0

Ok something simple, I need to protect all the files on my server, what is the best way to do this. we already use HTTPS for any communication on or two the server, but nothing stops someone hacking into the the FTP (ok well there is a LONG LONG LONG password and a firewall) but how do I make sure that no one can download a PHP page and view the source code. unless they have the decypt code.

I looked at this site http://www.rightscripts.com/phpencode/index.php but personally I would not put personal information about my site into it.

note: I dont mind paying something if its the best practice.

Cheers Thanks

Danack
  • 23,991
  • 14
  • 87
  • 117
RussellHarrower
  • 6,339
  • 20
  • 90
  • 182
  • This is a sys-admin question, not a programming question... – Oliver Charlesworth Jul 18 '12 at 01:29
  • 1
    How do you plan to run PHP pages if they're encrypted? – Waleed Khan Jul 18 '12 at 01:30
  • @arxanas - See ionCube (http://www.ioncube.com/) – Geoffrey Jul 18 '12 at 01:32
  • Duplicate of http://stackoverflow.com/questions/232736/code-obfuscator-for-php – Danack Jul 18 '12 at 01:36
  • 1
    I know this probably isn't what you want to hear, but I would advise not doing this. Take steps to physically (e.g. encrypted filesystems) and digitally (SFTP instead of FTP, requiring certificate-based logins, etc.) secure your server, and call it a day. The problem is that the more tricks like this you employ, the more of a nightmare it is to maintain your system and ensure end-to-end integrity. I've seen far too many environments where companies incur massive amounts of downtime because management demands 5000 moving parts. Unless you're CIA or NSA, this level of security isn't worth it. – King Skippus Jul 18 '12 at 01:52

1 Answers1

0

ionCube is very commonly deployed for this purpose. Please note however that even with a long FTP password, it is still vulnerable to anyone sniffing on the network for it as plain FTP does not provide any encryption at all.

Geoffrey
  • 10,196
  • 3
  • 30
  • 44