[nycphp-talk] Signing PHP applications.
Joseph Crawford Jr.
jcrawford at codebowl.com
Sat Aug 14 00:19:18 EDT 2004
Dan,
but the fact of signing a php app when it is not obfuscated say with zend
encoder what is the point? the key or md5 sum is publicly viewable and
changeable hence it doesnt make any sense.
Joe Crawford Jr.
----- Original Message -----
From: "Daniel Convissor" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Saturday, August 14, 2004 12:10 AM
Subject: Re: [nycphp-talk] Signing PHP applications.
> On Fri, Aug 13, 2004 at 11:58:40PM -0400, Joseph Crawford Jr. wrote:
> > What's the big deal or why would you sign a php script or file? i have
never
> > understood the meaning of signing files.
>
> Why sign a contract, a check, etc. To prove authenticity. If you
> download files from a mirror, you need to make sure the mirror wasn't
> compromized. Or even the original server. Forgery does happen.
>
> Then, once you've verified the file before installing, you know the files'
> signagures so can check to see if the installed files on your server are
> still correct. If the signatures match, you're fine. If not, you know an
> intrusion has happened.
>
> --Dan
>
> --
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> data intensive web and database programming
> http://www.AnalysisAndSolutions.com/
> 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.newyorkphp.org
>
>
More information about the talk
mailing list