The only idea i have is not perfect, but would stop people without time on
their hands from getting your code. (But it could be time consuming for you
(but free))
1) make the source code a string
2) encrypt it, (but try use bizzare, unheard of functions so that it takes
longer to work out how to decrypt it)
3) when running the code decrypt it, (use some hash to check the code has
been decrypted ok)
4) eval() the code
If some code was encrypted as above so people didn't have too much of a clue
what was happening.
1) make the code include("httP://www.yoursite.com/code-custid=43824";);
2) maybe cache it on the server for a period of time (otherwise every
execution would hit your server, and performance would certainly drop).
Assuming the code works, doesn't bring in gaping security holes, and
performance doesn't suffer too much then this could be used in a situation,
that if someone doesn't pay renewal of license fess (or you fall out with
them), you can revoke their access to your code.
This would probably work much better if it is a binary from Zend, as people
would have the binary, but without getting the ok from your server then the
binary stops working.
I've used the principle in Visual Basic (where code is compiled so quite
safe), and been able to stop people using my software for ever.
Not tried it in PHP though... If this is a stupid idea, don't shoot me, I've
slept for the 30 hours, and instead of working to get projects finsihed, I'm
answering newsgroups ;-)
I'd be interested to hear what others think anyway
Yours
Mr. Adam ALLEN.
[EMAIL PROTECTED]
http://www.dynamicinteraction.co.uk
> -----Original Message-----
> From: Steven Haryanto [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, May 19, 2001 3:56 PM
> To: Craig Vincent
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: [PHP] hosting "closed" web application for multiple users
>
>
> Actually, We _are_ considering of buying Zend Encoder, but in the
> middle of thinking for alternatives... :-)
>
> However, sometimes vendors do not want user to have access to
> the _binary also_ (and then run it somewhere else), so that needs
> some extra protection other than the Encoder too.
>
> Regards,
> Steve
>
> At 19/05/2001 21:47, Craig Vincent wrote:
> ><snip>
> >2) user cannot trick other root processes to read
> >script.php for her.
> >
> >Is there a better alternative?
> ></snip>
> >
> >Depending on your budget yes there is. Zend has a PHP encoding utility
> >which performs two functions, first off since it needs to run
> through their
> >optimizer your PHP scripts will tend to run faster (at the
> expense of a bit
> >more memory consumption) and also you don't need to worry about
> preventing
> >the source code from being read as the php scripts are converted into a
> >binary executable. License to use these programs are I believe
> around $600
> >per year but offer a wide range of additional features but I
> would consider
> >it well worth it to a company rather than spending countless
> tech hours and
> >security testing to prevent the source from being viewed.
> >
> >http://www.zend.com
> >
> >Sincerely,
> >
> >Craig Vincent
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
