On 02/16/2015 12:10 AM, Mark Murphy wrote:
How do you prevent access to the second partition? What good is a second
partition going to do? Both
partitions are visible to the OS. If you only have a single OS, then both the
client and the server
are running on the same OS, and there is only one logon. The number of
partitions is irrelavant.
So your choices are choose a compiled language like C or Java, or use multiple
computers. You can
use a hammer to drive a screw if you get a big enough hammer, but you will
probably break something
and it won't work very well. You are trying to use PHP to do something it was
never meant to do, and
that can only turn out badly. You can think about it all you want, but you are
just looking for a
bigger hammer to drive something that isn't a nail.
On Sun, Feb 15, 2015 at 7:21 PM, Ethan Rosenberg
<erosenb...@hygeiabiomedical.com
<mailto:erosenb...@hygeiabiomedical.com>> wrote:
On 02/15/2015 05:39 PM, Mark Murphy wrote:
I would say no. It isn't the hard drive that is the problem, you need a
separate operating
system.
My thought is that even a small retailer will already have a computer,
so all you have to
sell is
the appliance which is all server. No one needs to log in to the
server. To make it useable
you just
need a config application that will let the owner set the IP address.
On Feb 15, 2015 1:25 PM, "Ethan Rosenberg"
<erosenberg@hygeiabiomedical.__com
<mailto:erosenb...@hygeiabiomedical.com>
<mailto:erosenberg@__hygeiabiomedical.com
<mailto:erosenb...@hygeiabiomedical.com>>> wrote:
On 02/14/2015 08:54 PM, Mark Murphy wrote:
There might be a virtual machine solution, probably not the
VMWare hypervisor since you
can't get it
to boot into one of the VMs. I don't know about any of the
others. Maybe put the
server at a
hosting
service like pair networks. You just can't run any scripted
solution stand alone
because of the
security risks. You might be able to use something that
encrypts the source, but it
might
have the
same security risks for a determined attacker. Look at Zend
Guard or Ioncube. These
aren't
free, but
less expensive than a whole server.
That said, the most secure option is a separate server machine
which you could set
up as a
Linux box
without the GUI, and a cheap 4 port switch to hook up to your
POS client. No one
needs to
have logon
authority to the server except you, or other support
personnel. Kind of like a POS
appliance.
On Feb 14, 2015 8:27 PM, "Ethan Rosenberg"
<erosenberg@hygeiabiomedical.____com
<mailto:erosenberg@__hygeiabiomedical.com
<mailto:erosenb...@hygeiabiomedical.com>>
<mailto:erosenberg@
<mailto:erosenberg@>__hygeiabio__medical.com
<http://hygeiabiomedical.com> <mailto:erosenberg@__hygeiabiomedical.com
<mailto:erosenb...@hygeiabiomedical.com>>>> wrote:
On 02/13/2015 02:12 PM, Mark Murphy wrote:
Ahh... You have both client and server on the same
computer. While this
might be
fine for
demonstration, it is not ok for production because
you cannot keep anyone
out of
the code.
If you
are going to use PHP, you MUST -- I can't emphasize
that enough -- you
MUST have
the server
parts
(PHP, Apache, MySQL) on a server machine that is
separate from the client
machine
or you
will not
have any security. You can keep folks out of the
database, but only until
they look
at the
PHP code.
On Fri, Feb 13, 2015 at 12:03 AM, Ethan Rosenberg
<erosenberg@hygeiabiomedical.______com
<mailto:erosenberg@
<mailto:erosenberg@>__hygeiabio__medical.com
<http://hygeiabiomedical.com> <mailto:erosenberg@__hygeiabiomedical.com
<mailto:erosenb...@hygeiabiomedical.com>>>
<mailto:erosenberg@ <mailto:erosenberg@>
<mailto:erosenberg@
<mailto:erosenberg@>>__hygeiabi__o__medical.com
<http://hygeiabio__medical.com>
<http://hygeiabiomedical.com> <mailto:erosenberg@
<mailto:erosenberg@>__hygeiabio__medical.com
<http://hygeiabiomedical.com>
<mailto:erosenberg@__hygeiabiomedical.com
<mailto:erosenb...@hygeiabiomedical.com>>>>> wrote:
On 02/06/2015 02:45 PM, Bastien Koert wrote:
Hold on, so you've written a point of sale
app that exists on the
client
machine as
whole?
Does this
take credit card data?
If so, its so un-fucking-secure that this
should never see the
light of
day. The CC
companies won't
accept this at all and would remove any
ability to accept CCs by the
business. This
style of
app is
in violation of so many terms of service
(not to mention basic
security
programming
practices when
dealing with sensitive data).
I worked with a guy who wrote an app like
that (but not POS, still
sensitive data.
I took
one look
at it and yanked it from production and
replaced it with a proper
client /
server
app. Its
not safe,
its not secure and to code a POS on a single
machine that the
user has
access to is
just dumb.
I would strongly suggest that your client
have a look at square
or similar
if he
wants to
process CC
data.
