Reputation: 925
Is there a way to tell if a PHP script has not been modified?
Is there a way to check if a PHP script has been modified?
I've written a script that people will install on their own server, and I want to be able to check if the output is authentic or if it has been faked.
Is this possible?
Upvotes: 1
Views: 66
Answers (1)
Reputation: 841
The short answer is: you can't. Because the server (which you don't control) executes the code (which you no longer control), they have full control over the response. It's always going to be possible to change stuff and try to fake that it's legit.
But, you can try to make it harder. This is the same premise behind software piracy protection, digital rights management, and other similar technologies designed to restrict what actions can be performed with information outside the owner's/originator's control.
Some ways to do this:
- obfuscate the heck out of the php to make it more tamper-resistant.
- have the script send you a hash of itself, encrypted with your public key, as part of its output.
- encrypt (symmetrically or asymmetrically) most of the php itself, and add a decrypt/execute portion to it.
- individualize each script copy, including some kind of known, unique value in the expected output of every script you let other people use, and verify it in the output to make sure it's the expected value for that server.
Upvotes: 2
Related Questions
- PHP - auto detect when/if files have been updated
- How to detect whether a PHP script is already running?
- PHP, check if the file is being written to/updated by PHP script?
- Detect if a PHP script is being run interactively or not
- How to check if a file has changed?
- how to know whether a file has changed or not in php
- PHP: How can I check wether or not a php script is already running?
- Detect the modification of a file
- check file for changes using php
- Is there a way to see when a php script last ran?