| Re: PHP script to only be accessed by cron [message #175281 is a reply to message #175267] |
Wed, 31 August 2011 12:15   |
Peter H. Coffin
Messages: 245
Registered: September 2010
Karma:
|
Senior Member |
|
|
On Tue, 30 Aug 2011 19:16:00 -0700 (PDT), jwcarlton wrote:
>>> I wouldn't mind encoding the page, too, JUST in case I have a root
>>> breach (not expected, of course, but not impossible). Since I would
>>> only need to encode one page, once, would it be reasonable to use the
>>> free trial of Zend Guard? Or would you guys suggest something
>>> different?
>>
>> Way, way, way too complicated. Stop thinking "page", start thinking
>> "script file".
>
> I'm not sure that I follow. If a hacker gains root access, I don't
> want them to be able to go to the cron page and obtain the encryption
> keys in the page; otherwise, they'll be able to get all of the
> otherwise nicely secured data.
>
> If not Zend Guard, what else do you recommend?
If an attacker gets root access, inside the system, the attacker has the
encryption keys, no matter where you bury them. Might as well make sure
that nobody can get them from *outside* the system, which you can
actually do something about.
--
When C++ is your hammer, everything looks like a thumb.
-- Steven M. Haflich
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]