On Wednesday 15 May 2002 03:24, 1LT John W. Holmes wrote:

> > Does anyone see any flaws in this?
> As long as you realize that any method like this is just going to be
> retrieving a string, basically. You don't get any PHP code back, you just
> get the results of the PHP code. So in your example, you get a one
> dimensional array with $result[0] = 2.

A string is all you need. That's the whole point, you don't want to return any 
code. One can serialize a whole array and return that as well.

> I don't see any benifit of doing it this way. 

The benefit is that code which is crucial to the operation of the app is 
hidden away from prying eyes.

> What do you expect to recieve
> back that they can't duplicate on their end? 

Results from a db query? Or html code to print a table of results? I'm sure 
you could think of more :)

> Whatever you recieve back is
> probably going into an IF statement, so they just remove the condition and
> say if(1), or put their own condition in...

Obviously if you were going to such lengths to protect your code you would 
structure it so that it wouldn't be as easy as that to circumvent.

Note I'm not advocating the use of such techniques. I'm just musing on the 
technical feasibilities of such a scheme.

Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

Daemon escaped from pentagram

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to