Simple PHP problem.

#1 Okay, when you say people will have access to it, do you mean physical access (as in sitting down at it and copying files in Explorer) or inter/ranet access? Your web server should be able to restrict the locations that it has access to depending on what server you are running. All of them should be able to do it, but how depends on the configuration of the individual servers.

If you want different people to have different access, you can protect folders. Depending on the server you're running, the method may be slightly different. It can be propagated via the OS (what is the OS and server you're running?) or controlled through the access lists for the web server or a combination of the two.

#2 It would be physical access. Theyd be running Win XP, or Vista. Basically its a log program that runs via PHP and webserver. Theres a webserver on the client computer, and server computer, and the client one syncs to the server computer. But it would be on their personal computer. The webserver would be an apache/mysql bundle that runs locally and leaves no footprint.

I'm trying to get them to do all their logs among other things in a web/client on their computer, then have it sync to the master server. The "program" is for a security company, and they kinda wanna keep details hush hush; But to keep all the features it needs to be ran locally on the client computer. My boss doesn'twant anyone copying it, so I need to protect it. A major problem would be that it willbe ran on some of the employee's personal computers. Although I could bundle a encryption tool with it.

I just need basic security, the employees don't know much about software and such, so its not like they can decrypt, or reverse engineer stuff. Maybe a program that bundles all the files into one exe file?




In short, I don't want them to be able to copy these files once they are inplace. Delete yes, not copy. I would also like them to not be able to read them.

#3 Apache/MySql leave a footprint by being started. It can be tuned down, but there's a footprint.

But let's evaluate the needs here so that I can understand it and maybe help out.

First of all, why would they need to have a web and database server running on their client computer? It seems that it would be much more practical to create and schedule a "synclog" application to send the requisite data to the remote server. That way they would not have to go through the install and security lockdown process to make sure that their Apache configuration, php.ini, and SQL databases are secure. You also would not have to go through the difficulty of making sure that the various server solutions installed were at the correct version and patched to perfection on the client machines. You would only have to manage it on the server itself.

You could install a minimal PHP configuration and even use PHP-GTK for a nifty interface if you want one. Use PHP to parse or generate whatever logs you need. You can use a third-party product like Zend Guard or Source Guardian to encrypt your source code. Then, you could use PHP to post the completed logs to your server. As long as you schedule it or setup a Windows service, you can do this transparently to the user.

It would be a good idea to start it as a SYSTEM service and setup the permissions correctly depending on the OS to disallow them from doing much with your files. You should always give them a complete uninstall option to remove everything from their system.

Those are just a couple of thoughts. Sounds like a pretty interesting project.

#4 1. They don't have 100% internet access. They will be in patrol cars, its a GUI interface that allows them to read/submit logs, read apartment resident listings ETC ETC. However I want them to be able to access the whole system, rather then the system they use now which they logon to the internet, and save an offline page and then go through a process to submit the logs.

2. The source code enryption sounds nifty.

3. I could always run an installer that "hides" the php files into the windows system aswell, that would work. I would OF CORSE allow them to uninstall the entire project from their computers.

#5 So you're basically recreating the entire system that they currently have online for the client computers? That's a pretty large call.

Can they use a jump-drive on their machines?

Something like XAMPP could take you a long way.

#6 Do the right thing by purchasing the proper infrastructure to allow secure remote access to this private date instead of copying the data to a lossable device. Secure the network infrastructure, clear local cash securely, and provide only fields needed for the function and not the entire record/db.

I would rip you apart legally if I knew my personal information was being stored on a laptop/mobile device...

#7 Yes, what Brian suggests is the right way to do such a large-scale security project, especially if critical and secure data is necessary or requires special standards of security for the department of corrections or such.

I was just in geek mode, thinking about possible solutions. Brian brought the context to the project, though.

#8 Its not personal information, its all public information. Nothing that people can't find out otherwise, its not security card numbers or anything of that nature. Not even close, almost all security companies have the same information on their client's. Its just I would be making the information accessable, and editable by the Patrol Supervisors rather than having it all in folders in an office.

I was thinking about CDSite. But now that I think about it, If i put it on a Flash drive could I stop people from downloading the information off the flash drive?