How to protect my source code when deployed?

Question

Is there a way to encrypt or enclose my code on my Linux server after deployment? I know Zend does some kind of encryption, right? Is that what people use? Is this even poss

Answer 1

If the file-system on your server has been compromised, then all is already lost. The best you can do is restrict folders, which are writable by web-server's user.

Also keep the application code outside the DOCUMENT_ROOT. Publicly available should only be the file you actually intend to show user, or which would not show any sensitive informations: like an index.php file which contains and include ../app/bootstrap.php .

You could use Zend Guard, but this would impact owner of the code. You might not be always the one maintaining it.

Answer 2

1. Periodically check the open ports on you server
2. Do not trust the data coming from the browser - verify it and validate it.
3. Periodically do an audit of the processes on your machine and who can access them
4. Only have files in the document root that should be accessible by the outside world. Include files etc should not exist here
5. Check the log files periodically to check for suspect access.
6. For PHP errors/warnings - find a mechanism that does not give the client (browser) any info what has gone wrong. Send that to yourself. This is true for MySql as well.

Answer 3

You are right, you can use Zend Encoder, Ion Cube or something like Source Guardian to encrypt your source code.

Its not really needed unless you are giving away your code and dont want people to steal it though.

What is it about your server that you think its insecure?