Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Is there any mechanise, which can ensure that packages uploaded into packagist.org are free from malicious code.
Is anyone looking at source code in installed/uploaded packages.
For example: What if someone upload package which does main function and apart from that send my config file to external server?
When installation of packages is such easy as adding one line into composer.json I am bit worry that above situation can happen.
That's the blessing and curse of open source software. You typically have the entire source code available for inspection. This means it's pretty hard for anybody to include malicious code and have it remain undetected, though it's not a complete insurance against it. Gauge the vibe around the package, how many people are using it, what comments or tickets in the issue tracker say.
It comes down to: don't use software you don't trust. Trust it by evaluating it yourself or by trusting the community to have done so.
Related
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a product in its base version, and some of my clients demands some modifications that cannot be handled by plugin structure as it's not additional feature - but heavily modified version of some of core features. The problem is that we could handle applying bug-fixes for lets say two or three clients but now it is quite hard to handle and remember to apply same code changes in various projects.
The questions is: Is there methodology explaining how to handle such a problem, and how software like GIT or other SCMs could help me with it.
it is quite hard to handle and remember to apply same code changes in various projects.
git is perfect in your case. You can branch for each client and do the core modifications in the branchs. When it comes to apply bug fixes to every branch, you can either cherry-pick (a cool git feature) or rebase (another cool git feature) for each branch.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
When I am writing PHP i find it really hard to keep track of all the changes/bug fixes I make.
When you are creating a script in PHP what do you use to keep a track of any changes that you make along with adding version numbers and maintaining a changelog file?
Thanks in advance.
Use Versioning system. One of the most common is for example Subversion.
http://subversion.apache.org/
Subversion offers great features, like revision history, comparing between those revisions, also branching and tagging
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I developed and distributed a trial version of a PHP software I sell.
I used ioncube to encode the PHP source and check the installation date online. It works pretty well but the problem is that most of the users who downloaded the trial don't even install it, probably because they realize they need to edit php.ini and copy the ioncube loader somewhere in their computers.
Almost all the similar questions on stackoverflow advise ioncube, zend or similar solution...could you advise a simpler (from the point of view of the user) solution?
I don't care if it is less secure than ioncube, I'm ok if it works and prevent cracking for most of the user.
Thanks in advance.
PHP is a scripting language, and it can be quite easy to decode (and disable the trial functionality)
What you could try is hosting it on a demo server, granting access to that for a limited time, and then later revoke access when the trial period is over
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Ok something simple, I need to protect all the files on my server, what is the best way to do this. we already use HTTPS for any communication on or two the server, but nothing stops someone hacking into the the FTP (ok well there is a LONG LONG LONG password and a firewall) but how do I make sure that no one can download a PHP page and view the source code. unless they have the decypt code.
I looked at this site http://www.rightscripts.com/phpencode/index.php
but personally I would not put personal information about my site into it.
note: I dont mind paying something if its the best practice.
Cheers
Thanks
ionCube is very commonly deployed for this purpose. Please note however that even with a long FTP password, it is still vulnerable to anyone sniffing on the network for it as plain FTP does not provide any encryption at all.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Can anyone suggest me some free webservers, where i can upload my site and test it. My current one is giving me and error, that actually should not happen. And maybe it works with another server.
I've found izfree to be pretty good when I've needed quick hosting in a pinch. I wouldn't recommend it for anything in production though as its uptime isn't as good as it could be.
EDIT: Although looking at it, it may not even be maintained anymore. I last used it in 2009...
Simply set up a local server with programs like xampp. You can download it here: http://www.apachefriends.org/en/xampp.html
Much faster, agile and more convenient than testing on actual servers.