Bastien
On Thu, Feb 5, 2015 at 11:24 PM, Ethan
Rosenberg
<erosenberg@hygeiabiomedical.________com
<mailto:erosenberg@ <mailto:erosenberg@>
<mailto:erosenberg@
<mailto:erosenberg@>>__hygeiabi__o__medical.com
<http://hygeiabio__medical.com>
<http://hygeiabiomedical.com> <mailto:erosenberg@
<mailto:erosenberg@>__hygeiabio__medical.com
<http://hygeiabiomedical.com>
<mailto:erosenberg@__hygeiabiomedical.com
<mailto:erosenb...@hygeiabiomedical.com>>>>
<mailto:erosenberg@ <mailto:erosenberg@>
<mailto:erosenberg@
<mailto:erosenberg@>> <mailto:erosenberg@ <mailto:erosenberg@>
<mailto:erosenberg@
<mailto:erosenberg@>>>__hygeiab__i__o__medical.com
<http://hygeiabi__o__medical.com> <http://hygeiabio__medical.com__>
<http://hygeiabiomedical.com> <mailto:erosenberg@
<mailto:erosenberg@>
<mailto:erosenberg@
<mailto:erosenberg@>>__hygeiabi__o__medical.com
<http://hygeiabio__medical.com> <http://hygeiabiomedical.com>
<mailto:erosenberg@
<mailto:erosenberg@>__hygeiabio__medical.com
<http://hygeiabiomedical.com>
<mailto:erosenberg@__hygeiabiomedical.com
<mailto:erosenb...@hygeiabiomedical.com>>>>>> wrote:
On 02/05/2015 11:04 AM, Bastien Koert
wrote:
I'm with the two Richard's on this,
those users
shouldn't have telnet
access to the host server at all.
Users should be using the
browser to
access your site.
Other than that, the most important
thing you can do is to
regularly back
up your code and database to
another location so that if
something happens
to the working box (and likely all
tech products, its
not IF its
WHEN) you
can restore the code and database
with minimal data loss
Bastien
On Thu Feb 05 2015 at 9:39:43 AM
Omar Muhsin
<mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>
<mailto:mrfroa...@gmail.com
<mailto:mrfroa...@gmail.com>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>>
<mailto:mrfroa...@gmail.com
<mailto:mrfroa...@gmail.com>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>>>
<mailto:mrfroa...@gmail.com
<mailto:mrfroa...@gmail.com>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>>
<mailto:mrfroa...@gmail.com
<mailto:mrfroa...@gmail.com>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>
<mailto:mrfroa...@gmail.com <mailto:mrfroa...@gmail.com>>>>__>__> wrote:
You forgot this one "keep the
box OFFLINE ... best
security" :-D
On 05-02-15 14:10, Richard
Quadling wrote:
1 - Don't allow terminal
access to your box.
2 - Use a PHP byte code
encoder (IonCube, Zend
Guard) -
not perfect as
they
can be reversed to access
the code in a form.
3 - Don't use PHP.
----
Thanks to all.
I apologize, but I did not properly
define the problem I am
addressing. I have
written
code for
a POS [Point Of Sale] system to be used
in a store. I don't
expect
the store
owner to
play with
the code. His friends [or enemies]
might try. There are two
logins
to the
computer,
ethan [me]
and worker. Worker has to be able to
access the code to use
it. He
has to be
blocked from
reading, writing or copying the code.
How??
TIA
Ethan
Bastien
Cat, the other other white meat Grrr... I
have a gingy cat, and
she is
very nice.
Don't
insult her [LOL]
---
Thanks all.....
Sorry, my fault by not being clear.
The POS system is free standing and not on a
network.
The server is Apache.
So ....
Mr Nice has bought my system.
His friend, Mr. Ugly, wants to steal my code.
He asks Mr.[naive]Nice if he could look at the
computer while it is
logged in.
Ctrl-Alt-F1 A terminal.
cd /var/www
cp *.* memoryStick He now has my code
look at the code to find out where the passwords
are stored and copy to
memoryStick
history |grep mys* He has the login, and
hopefully the password
show databases;
/usr/bin/mysqldump -u root -p Database >
/pathtodatabasefolder/________Database.sql
Everything gone!!!
How do I prevent the above?
TIA
Ethan
Thanks to ALL -
Mark, proceeding with your suggestion... This is a
stand-alone machine.
Having two
computers
with the server side code on one of them, in this case
would not be practical
[or cost
effective]. The question is how to implement your
suggestion...
1] Can I partition the hard disk and turn it into a
server?
2] Should I use two hard drives?
Either way, I need to learn how to setup and run a
server. Would someone
please give me
references as to working w/ a server.
TIA
Ethan
Mark -
Thanks a lot.
This is a stand alone system designed to be sold to small stores.
A second computer
will destroy
any possible profit.
Let's try to innovate.....
Can I 1] partition the hard drive with one of the partitions being
the server or 2]
install a
second hard drive?
TIA
Ethan
Mark -
Thanks.
A lot of these stores do not have computers. If they did, they would have
a POS system. I'm
trying to sell to these small "Mom & Pop" stores. BTW, a large bakery in
this town does not have
a computer.
Let's try ...
If I partition the hard drive, with the server on one partition [w/ no
login]. Would it work?
TIA
Ethan
----
Mark -
Your comments are well taken. A solution, I think, is to have an independent server. Two computers
for each setup is not cost effective from my end.
Things in have to be changed. All customers will be required, to have or to acquire an internet
connection.
The server will be "the cloud".
At this point, I have no knowledge of cloud computing.
I do not wish to pummel you with questions concerning cloud storage and computing. I have to learn
it myself. To enable me to do this, I have some simple questions...
1] What sites would you recommend, with respect to both cost and data security?
2] What references, both in print and on the internet would you recommend for gaining knowledge in
cloud computing?
TIA
Ethan
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
