Hi world,
I'm going to integrate a license key generator in my web site, in the way that It can automatically generate license keys when occurs a paypal notification (IPN)... but my question is: what is the best way to protect the php file (that contains the method used to generate the key) and the private (a .pem file)?
Thanks in advance!
I was not 100% clear what you were asking, but here goes...
You can generate your own a unique key and pass it over to paypal when the order is placed, such that paypal IPN will return the key to you. You can use this to verify that the IPN message is a legitimate one.
It sounds like to what to protect the source of the php file itself. It sounds like you want some obfuscation and precompiling. There are a number of tools out there that will compile your php files into binary. Not machine code, but a byte code of sorts. There are others that will just obfuscate the source code.
These are both just "security by obscurity" though. If you are not distributing the source of the program, users should not be looking at these files anywho.
Perhaps your question was how to keep users from downloading the php/pem file? You would do that the same way you protect all your config files with passwords and what not in them. Either by telling the web server to NOT allow them to be served, or by placing them in a directory outside of where the web server hosts.