Well, I promise you that I can re-activate any solely PHP-based 
remote killswitch in a matter of minutes - maybe hours if the person was 
really good. It's just too easy when you have the source code for the 

Likewise the only truly effective PHP encoder would be one that created 
confusion by scrambling all the variable names to be names of my former 
girlfriends. Anything else is just like working with bad code from a 
contractor or junior employee - run it through the prettyprinter, open up 
a Dr. Pepper, and "be the PHP interpreter" for a while.

Coming up with robust code protection is a very very challenging task. You 
spend a long time working out a scheme, then someone figures it out, and 
you have to start over again - everything "protected" by your previous 
scheme is now out in the open.

Much better to focus on the legal side of it. If you really don't think 
you're going to be able to police the use of your code, to a degree that 
piracy is going to cost you more than your time is worth, you should be 
looking for a new set of clients.


On Mon, 13 May 2002, SP wrote:
> Everyone is arguing that these encoders can be
> cracked.  Does anyone know of one, have you done
> it yourself?  How long did it take?  I mean I'm
> not going to leave my door unlocked cuz someone
> can pick it open.
> -----Original Message-----
> From: Miguel Cruz [mailto:[EMAIL PROTECTED]]
> Sent: May 13, 2002 3:29 PM
> To: Udo Giacomozzi
> Subject: Re: [PHP] Genus who came up with "Self
> Destruct Code" & "Copy
> Pro tection"
> On 13 May 2002, Udo Giacomozzi wrote:
> > If the whole thing is designed the right way.
> > A copy protection I like for example are
> dongles. Ok, they are not
> > applicable to PHP and aren't 100% secure either
> [don't want to start a
> > discussion about this now]. But this system
> makes no problems for the
> > people that have the dongle.
> >
> > That was why first came up with this question.
> As a PHP beginner I wanted
> > to know if there are elegant ways to make a
> acceptable copy protection.
> >
> > There seem to be only 3 possibilities:
> > - zend encoder
> > - a code obfuscator like POBS
> > - encrypting the source code and then decrypting
> it in realtime
> All of these have weaknesses. And therefore the
> whole exercise is moot. It
> only takes one person with some free time to break
> your protection
> scheme, and then the cat's out of the bag. Once it
> has been broken, it
> will spread and then it won't matter how complex
> your scheme was.
> I really doubt there is any software out there
> that isn't being traded by
> high-school kids, even if they have no idea what
> it's for. The only
> exceptions would be something so arcane and
> obscure that nobody ever had
> an interest in cracking it.
> miguel
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit:
> http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to