Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Encrypting PHP source code.

  • 09-05-2005 10:15am
    #1
    Closed Accounts Posts: 1,819 ✭✭✭


    Has anyone encrypted PHP source code?
    If so what programs have you used?

    I know there's an overhead in running off of encrypted source, but i'm not too worried about that.
    Keeping the source safe would be more important.

    So can anyone recommend anything?

    Cheers,

    Killian


Comments

  • Registered Users, Registered Users 2 Posts: 83 ✭✭fatlog


    why exactly do you need to encode your source?
    are you distributing the actual source to end-users?

    i think you are looking for something lie the Zend Encoder and its related products. You can have a look at this here...

    http://www.zend.com/store/products/zend-encoder.php

    it is expensive however. you may be able to find something similar on freeware.


  • Closed Accounts Posts: 1,819 ✭✭✭K!LL!@N


    Yes, we'll be distributing the source to clients but want to maintain our control of the source.
    We don't want the client to be able to alter or reuse the source without our permission.

    Zend Encoder seems pretty expensive.

    Not, that we're not willing to spend money on something worthwhile.

    I've been trying out Source Guardian and ionCube PHP encoder.

    Haven't found any freeware programs that do anything more than obfuscate the code, which is not what we want.

    Killian


  • Registered Users, Registered Users 2 Posts: 25 highonsnow


    I'm looking for some sort of solution myself.

    Although you know there is one way of preventing your clients from modifying your source code, and that's by means of generating an md5 of each file's size, and include it in every pages header.. evaluate the page or die.

    I know they can alter that but if you can encrypt that small few lines of code using an encoder, they can see the source, but not alter it.

    That's one kind of solution.

    You could use an obfuscator too..


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott


    Alternatively, you can go into the Application Service Provider business ;) (this also works for GNU-y stuff)


  • Closed Accounts Posts: 1,819 ✭✭✭K!LL!@N


    I think we've decided to go with IonCube.
    The Zend encoder is ridiculously overpriced, for our needs anyway.
    The $900 is for a 1-year licence, it's over $2500 for a perpetual licence.

    We need to encode the source because certain clients will actually have the source and will run it themselves on their own servers.

    Killian


  • Advertisement
  • Closed Accounts Posts: 19,777 ✭✭✭✭The Corinthian


    I wonder what the effects on server load will be with the extra process of decryption running?


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott


    I wonder what the effects on server load will be with the extra process of decryption running?

    Zend Encoder works by compiling the code into an intermediate binary, somewhat similar to those used by Java and .NET. Modern PHP interpreters speak this binary, and in fact, I think, convert files to it as part of running them. As such, there should be no or negligable performance hit, and possibly even a minor performance rise. I gather IonCube is similar.

    If you use an obfuscator, all bets are off, but then using an obfuscator is a very silly thing to do anyway.


  • Closed Accounts Posts: 1,819 ✭✭✭K!LL!@N


    Yes, IonCube works in a similar way.
    There shouldn't be any performance hit.

    Killian


  • Registered Users, Registered Users 2 Posts: 25 highonsnow


    I found a really cost effective solution to the task. It's called sourcecop.com and at a cost of $10, I definately did not go wrong.

    IonCube and Zend are far too over-rated and commercial. If you want a good solution without breaking the bank, check this out. It's a simple basic program but take a look at what it produces. I notice no speed issues.


  • Closed Accounts Posts: 1,819 ✭✭✭K!LL!@N


    I did find source cop, but something seemed dodgy about it.
    It seemed to be a rip off of ioncube.

    Killian


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,865 ✭✭✭Syth


    K!LL!@N wrote:
    Yes, we'll be distributing the source to clients but want to maintain our control of the source.
    We don't want the client to be able to alter or reuse the source without our permission.
    You can plane the code under a copyright licence that forbids the creation of derivative work and forbids copying. That's a legal solution, not a technical one.

    Though if you giving a copy to the clients, what's to stop them reusing it? You'd need some kind of server side thing (your server) to control use of the code.


