I've watched this thread now I'll comment because it applies to many other

Yes even if you take some steps to protect your code it may still be
distributed, but it WILL be distributed if you don't.

Think about security, as a sysadmin I can't just not apply security updates,
you apply every security update you can even though someone a determined
cracker can still get into your box you eliminate most of the script

Just because you can circumvent something does not mean it is not worth
doing, there is a trade off, security and usability to make something
completely secure you make it completely unusable you need to find a middle
ground with your systems and your code.

As far as banks being robbed, yes they may be robbed but we still lose less
money than if left the vault unlocked and just told people to help


-----Original Message-----
From: Jason Soza [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 13, 2002 4:03 PM
Subject: Re: RE: [PHP] Genus who came up with "Self Destruct Code" &
"Copy Pro tection"

I think the point of all this, and I'm sure I'll be corrected if I've 
misunderstood, you can spend your time encrypting, obfuscating, 
whatever, but either your program will get distributed as-is, reverse 
engineered, etc. If someone wants to do it, they'll do it.

Using your example, sure, you're not going to leave your door unlocked 
because there are a million lock-pickers out there you know could get 
through your lock. But by locking your door, do you feel safe? Someone 
could come in a glass window as easily as they pick your lock. 
Determined thiefs can get around even the biggest doors with the 
biggest locks. Look at all the bank robberies that have taken place 
over the past century.

I guess the bottom line, you can do what you want with your code, but 
that doesn't make it hack-proof (or anti-distributable!).

Jason Soza

----- Original Message -----
Date: Monday, May 13, 2002 1:48 pm
Subject: RE: [PHP] Genus who came up with "Self Destruct Code" & "Copy 
Pro tection"

> Everyone is arguing that these encoders can be
> cracked.  Does anyone know of one, have you done
> it yourself?  How long did it take?  I mean I'm
> not going to leave my door unlocked cuz someone
> can pick it open.
> -----Original Message-----
> From: Miguel Cruz [mailto:[EMAIL PROTECTED]]
> Sent: May 13, 2002 3:29 PM
> To: Udo Giacomozzi
> Subject: Re: [PHP] Genus who came up with "Self
> Destruct Code" & "Copy
> Pro tection"
> On 13 May 2002, Udo Giacomozzi wrote:
> > If the whole thing is designed the right way.
> > A copy protection I like for example are
> dongles. Ok, they are not
> > applicable to PHP and aren't 100% secure either
> [don't want to start a
> > discussion about this now]. But this system
> makes no problems for the
> > people that have the dongle.
> >
> > That was why first came up with this question.
> As a PHP beginner I wanted
> > to know if there are elegant ways to make a
> acceptable copy protection.
> >
> > There seem to be only 3 possibilities:
> > - zend encoder
> > - a code obfuscator like POBS
> > - encrypting the source code and then decrypting
> it in realtime
> All of these have weaknesses. And therefore the
> whole exercise is moot. It
> only takes one person with some free time to break
> your protection
> scheme, and then the cat's out of the bag. Once it
> has been broken, it
> will spread and then it won't matter how complex
> your scheme was.
> I really doubt there is any software out there
> that isn't being traded by
> high-school kids, even if they have no idea what
> it's for. The only
> exceptions would be something so arcane and
> obscure that nobody ever had
> an interest in cracking it.
> miguel

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to