How to protect my app on VPS? [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it c开发者_运维百科an be reopened, visit the help center. Closed 11 years ago.

I want protect web-application for administrator/other with physical access to server.

Any ideas?

Thanks

---

How physical is physical? :P

Your webserver (let's say Apache) needs to access your files. It runs under a user account (www-data or apache or something). Ergo: the files for the webapplication should be accessible to this other user.

An administrator (root user?) can impersonate any user, and has access to all files, so if you're dealing with a very smart administrator he can always get to your files.

You could run your webserver on a different account, and encrypt the part of your disk where the web application files are running. But since the webserver needs to decrypt it, the decryption key has to be stored somewhere, and the administrator has access to it.

So, I'd go for obfuscating your web application with (in case of PHP) something like Zend Guard, this makes the source unreadable. With a license manager on top the source is quite useless outside the server. (Not completely unbreakable though).

The only way to make really sure your sources are safe, you should be the only one with access to the root/administrator account. Physical access can only be prevented by hosting your own server in a secure data center...