6
Well, I’m working on a system Saap (PHP/Codeigniter + Mysql).
Initially the idea would be to effect the deploy of the system in the client’s choice hosting. The entire "installation" process would be carried out by my team, so that it would not have direct contact with the system code itself.
The fact is, I found myself thinking, what would stop one of my clients from hiring an obscure developer and asking him to hack the code? This way the customer could pass it on to the "friends" or even resell it for an extremely low value.
Of course, from a legal point of view, the integrity of my system can be protected, but we know that that alone does not inhibit malicious people.
Well, I burned a phosphate thinking about everything above and came up with basically a solution, which is not 100% efficient or practical, but that’s what I thought.
Solution
Create a central class that connects to an external server (in my case) and, in a token scheme, send a hash (from the client) that was generated at the time of purchase and so compared to the database of my server. If the hash was invalid, the class would make it impossible for the system to run.
Illustration:
The problem is that any malicious developer could easily open the class and modify it so that this check would not be done.
So the doubt continues:
Does anyone know of any method or theory that could be applied in preventing PHP code/systems hacking?
Unbeatable protection against malicious users: do not deploy
– Thiago Arrais
I haven’t worked with PHP for years, but would solutions like Zend Guard, ionCube and the like not solve your problem?
– serathiuk
If you deliver a solution to the customer, you have already delivered the source code. If it is script is directly visible, if it is compiled it can be decompiled. Finally, any form of code obfuscation is just false security, as a dedicated person is able to reverse engineer it independently. If you want to keep your "industrial secret" a secret, host your solution outside the customer’s machine park.
– Oralista de Sistemas
@Renan commentary on Brazil was poorly placed, in fact it is not only a local problem. Edited.
– Kazzkiq
@Kazzkiq edited my comment too.
– Oralista de Sistemas