Solved

Encrypt php and js code and monitor file changes

Posted on 2013-12-22
16
888 Views
Last Modified: 2014-01-19
I want to encrypt my php and js code .
Server: linux
Hosting: shared type.

I can't change server setting as its shared server.

Issue my client always complaints that there is issue in some functionality when checked it came to our notice that file has been updated. We are 100 % sure that one of clients member do such type of changes so as to cancel my deal as it had happened more than 3 times.
So , i want to monitor whether there is any changes in my code and secondly encrypt my php and js code
0
Comment
Question by:Insoftservice
  • 7
  • 4
  • 4
  • +1
16 Comments
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 225 total points
ID: 39734808
Zendguard?  IONCube?  Or just make a Google search for "PHP Obfuscation."  If your PHP scripts generate your JavaScript you can probably accomplish everything with a single encoding tool.  I don't really have an opinion on encryption; I'm sure someone else can answer that.  

It is easy to monitor the directory and detect updates.  You may choose to monitor each script file separately.  The design pattern is described in this article:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_5356-Real-Simple-Syndication-RSS-with-a-Single-PHP-Script.html

Basically, you make an md5() string from the data that is to be monitored.  When the new string changes from the old string, you write a small RSS feed (XML document).  You can have your RSS reader listen to the RSS feed, and it will alert you to any changes.  This does not tell you what changed, but it can give you a very timely alert that something changed!

A strategy to detect what changed would probably require mirroring the scripts and comparing the before-and-after versions.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39734825
Sidebar note... I tried this and had no success.  Seemed like a good idea, too bad it did not work.
http://fopo.com.ar/
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 39734845
PHP Obfuscator  i hope all encoding tool has to be first installed on server for decoding it right?
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
ID: 39734853
Check with your host.  Zendguard and/or IONCube are frequently installed on shared hosting.  You may have to pay for your copy to encrypt your code.
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 39735913
Inquired they don't have such facility. Is there some other solution for the same
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 39736047
Any php or tool script to minimize all php and js scripts
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 225 total points
ID: 39736128
Here are some hosts that offer support for IonCube.
http://www.whoishostingthis.com/compare/ioncube/#.

That, plus a version-control system should have you covered.
0
 
LVL 33

Expert Comment

by:Slick812
ID: 39736611
?????, , maybe I look at your stated problem differently? As you say -
    "one of clients member do such type of changes"

I take this as this - "clients member", has full read and write access to the specific PHP file-script on your server? And for this "clients member" to "cancel my deal" they Overwrite your specific PHP file-script on your server?

As To your - "want to monitor whether there is any changes", you might consider a linux CRON, that checks this PHP file every 15 minutes or so with some sort of checksum HASH value. If the file HASH does not match the stored HASH, then rename the file, move the file, or delete the file (or other file disable thing). But this will be some extra work for you!


As to limiting others access to the file, there may be a solution, but since you mention "encrypt", I will talk about that. ALL, and I mean ALL encrypt methods only help, if there is a secrete "Key" value that the encryption and the decryption agents (php scripts in this case) use, , that No One else knows! !  If your threat as this "clients member" can read your PHP file and-or javascript with the "Key" in that file, then encrypt, Will NOT Help.

What I would suggest, is that you have a type of "Log-In" to access this Info (your deal, I guess), where you have to know a secrete "Key" value entered into a <form> input, which is used to decrypt the deal information from an "encrypted file" or other PHP string source. That way only you, or someone that knows the secrete "Key" can get access to the hidden info. You can not have this secrete "Key" on your server in a file!

It may be possible to use a javascript decryption , where you have to enter a secrete "Key" to <input> and then get the info, , But this may be a complex multi-platform (php- javascript) code headache.

You may need to see about your user-member PHP file access, and why a member that is a threat (malicious) has access to your Deal data file?

Ask questions if you need more info, but a simple solution may not be possible? Again someone that is not authorized should NOT have access to your important files! ! !
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 15

Author Comment

by:Insoftservice
ID: 39741334
Thx for all comments.
I was thinking to decrypt some imp php - javascript code and then minimize all js and php code keeping original copy at my end.
Is there any tool to do so. or php script for the same
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 225 total points
ID: 39741737
0
 
LVL 33

Assisted Solution

by:Slick812
Slick812 earned 175 total points
ID: 39742570
I read your last comment where you say -
"I was thinking to decrypt some imp php - javascript code and then minimize all js and php code keeping original copy at my end"

Sorry,  but I can Not really understand your programming "Terms" in that sentence, you say "decrypt some imp php", but I do not see what you mean by "imp php"? - 'imported php' maybe? ?

