On 30/01/07, peter lovatt <[EMAIL PROTECTED]> wrote:
Hi
You probably cant make it 100% secure, because php is not a fully compiled
language, and as such an expert techie could probably add extra code to your
app that wouild allow access to the database, BUT you can get pretty close.
You will need to encrypt everything in the database using MySql encryption
functions
http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html
This will mean you can only access the data using the password it was
encrypted with. This will stop anyone installing the database accessing the
data using another MySql client.
Next you need to encrypt the php so that the user cannot get the encryption
password. There are a couple of options I can think of, there are probably
more. The first is Zend Accelerator ( http://www.zend.com) , which I think
compiles the php (check this though). The second is ioncube (
http://www.ioncube.com/) which is intended to prevent unauthorised access to
php code.
As above, your app needs MySql, and is not open source so you need a mysql
licence.
Hope this helps
Peter
Actually, I'm pretty sure that you _can_ compile PHP with the Zend optimizer.
Another option: host the MySQL server on your own hardware, and
configure the php script to connect to that. Then you can control
everything coming in/going out.
What are you trying to protect? And what's the sense in protecting it
such, if in any case the php script has access to it?
Dotan Cohen
http://lyricslist.com/lyrics/artist_albums/355/moody_blues.html
http://music-lyriks.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
