Jump to content

[SOLVED] Protecting my clients interests

stockton

By stockton
in Application Design

 Share

Recommended Posts

stockton Advanced Member

stockton

Posted
Posted

I have developed a client/server PHP intranet system that I would appreciate being able to protect for the client but cannot think of how to do it.

Basically they may run this system on any one of their servers at any one of their many locations but I would like to make sure that if someone outside the group got their hands on this system they could not run it.

Please make suggestions on how I may achieve this. For that matter is it even possible?

 

Regards,

Alf Stockton www.stockton.co.za

Link to comment
https://forums.phpfreaks.com/topic/83447-solved-protecting-my-clients-interests/
Share on other sites
448191 Advanced Member

448191

Posted
Posted

If I understand correctly, you want to protect the app from running at a different location than your client.

 

Best way to do that is have your app periodically check in with an external server, validate the ip and domain (not fool proof, but hey), and write a key to the drive (so you don't have to check in with the external server EVERY run). Hardcode the expiration time of the key, and encode the whole thing using Zend encoder or ioncube. The licensing info is actually on the external server (which you control), so adding new valid locations should be a snap.

 

I know a Java app that does something similar (ip based licensing).

stockton Advanced Member

stockton

Posted
  • Author
Posted

My client has in place "a good firewall as well as regular OS and server updates".

 

What I am thinking of is, as the system is open source, if someone removed it from my clients site and installed it on their own server I see no reason why it would not work.

 

I would like a method whereby running it would not be an option if the system was "stolen".

 

One thought was to register the clients servers on a central site and check for registration whenever the system is run. This cannot works as any PHP programmer could get around that.

448191 Advanced Member

448191

Posted
Posted

One thought was to register the clients servers on a central site and check for registration whenever the system is run. This cannot works as any PHP programmer could get around that.

 

Only if they have the source code. I wouldn't recommend checking registration EVERY run.

 

I don't think I'm really understanding your motivation here. You say the application is open source, so what are you protecting?

corbin Regular Member

corbin

Posted
Posted

"This cannot works as any PHP programmer could get around that."

 

They couldn't get around it without access to the plain source code (or a lot of creativity), so that way could work.  There's always ways around a remote site check though....  Zend decrypters, the hosts file and spoofing... so on.

Daniel0 Advanced Member

Daniel0

Posted
Posted

I don't know what your agreement says, but I suppose that when you've handed the files over to them it will be their own responsibility to keep their files safe from leakage. As long as you don't give the files to anyone else I suppose you'll be fine.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.