FUDforum: comp.lang.php » monitoring IP address calls of a PHP application

Home » Imported messages » comp.lang.php » monitoring IP address calls of a PHP application

Show: Today's Messages :: Polls :: Message Navigator

Re: monitoring IP address calls of a PHP application [message #175064 is a reply to message #175063]

Tue, 09 August 2011 12:50

The Natural Philosoph
Messages: 993
Registered: September 2010

Karma:

Senior Member

Bill B wrote:
> On 8/9/2011 2:00 AM, E.Sajad wrote:
>> So I'm trying to protect myself by somehow verifying that their
>> delivered application:
>>
>> 1. Does not connect to/use/call any other web services or connect to
>> other IP addresses (or servers) other than Google [note: the
>> application extracts some info from Google search results]
>> 2. Does not connect to any databases other than the one on the local
>> server
>> 3. Does not use any third-party libraries that I might have to pay for
>> in the future.
>> 4. Does not contain files that, although they need to be editable (for
>> future modification, such as XML configuration files), have been
>> converted into binary or non-editable or non-readable format.
>
> <snip>
>
>> I believe if I can somehow monitor all the IP addresses that the
>> application calls (connects to) in
>> real time, I'll be able to check if it's referencing any web services
>> or sources other than Google as well as other than my own database.
>> This alone will solve concerns number 1 and 2. But I don't even know
>> how to do this! Should I install a monitoring application on my
>> virtual dedicated server that would run in the background? What
>> application(s) do you folks recommend?
>
> <snip>
>
> Practically speaking, if the person who did the coding is in fact
> devious (I'm not assuming so but looking at worst case) it would be easy
> to write code that would activate #1 and #2 at some point in the future.
> That the code does neither now may be of little comfort.
>
> Bill B
Its php ffs

phpinfo will reveal if any extraneous libs are linked in.
A grep of its source code for any system() type calls will reveal if odd
ode is being invoked.

Ditto a code walk for any database open calls or CURL will check for
access to where it may or may not access.

If its beyond the OP, I suggest a paid contract to another contractor to
'find the bugs, and indentify the rubbish'

Set a thief to catch a thief.

Report message to a moderator

[Message index]

		monitoring IP address calls of a PHP application By: E.Sajad on Tue, 09 August 2011 06:00
		Re: monitoring IP address calls of a PHP application By: Michael Vilain on Tue, 09 August 2011 06:19
		Re: monitoring IP address calls of a PHP application By: Jerry Stuckle on Tue, 09 August 2011 11:26
		Re: monitoring IP address calls of a PHP application By: me on Tue, 09 August 2011 11:40
		Re: monitoring IP address calls of a PHP application By: The Natural Philosoph on Tue, 09 August 2011 12:50
		Re: monitoring IP address calls of a PHP application By: me on Tue, 09 August 2011 13:30

Previous Topic:	Re: ftp with win-filenames with chr#32 ?
Next Topic:	Do you have Paypal Credit Card Payment Gateway code in php

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Tue Nov 26 11:47:15 GMT 2024

Total time taken to generate the page: 0.05483 seconds