I am looking at the possibility of running a PHP-based website (built in symfony) from an encrypted partition on a LAMP server. The reason for this is because a client would have access to the server but I don’t want them to see the source code behind the php website.
I am open to other solutions if this is not possible. For example, possibly running the site from a virtual machine instance that cant be accessed easily.
I am not a big fan of simply obfuscating the code because, according to other posts, it can be easily reversed.
Is it possible to run a PHP app within an environment which is not human-accessible/readable?
I don’t see how an encrypted partition will help here, as the web server will need access to it, and somebody with access to the machine will know how to use that.
A virtual machine will probably be the easiest thing to secure, because you can serve web pages, but restrict filesystem / RDP access to it.
There are also reliable obfuscation/pre-compilation solutions on the market. With the latter, you can distribute bytecode that is also speed optimized, which is an argument to present to the client.