I think I know what you mean by -
"minimize all js and php code"
   but I can not see how that can help you with your problem, or I do not understand what you mean by "minimize" ? ?

You probably may not make an effective solution, if your "intruder" can read and alter your server "PHP files", That's why I suggested having a way to "restrict access" to your important files, so that your "intruder" can not change your important server "PHP files".

If you can not do that (restrict access), ,  and can not use Zendguard or IONCube, then you may need another way?

if you intend to "decrypt some imp php", you will need to set up your encryption procedures in a way that can exclude your "intruder" from accessing the important deal source.

You ask - "Is there any tool to do so. or php script for the same "
I really can not see what you may need to do from what you have said, much less suggest a tool to do it.

You have mentioned your "javascript" several many times here, so I wonder if your "javascript"  needs to be hidden also for your security issues?
Can you say some about what in your PHP code page, that you need to secure, is it a single string, or maybe a Deal array, or some API send to a vender for an order (deal)?
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 39743342
"imp php"? - means important php files. i.e files beside standard files of framework.
I can't use ioncube or zendguard as server does not supports it and i can't shift to other hosting server for the same.
I meant by encrypting the code and then minimizing it is because, intruder will not be able to use the code or change it easily.

I want to script or tool which could remove space and minimize php code.
I hope my points are now clear
0
 
LVL 33

Assisted Solution

by:Slick812
Slick812 earned 175 total points
ID: 39744244
I have never seen any "tools" or methods or apps that were made to remove line-breaks and extra spaces from a PHP code page, because the PHP code is not down sent to the browser, so that sort of thing would not be any benefit to most PHP coders. However There can be benefit to minimize a javascript File, I have never used any thing for that, I have seen a Jquery addon for that I think? And there are some web pages that do js minimize, but I'd just do a web search for that, so I can not recommend any, sorry.

You have now added a further complication to this (in my opinion) because you now talk about a "framework", which may or may not be something to deal with for the PHP code that may be needed for this. If it is a much used framework, then there might be some "plug-ins" or add-on that can help you with your php file access problems?

I suppose that "encrypting the code" means that you encrypt the entire php code page-file, so if you had the server file,  deals.php  , then you would want that entire file encrypted? But you really never tell us what the processes and working setups you need for the php code, so that some method of php encrypt-decrypt could be used some way. If you have a php code page encrypted as the file deals.hidden, then you will need a separate PHP file, to do the php decryption into a string, and then use that string in your php decryption code page,  OR write that string to a php file and try to use that in the decryption code page.
You may not need any code minimize, if your decryption page does not reveal the secrete Key.
But this is all getting to complicated for me to have any way to start on this, sorry, I may not can help.

You may think about looking to the php framework usage Forum to ask about add-on that might be helpful.
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 39790322
Thanx @Slick812 .
Is there any tool to minimise js. i don't want to do it online as i have got site which captures one js at a time and i have lot of js files and i dont want to do it one by one.
It would be great if i have some script to do it offline.
0
 
LVL 33

Accepted Solution

by:
Slick812 earned 175 total points
ID: 39791045
As I said before about - "Is there any tool to minimise js", , , I do not use any off line tools for this, or online tools for that, I can say that the Google Code repository has many, many, many code tools, widgets, examples, demo, usage, "How To", and much other Good Stuff for web developers at -
      http://code.google.com/
you really should take the time to explore some of the possibilities there to get help in web development and code work! ! !
I believe that this "Closure Compiler" from google does optimization as it minifies js and other (html) code work -
http://closure-compiler.appspot.com/home

but I can not do a web search for you on this, since I can not know what is "good stuff" and "not so good stuff" as far as "minimise js" and off line tools, , but this can do one js code at a time -
      http://fmarcia.info/jsmin/test.html
but it is online
0
 
LVL 15

Author Closing Comment

by:Insoftservice
ID: 39793518
Thanx ton to all
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Introduction Got endorsements from your clients?  Great!  There is almost nothing better than word-of-mouth advertising.  But how can you do that on the internet?  Sure you can make a page for endorsement quotations and list them all, but who is …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now