029. How to hide sensitive business rules of your application securely?

Problem

You want to hide some sensitive business rules of your application securely.


Solution

There are many different options for securing php-gtk applications. One method is to encode your script. But Here we present another method quite similar to the concept as described in the article How to distribute your PHP - GTK applications - Method 1?

This method basically stores your sensitive business rules on your server. Your local php-gtk application sends in the input. The server does the computation and pass back the values to your php-gtk application for display.

Please take a look first at the sample code below. Run the code, and you should get the output as shown below.


Sample Code

1   
2   
3   
4   
5   
6   
7   
8   
9   
10   
11   
12   
13   
14   
15   
16   
17   
18   
19   
20   
21   
22   
23   
24   
25   
26   
27   
28   
29   
30   
31   
32   
33   
34   
35   
36   
37   
38   
39   
40   
41   
42   
43   
44   
<?php
$window = new GtkWindow();
$window->connect_simple('destroy', array( 'Gtk', 'main_quit'));
$window->set_size_request(400,200);
$window->add($vbox = new GtkVBox());

// display title
$title = new GtkLabel("Hide sensitive business rules securely");
$title->modify_font(new PangoFontDescription("Times New Roman Italic 10"));
$title->modify_fg(Gtk::STATE_NORMAL, GdkColor::parse("#0000ff"));
$title->set_size_request(-1, 60);
$vbox->pack_start($title, 0, 0);

// setup input label and text entry
$vbox->pack_start(new GtkLabel(), 0, 0);
$vbox->pack_start($hbox = new GtkHBox(), 0, 0);
$hbox->pack_start(new GtkLabel('Input an integer: '), 0, 0);
$hbox->pack_start($entry = new GtkEntry(), 0, 0);
$hbox->pack_start(new GtkLabel(' '), 0, 0);

// setup submit button
$hbox->pack_start($button = new GtkButton('Submit'), 0, 0);
$button->set_size_request(60, 24);

// setup output
$vbox->pack_start(new GtkLabel(), 0, 0);
$vbox->pack_start($hbox = new GtkHBox(), 0, 0);
$hbox->pack_start(new GtkLabel('Output from server: '), 0, 0);
$hbox->pack_start($result = new GtkLabel(''), 0, 0);

// Set up the event handler to respond to button click
$button->connect('clicked', "on_button", $entry, $result);

// The callback function that is called when user clicks the submit button
function on_button($button, $entry, $result) {
    $input = $entry->get_text();
    $output = file_get_contents(
        "http://www.kksou.com/php-gtk2/remote/secured_business_rules.php?n=$input");
    $result->set_text("You have entered $input. Its square is: $output");
}

$window->show_all();
Gtk::main();
?>

Output

How to hide sensitive business rules of your application securely?

 

Explanation

PHP starts off as a web language, and PHP-GTK is an extension of PHP. By leveraging on PHP's strength in web and PHP-GTK's capability in GUI application development, one can come out with very interesting ways of doing things.

Please first take a look at the article How to distribute your PHP - GTK applications - Method 1? if you haven't.

Just like an include statemet, the file_get_contents statement can take in any valid url too. And this is exactly what we are using here.

The content of the file secured_business_rules.php is as shown below:
Parse error: syntax error, unexpected end of file, expecting variable (T_VARIABLE) or ${ (T_DOLLAR_OPEN_CURLY_BRACES) or {$ (T_CURLY_OPEN) in /var/www/kksou.com/public_html/php-gtk2/plugins/content/DirectPHP/DirectPHP.php(56) : eval()'d code on line 5
"; $z = htmlentities($z); $z = str_replace("\r\n", "
", $z); $z = str_replace("\n", "
", $z); $z = str_replace(" ", " ", $z); $z = str_replace("\t", "    ", $z); print "

$z

"; ?>

The statement $output = file_get_contents("http://www.kksou.com/php-gtk2 /remote/secured_business_rules.php?n=$input") calls this file located on the server, passing in the value of the $input via standard url protocol. The server performs the computation and returns the output to the php-gtk application which then displays the result in the GUI window.

The demo here simply computes the square of the number. Of course one can perform any kind of business rules and computations here.

Note that this method is based on the assumption that the client running the php-gtk application is connected by LAN or broadband to your server.

Note

This method of hiding your sensitive business rules of your application is as secured as how well your server is protected.

Add comment


Security code
Refresh