installing php application on client computer

[sridharao]

Hello guys,

I have developed an application in PHP that uses databases. I have installed wampserver and have tested it too.

I now want to install the same on client computer. How should I go about it? Should I install wampserver on their machine too? How should I configure it? What precautions should I take? Since the source code is also copied, there is tremendous risk to exposing the code and making it vulnerable to modifications. Since PHPmyadmin is also bundled, anyone on the system can manipulate data in the tables.

So, how do I go about this?

[kows]

you should be fine installing WAMP again. if they're not administrators of the system, then make sure that their windows user account can't access the directory that the PHP files will be stored in. or, hide them. also, make sure phpMyAdmin has a username and password required (no reason that it shouldn't, anyway).

[sridharao]

Thanks for the reply!

Can you tell me how can I do just that. How can I prevent access to a particular folder in windows? If I hide it, anyone can unhide it too. If the folder is hidden, can the files inside be opened by a browser?

How can I setup a username and password for PHPMyadmin?

and hello, nice to meet you again after a long time "Kows", I had sent you an email few days ago.

another question; it is important to stripslashes almost all text inputs from an user-submitted forms. But if the form contains only pull down options, it is necessary to stripslash the elements in the $_FORM[]?

[kows]

I got the email, I haven't had time to reply.

if these drop down menus have values that could contain quotes of any kind, then you should probably use stripslashes(). if not, then you wouldn't really need to.

now, you can hide the files, but that's really only a slight workaround at best. this will most likely fool anyone who isn't looking for these files and isn't too computer savvy, though. anyway, apache should still be able to see the hidden files with no problems. to prevent access to a particular folder by user accounts, you can right click on any folder and go to properties and then select the "Security" tab. you can restrict user access from here, but I won't get into walking you through it. you can most likely google it for some good instructions. also, if you're going to do this then you might need to make sure that the apache service is being run by an administrator account so that apache can still view these files and just the regular user accounts cannot.

[sridharao]

I found a way out for the issue I had sent you an email.

coming to the security issue, I stumbled upon this article regarding the same. Please go through it and let me know if I have to go through it. If your answer is yes, could you kindly make me understand what it is all about.

Here is the site
http://www.devshed.com/c/a/PHP/Doing...dmin-Part-1/2/

[kows]

the article seems pretty self explanatory to me? it just tells you how to set up phpMyAdmin's configuration file to change auth_type to cookie based so that you aren't storing usernames/passwords in that file. I don't think the setting up the control user and password is necessary, though. you should just be able to set blowfish_secret and then set auth_type to cookie with the localhost/port set. but, setting up the control user works fine as well. just read through the article if you want. it tells you everything to do.