Question

I am looking at the possibility of running a PHP-based website (built in symfony) from an encrypted partition on a LAMP server. The reason for this is because a client would have access to the server but I don t want them to see the source code behind the php website.

I am open to other solutions if this is not possible. For example, possibly running the site from a virtual machine instance that cant be accessed easily.

I am not a big fan of simply obfuscating the code because, according to other posts, it can be easily reversed.

Is it possible to run a PHP app within an environment which is not human-accessible/readable?

Answer 1

I don t see how an encrypted partition will help here, as the web server will need access to it, and somebody with access to the machine will know how to use that.

A virtual machine will probably be the easiest thing to secure, because you can serve web pages, but restrict filesystem / RDP access to it.

There are also reliable obfuscation/pre-compilation solutions on the market. With the latter, you can distribute bytecode that is also speed optimized, which is an argument to present to the client.

Answer 2

If the enemy has physical access to the machine, you ve already lost; it s certainly possible for them to get the source code. Encryption inside a virtual machine might make it a little more difficult, but they can always dump the memory, then use techniques described by J. Halderman et al to extract the keys. And ff it s just an encrypted partition (no VM), it ll be mounted and easily accessible. So no, unless you control the physical machine, you can t secure it from attacks by the machine s administrator, regardless of whether it s encrypted.

Answer 3

The reason for this is because a client would have access to the server but I don t want them to see the source code behind the php website.

Rubbish. How will you run a web-site having source code completely hidden? Apache needs it uncovered to process with PHP in order for your website to work.

友情链接