: Can I host my PHP app in such a way that users can verify the source code being used by the server? I have worked with one other person created a mobile-optimized web proxy to the League

@Angie530

Posted in: #OpenSource #Security #WebHosting

I have worked with one other person created a mobile-optimized web proxy to the League of Legends Tribunal (a peer review system). Riot Games, the creators of LoL, made a really nice web interface that happens to work very poorly on mobile browsers, so I set out to fix it myself. Due to constraints of the "API" available to us, (basic reverse engineering of the REST traffic in the original) our app unfortunately requires users to enter their username and password in order to use it. Having users share their passwords with third-party apps is unquestionably bad practice, but that's not a solvable problem at the moment.

As a first step to mitigate the problem, we have open-sourced our app on Github for those that have the know-how to host it for themselves after verifying the code is safe. However, there are plenty of people that could benefit from our app that can't be expected to host their own trusted version of the app.

This brings me to my question: Is there a way that I can host this app in a way that someone could verify that it uses the same trustworthy code found on our Github repo?

I'm not concerned with building a solution that would automatically compare it to the latest code on Github or anything. Simply allowing them to browse the code being used would be enough, but I can't think of a way that would be trustworthy and could be spoofed by a crafty mind.

Any ideas?

Vote Up Vote Down

Login to post a comment!