Skip to main content

Inquiry About Secure Server and cPanel Configuration for Software Deployment

Comments

2 comments

  • cPRex Jurassic Moderator

    Hey there!  This seems like a question for Contabo.  The cPanel software provides the tools to ensure the server is up and running, but any additional security measures like what you're talking about would likely need to be added on top of the software.

    0
  • rbairwell

    2. The ability for clients to access and use the software without the ability to download, edit, or copy the underlying code, even if they have the server/cPanel credentials.

    If the end user has access to the cPanel account (or any server account) where the software is stored, they will be able to download the code. There are ways you can mitigate this by using encryption (cPanel servers can support Zend Guard [aka Zender Encoder/Decoder] and ionCube) , but the server administrator will need to build Apache with support for that module in place (there are other, less well known, similar source code protection modules such as phpBolt but I've not encountered them).

    However - as the video games, film and music industries can attest - if a computer can run a file than a human can extract the data no matter what the protection (how "useful" it will be to them will be another matter - most bytecode/source code encryption software first passes the code through an obfuscator which strips all comments and renames variables and functions to things such as "a", "aa", "aAa" etc).

    The only way to 99% protect your source code is to offer it as a fully hosted (SaaS) product and not give people access to where it is hosted: however, if there is a bug anywhere in the software stack (Linux, Apache, PHP, your own code) then that could still enable third parties to be able to download the code (a common flaw used to be Apache's .htaccess files not loading correctly and so presenting PHP or Perl files as text files - hence why most software now suggests keeping everything but a "bootloader index.php" file outside the "web root").

    0

Please sign in to leave a comment.