going to have to port your script to them through means of XSS (Cross site scripting) and/or filtering the needs of the script for input output into an XML ready solution actually I think in a case like this your going to have to implement both concepts as they are almost one in the same when your using XML for something other than feed distribution. Either way you have to make your script then make functions and hooks or in other words an API to tie into it from the outside.

 

Another thing to look into though and with this you can give the script out freely to who you please is "Zend Optimizer" or "IonCube" those to programs are web based programs that irreversibly encrypt your scripts or the meat or core of them at least and keep your technology safe from backward engineering or hacking. All though those 2 software pieces cost money to obtain its worth it if your script is worth purchasing. Couple hundred dollars for Zend or Ion and countless sales potential for your script you'll make your money back. You always have to spend some to make some. Alternatively there are other means of encrypting your scripts within itself to make it hard for anyone who doesnt know much to do anything with it. But your going to run into someone whos savy enough to reverse the encryption and output the real code to pick a part eventually... Zend is most likely your best bet as most hosting providers provide Zend Optimizer with hosting accounts.

 

Another thing to think about is, your server load, unless your on a private machine, or network there of machines.. your bandwidth will eventually be gotten the best of, effecting your over all speeds and all else. Your server may eventually be bested as it can only handle so much, and on top of it your offering people a means of hacking your site unless your that damn good at securing your site and server.

 

Just food for thought.

[ignace]

Is there any other points that may help? Maybe one that includes not having to give them the script in any way? If this is possible?

 

It depends on what your script does. If you own a domain you can allow other companies to link to your script using:

 

script.company.com IN CNAME your-script-domain.com

 

monkeytooth's solution is preferred and a SOA (Service-Oriented Architecture) is what you are looking for. Where your clients would connect to your website using HTTP request headers and receive an XML (, JSON, ..) response from your server.

[jamesxg1]

If you want to keep your script, and force them to connect to it in a manor of speaking your going to have to port your script to them through means of XSS (Cross site scripting) and/or filtering the needs of the script for input output into an XML ready solution actually I think in a case like this your going to have to implement both concepts as they are almost one in the same when your using XML for something other than feed distribution. Either way you have to make your script then make functions and hooks or in other words an API to tie into it from the outside.

 

Another thing to look into though and with this you can give the script out freely to who you please is "Zend Optimizer" or "IonCube" those to programs are web based programs that irreversibly encrypt your scripts or the meat or core of them at least and keep your technology safe from backward engineering or hacking. All though those 2 software pieces cost money to obtain its worth it if your script is worth purchasing. Couple hundred dollars for Zend or Ion and countless sales potential for your script you'll make your money back. You always have to spend some to make some. Alternatively there are other means of encrypting your scripts within itself to make it hard for anyone who doesnt know much to do anything with it. But your going to run into someone whos savy enough to reverse the encryption and output the real code to pick a part eventually... Zend is most likely your best bet as most hosting providers provide Zend Optimizer with hosting accounts.

 

Another thing to think about is, your server load, unless your on a private machine, or network there of machines.. your bandwidth will eventually be gotten the best of, effecting your over all speeds and all else. Your server may eventually be bested as it can only handle so much, and on top of it your offering people a means of hacking your site unless your that damn good at securing your site and server.

 

Just food for thought.

 

Hiya!

 

Thanks for the reply. This is very true and researching it zend is more than likely my best hope. But the problem I have is the people I am supplying it to are very savy with web based applications and the script will be running on a goverment server so they will have access to it if I hand the script over to them, and there are long and painful but working ways of reversing the code encryption (so I have been told) so my main goal is to maybe accomplish the first idea you had for an XSS, but the only problem I have is I have never ever done something like this and I am literally stumped on where to start I open my IDE and go blank LOL! Would it be possible for you or someone out there to maybe point me in the right direction?

 

Many many thanks,

 

James

[jamesxg1]

Is there any other points that may help? Maybe one that includes not having to give them the script in any way? If this is possible?

 

It depends on what your script does. If you own a domain you can allow other companies to link to your script using:

 

script.company.com IN CNAME your-script-domain.com

 

monkeytooth's solution is preferred and a SOA (Service-Oriented Architecture) is what you are looking for. Where your clients would connect to your website using HTTP request headers and receive an XML (, JSON, ..) response from your server.

 

Hmmmm, interesting I have never heard of this option would you provide me with some more information please ?

 

Many thanks

 

James

[jamesxg1]

Sorry for the extra post, I need to find a solution that will make it execute as if the script was on their server, so every company that has access has their own copy of the 'script' as such, while running it all from the one script.

 

Many thanks

 

James.

[monkeytooth]

Well if your government related then Zend is your best bet, Zend is virtually if not completely impossible to reverse the encryption of.

 

Zend will generate the encrypted source on your end from the original in a means of readability only through the Zend Optimizer on a clients end. There is no way to run Zend Optimized scripts without the people using them having Zend Optimizer. Once your software is encrypted it then gives you an option to licence it out via licence.php files where everyone is unique and only unique to the domain its being hosted on or given licence to. Or you can provide a licence with the software when its purchased thats a global licence and not domain specific.

 

Besides some level of encryption always look good to the government lol. Make ya look more efficient, and with "Security" in mind. Also, government contract means money money money.. if you encrypt it through zend, they will always have to come back to you to get upgrades, patch work, plug-ins, customization etc..

[jamesxg1]

Well if your government related then Zend is your best bet, Zend is virtually if not completely impossible to reverse the encryption of.

 

Zend will generate the encrypted source on your end from the original in a means of readability only through the Zend Optimizer on a clients end. There is no way to run Zend Optimized scripts without the people using them having Zend Optimizer. Once your software is encrypted it then gives you an option to licence it out via licence.php files where everyone is unique and only unique to the domain its being hosted on or given licence to. Or you can provide a licence with the software when its purchased thats a global licence and not domain specific.

 

Besides some level of encryption always look good to the government lol. Make ya look more efficient, and with "Security" in mind. Also, government contract means money money money.. if you encrypt it through zend, they will always have to come back to you to get upgrades, patch work, plug-ins, customization etc..

 

WOW! you blow my mind LOL, you are very intelligent. Thank you very much this is very much appreciated mate, I will not forget to return the favour .

 

Many thanks

 

James.