在RaspberryPi / USB中保护PHP代码

Question

I have a online project working fine, but a customer ask me if it was possible to sell him the project but in a offline environment, mainly because he has trust issues with internet.

If the internet in his company goes down, the entire company would stop because of it and therefore he would like a offline solution. I don't want to write a windows application from scratch because the project is too big and the time lost wouldn't compensate.

---

So I thought about put the project in a RaspberryPi or USB with Server2Go server embbed.

Problem : How do I secure access to the code and database?

Answer 1

As I understand, you do not want your code / database to be read through any file access protocol.

With PHP, it will be hard to obtain. You could obfusctate your code... but, believe me, it is not the right solution.

See here: Is there a code obfuscator for PHP?

When selling code based on Open Source languages, the solution is perhaps in providing services.

Edited after comment

By default, the Raspberry Pi is accessible using pi / raspberry credentials. You'll just have to change the default password to a new one using this command

passwd

Files and DB will only be served through webserver.

Answer 2

First i don't know about locking the web folder and prevent them from looking into it but..

As most of Applications do, read these steps:
- First the Legal protection:
1- make a Contract with a good lawyer to protect your work and money
2- Register your source code in a Rights Protection organizations.
- Second Source Code protection:
1- usually depending on JAVA or C#.NET for the Compiler to byte code or lower and its VM sandbox / Framework. but in PHP it's an interpreter language that supports open source.
2- you can mix Java/c# with php by making a small web application to link the server hardware serials (like hdd / motherboard serial / available mac address / Operating system installation date) in encrypted hidden place to prevent stalling your files to run on another machines.

3- Mixing PHP with a compiled language means also to make part of your site (logics) in a compiled language and the php are depends on it so you'll prevent coping them by normal way.

4- you can buy a Dongle usb for the previous purpose like (sindbad protection)

5- Encrypt the remaining part of your PHP files for less secure to prevent the read of them using one of those tools
A) free and working PHP obfuscators:

http://www.pipsomania.com/best_php_obfuscator.do

http://www.phpprotect.info/

B) Encode the source files by one of them:

http://php.net/manual/en/function.blenc-encrypt.php

http://www.showmycode.com/

http://phpshadow.com/

http://dezender.net/

http://www.zend.com/en/products/zend-guard

http://www.ioncube.com/php_encoder.php

• PS : please read this article about the use of php

Answer 3

May be php would not work since it requires a webserver to run. As rpi supports python try django, web2py or even jinja2