FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » monitoring IP address calls of a PHP application
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: monitoring IP address calls of a PHP application [message #175064 is a reply to message #175063] Tue, 09 August 2011 12:50 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
Bill B wrote:
> On 8/9/2011 2:00 AM, E.Sajad wrote:
>> So I'm trying to protect myself by somehow verifying that their
>> delivered application:
>>
>> 1. Does not connect to/use/call any other web services or connect to
>> other IP addresses (or servers) other than Google [note: the
>> application extracts some info from Google search results]
>> 2. Does not connect to any databases other than the one on the local
>> server
>> 3. Does not use any third-party libraries that I might have to pay for
>> in the future.
>> 4. Does not contain files that, although they need to be editable (for
>> future modification, such as XML configuration files), have been
>> converted into binary or non-editable or non-readable format.
>
> <snip>
>
>> I believe if I can somehow monitor all the IP addresses that the
>> application calls (connects to) in
>> real time, I'll be able to check if it's referencing any web services
>> or sources other than Google as well as other than my own database.
>> This alone will solve concerns number 1 and 2. But I don't even know
>> how to do this! Should I install a monitoring application on my
>> virtual dedicated server that would run in the background? What
>> application(s) do you folks recommend?
>
> <snip>
>
> Practically speaking, if the person who did the coding is in fact
> devious (I'm not assuming so but looking at worst case) it would be easy
> to write code that would activate #1 and #2 at some point in the future.
> That the code does neither now may be of little comfort.
>
> Bill B
Its php ffs

phpinfo will reveal if any extraneous libs are linked in.
A grep of its source code for any system() type calls will reveal if odd
ode is being invoked.

Ditto a code walk for any database open calls or CURL will check for
access to where it may or may not access.

If its beyond the OP, I suggest a paid contract to another contractor to
'find the bugs, and indentify the rubbish'

Set a thief to catch a thief.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Re: ftp with win-filenames with chr#32 ?
Next Topic: Do you have Paypal Credit Card Payment Gateway code in php
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 29 14:06:00 GMT 2024

Total time taken to generate the page: 0.04761 seconds