I was wondering how people deal with stopping users changing data in databases directly.
Here is the scenario:
You have created a great application that you sell to clients, some of these clients prefer to host it internally on their own servers. These clients may have access to all settings on the servers and know how to use their chosen SQL server well.
To stop these clients copying your code or breaking it etc, you decide to encrypt the php using such products as Zend Guard or ionCube PHP Encoder.
The problem now is that as they have access to the databse. They may be able to look at the structure and data and figure out how to put data in and modify it directly.
Over time these clients may want new systems to work with your application, but not want to pay you to develop these links.
So they get someone else to develop applications that change the data in your systems database. Then as they didn't understand the databse fully the data in the database gets corrupted and the application encounters errors.
Then you get a support call from them to fix this.
They may not tell you about the other application and swear to you that your application must have errors in it.
I know of some people who add database triggers to log queries, however as they have access to the database this sort of thing could be covered up before they seek suppport.
I was wondering if anyone is dealing with this sort of situation at the moment and how they go about tackling it.
Also if anyone has any ideas of how this can be done well.