简体繁体中英

Apache/PHP: Force execution of signed code only (or known MD5)

原文 2016-11-23 10:39:52 7 1 php/ apache/ security/ code-signing

Just thought about hardening our Apache/PHP server installations and pondering about a general approach. Is it possible to create a configuration in that php code is only then executed, when it is "signed" or the hash sum (eg MD5) is known?

Has anyone a suggestion?

1 answers

Just a head's up: I wouldn't recommend MD5 here, at all.

That being said, PHP Archives (aka Phar) support code-signing through OpenSSL. This is used in random_compat (see: random_compat.phar and random_compat.phar.pubkey ; the .asc file is a GPG signature of the .pubkey file).

The code we use to generate signed Phars is located here .

Equivalent ruby code for PHP MD5 Key

comparing PERL md5() and PHP md5()

PHP MD5 Vs MySQL md5

md5 Decryption in PHP

PHP md5 in conditional

PHP md5 explained

PHP MD5 implementation

md5 with Android and PHP

MD5 script in PHP

MD5 with RSA in php

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Equivalent ruby code for PHP MD5 Key comparing PERL md5() and PHP md5() PHP MD5 Vs MySQL md5 md5 Decryption in PHP PHP md5 in conditional PHP md5 explained PHP MD5 implementation md5 with Android and PHP MD5 script in PHP MD5 with RSA in php

Related Tags

Apache/PHP: Force execution of signed code only (or known MD5)

Question

1 answers

solution1 3 2017-12-28 18:20:48

solution1
3 2017-12-28 18:20:48