In this tutorial, we’ll be looking into applying our maximum security settings to your code, using the Security Checklist as a guide.
Accessing the Security Checklist
Gaining access to the Security Checklist is very easy to do. Just choose the “Project” > “Security Checklist” menu option, or click on the security gauge in the status bar.
Once this has been done, you will be greeted with the following window:
The objective for this window is to turn on as many of the lights green as possible. The more lights which are green, the more secure your settings. As we can see from this diagram, most of the lights are red, which is not a good thing. So let’s go through the checklist and set up our project correctly.
Clicking on any of the headings will expand the checklist for that settings category. From there, clicking on any setting in the expanded category will take you to the appropriate Project Settings page. Each setting is weighted differently, depending on how important that setting is to the overall project security.
IMPORTANT: We strongly advise against choosing all options at the same time and then Encoding, as this will make finding encoding-related issues with your code harder (Such as code that searches through PHP file contents). Instead, we recommend selecting options one or two at a time, and then Encoding to see if the code still works as expected.
This will take us to the “Source” tab of the project settings. The higher the target version of PHP, the more secure your code will be. Also, your code will run slightly faster. Though don’t forget that any servers running your encoded files must have at least the selected version of PHP installed, or else your files will not run.
These settings will take us to the “Restrictions” tab of the project settings. For this, we need to set up two settings, both of which are in the “Include file protection” category. Enable both “Require an include key” and “Do not allow the auto_prepend_file and auto_append_file php.ini settings” options.
Note that you will need an include key to save these settings. Click on the “Generate random key” button to randomly create a 32 character key, or specify your own in the textbox next to it.
These settings will take us to the “Obfuscation” tab of the project settings. For this, we just need to enable all of the settings in the “Obfuscation options” category.
Note that you will need an obfuscation key to save these settings. Click on the “Generate random key” button to randomly create a 32 character key, or specify your own in the textbox next to it.
Note: These settings require either our Pro or Cerberus Encoders, as well as a copy of the make_license program.
This will take us back to the “Restrictions” tab of the project settings. For this, we will want to focus on the “License file” category. To set this up, just enable the “Encoded files require a license file” setting. Once this has been done, the other options will become available.
For now, leave “Automatic checking of license restrictions” on, as this will require you to code a check on the license file manually if it is disabled.
Then, specify a name for the license file and a passphrase for the license file in the text boxes. Note that the encoded files will check against the license name exactly, so if you tell it to look for “license” and then create a file called “license.txt“, it will not work.
This one’s easy. Some updates we release will include security enhancements or extra security settings. If this occurs and your Encoder has not been updated, the light will turn red, and an icon will appear against the security checklist alerting you to this issue. The easiest way to check this is to keep automatic update checking on in the options, or check for updates manually by going to “Help” > “Check for Updates“.
And that’s it for the Security Checklist at this time. Always fill up the Security Gauge as much as you can for each project to ensure that your code has the maximum security that we offer!