  • Closed Accounts Posts: 2,338 ✭✭✭aphex™


    Phtml Coder Pro lets you use a password. Dunno if it works differently to source cop.


  • Closed Accounts Posts: 1,819 ✭✭✭K!LL!@N


    Syth wrote:
    You can plane the code under a copyright licence that forbids the creation of derivative work and forbids copying. That's a legal solution, not a technical one.

    Though if you giving a copy to the clients, what's to stop them reusing it? You'd need some kind of server side thing (your server) to control use of the code.

    The copyright notice wouldn't make a difference.

    Obviously the client will be able to reuse the code for the purpose originally intended, that's fine. They've paid for that.
    What we don't want them doing is chopping up the source and using whatever they like from within it.
    If it's encoded they can use for it's original purpose but they won't be able to take parts of the source for their own use.

    Killian


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott


    highonsnow wrote:
    I found a really cost effective solution to the task. It's called sourcecop.com and at a cost of $10, I definately did not go wrong.

    IonCube and Zend are far too over-rated and commercial. If you want a good solution without breaking the bank, check this out. It's a simple basic program but take a look at what it produces. I notice no speed issues.

    That's obfusication and it's moderately trivial to break.


  • Registered Users, Registered Users 2 Posts: 4,475 ✭✭✭corblimey


    K!LL!@N wrote:
    What we don't want them doing is chopping up the source and using whatever they like from within it.
    If it's encoded they can use for it's original purpose but they won't be able to take parts of the source for their own use.
    Just as a matter of interest, why not? I've developed a lot of php sites and as far as I'm concerned, once you pay for it, it's yours to do with what you will. You screw it up too much, pay me to fix it.

    Any clients I've worked with have always had contracts dictating who owns what at the end of the project. They pay well to gain full control of the source, and I make sure that they know that I might be reusing their code for other projects. Everyone's a winner. I'm surprised your clients haven't already claimed ownership of the code.


  • Closed Accounts Posts: 1,819 ✭✭✭K!LL!@N


    corblimey wrote:
    Just as a matter of interest, why not? I've developed a lot of php sites and as far as I'm concerned, once you pay for it, it's yours to do with what you will. You screw it up too much, pay me to fix it.

    Any clients I've worked with have always had contracts dictating who owns what at the end of the project. They pay well to gain full control of the source, and I make sure that they know that I might be reusing their code for other projects. Everyone's a winner. I'm surprised your clients haven't already claimed ownership of the code.

    Because they're paying to use the code, not the code itself.

    Killian


  • Registered Users, Registered Users 2 Posts: 804 ✭✭✭TimTim


    Hmm you don't happen to work for vBulletin then? :p

    Why don't you look at how they do it. Personally, I'm not exactly sure but this is how I think it goes

    You have a license key, when you set it up to goes to the vBulletin server and auths you.

    How to do that in PHP? No idea, but its just an idea really.


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott


    corblimey wrote:
    Just as a matter of interest, why not? I've developed a lot of php sites and as far as I'm concerned, once you pay for it, it's yours to do with what you will. You screw it up too much, pay me to fix it.

    Any clients I've worked with have always had contracts dictating who owns what at the end of the project. They pay well to gain full control of the source, and I make sure that they know that I might be reusing their code for other projects. Everyone's a winner. I'm surprised your clients haven't already claimed ownership of the code.

    The could sell the code on. That would be unpleasant. If the code contained propietary processes, that would be even worse. If you're not doing anything too interesting (if it's just a CMS or some manner of DB frontend or something) then this prob'ly isn't a big deal.


  • Registered Users, Registered Users 2 Posts: 4,475 ✭✭✭corblimey


    Ah, that might be it. I never do anything interesting in php :D.


  • Hosted Moderators Posts: 7,486 ✭✭✭Red Alert


    you could do a vbulletin job which involves storing the sensitive code inside the database. that way it would take a lot of work to get it out, modify it and put it back in. why can't the client chop out the bits it wants anyway? i'm coding a system at the moment to remove the music management from itunes and do it independently whilst updating my XML file - no harm to apple is it?


  • Advertisement
Advertisement