RE: [PHP] PHP Source code protection
On Thu, February 7, 2008 8:35 pm, Andrés Robinet wrote: 1 - I believe the fact that we don't encode (read compile) our scripts is tightly related to the fact that we don't have a bytecode interpreter (say JIT compiler or something?) bundled into PHP. Er. PHP has a bytecode interpreter in the Zend Engine... That's kinda what it *does* It's not a JIT, however, at this time, though there's always talk on internals@ about making it more and more JIT-like. The various caching mechanisms (Zend Cache Accelerator, APC, etc) all store the bytecode version of the PHP script, not the original source. This provides a TINY performance benefit, which is completely dwarfed by not hitting the hard disk to read the PHP script, and costs almost nothing since it's basically the difference between this psuedo C code: . . . script = fread(fp, 10); cache(script); bytecode = parse(script); . . . and this: . . . script = fread(fp, 10); bytecode = parse(script); cache(bytecode); . . . You can rely on the bytecode interpreter being there, as that's what the Zend Engine *is*. This does not necessarily make your other points invalid -- but they cannot be based around the [incorrect] facts you stated. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On 2/7/08, Daniel Brown [EMAIL PROTECTED] wrote: Because who's to say you're selling to one client? If it's your Intellectual Property, wouldn't you want to protect it, at least as much as possible? No, I think protecting software in any way is a waste if resources, especially software you plan to sell to someone. Prohibiting the buyer from making changes to software they purchased has zero gains for anyone involved. If I did want to protect some software I wrote, and I was willing to pay money to do so, I would want to use something much more capable than the Zend Encoder. In principle I'd at least want something that costs less than it's equivalent decoder. -- Greg Donald http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
Greg Donald wrote: Deductive reasoning leads to two possible options: 1) Don't give the code to anyone. 2) Give the code to the client and accept the fact that it may get pirated. Yep, that's all there is to it. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
Casey wrote: Why not just translate it to C#? Personally I'd just go for C - that way I can just distribute a binary and be done with it. No runtime, no JVM, no mono etc. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
accept the fact that it may get pirated. It may do. But there's nothing wrong with making it as hard as possible to do so. Most people have better things to do than try to reverse engineer a piece of code. Consider: 1. People who buy code will generally do so to solve a problem that they have in the process of making money. 2. Reverse engineering takes time, and therefore diverts their attention away from the process of making money. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and Helpdesk software for £299 hosted for you - no installation, no maintenance, new features automatic and free ** New Helpdesk demo now available ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
John Taylor-Johnston wrote: I'm not sure where PHP stands on this politically. But I believe in Open Source, which allows you to encode your code. But why? At heart I'm a purist GNU. Stallman was right when he first tried to fix a faulty printer. I too believe in Open Source, but there are times when the only way to protect your competitive advantage is to hide your code. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
Richard Lynch wrote: After you get your PHP code all worked out, re-write it as a custom PHP extension -- or even just the core of it, and send them a .so or .dll to install. Interesting option. Does require more effort, but if you rewrite the whole thing in C, you might gain some performance too. Of course, once you've done that, you might even leave PHP out of it, and just run it as a binary. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
Greg Donald wrote: On 2/6/08, Richard Heyes [EMAIL PROTECTED] wrote: There's the Zend Encoder at www.zend.com. Though it may be called something else now. Pointless. http://www.phprecovery.com/ Pointless? I think it is exactly the answer to the original persons question. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and Helpdesk software for £299 hosted for you - no installation, no maintenance, new features automatic and free -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On Feb 7, 2008 1:50 AM, Richard Heyes [EMAIL PROTECTED] wrote: Greg Donald wrote: On 2/6/08, Richard Heyes [EMAIL PROTECTED] wrote: There's the Zend Encoder at www.zend.com. Though it may be called something else now. Pointless. http://www.phprecovery.com/ Pointless? I think it is exactly the answer to the original persons question. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and Helpdesk software for £299 hosted for you - no installation, no maintenance, new features automatic and free Why not just translate it to C#? -- -Casey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On 2/7/08, Richard Heyes [EMAIL PROTECTED] wrote: http://www.phprecovery.com/ Pointless? I think it is exactly the answer to the original persons question. Yup, it's the exact correct answer, to a pointless question. Even Zend knows it's pointless to encode PHP. When you type decode php into Google you see ads for the Zend Encoder. Does that tell you anything? Encoding PHP, or licensing it, or compiling it to an extension, or any other silly obfuscation ideas you come up with, in the end, only keeps an honest person honest. If someone wants to reverse code that you have put in their possession, they will find a way. Deductive reasoning leads to two possible options: 1) Don't give the code to anyone. 2) Give the code to the client and accept the fact that it may get pirated. -- Greg Donald http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On 2/7/08, Daniel Brown [EMAIL PROTECTED] wrote: Actually, Greg, I respectfully disagree. First, just because there may be ways to reverse-engineer things doesn't mean it's a bad idea to attempt to protect your code against such. Why would you encode to start with? The only reason I can think of is because you don't trust your client. So why are you doing business with people you don't trust? I know that people can smash in the windows of my Durango and steal my equipment, but I still lock it when I park it and go into the store. Why? Because I don't want to make things easy enough for someone to be tempted to take something. I know that if they want something badly enough, they'll take it but I'm just not going to make it that easy. That's my whole point. Honest people aren't gonna steal your code anyway. Trying to prevent them from making a simple change when you're not around is pointless. Would you have bought that Durango if the hood had been welded shut? I'm guessing you're not a mechanic, so you'll _never_ need to raise the hood, right? What about when you come out of the grocery store and there's a hot blonde who needs a jump because she forgot and left her lights on before she went in? And if Zend considered it pointless, they probably would no longer attempt to further develop - nor put their name on the line to Oh please, Zend isn't the first company to ever create useless software. Creation, in no way, proves usefulness. sell - the product line. By definition, pointless means I know where dictionary.com is, thanks :) It also keeps script kiddies from typing decode php into Google and being able to pull one over. I fail to see how Zend adding decode into their list of Google Adwords keeps script kiddies from doing anything. I used the Google Adwords example as confirmation Zend is well aware of existing decoders. While industry standards may not be the lock that cannot be picked, proprietary obfuscation will keep people who don't know what they're doing out of your code --- and if If you're paid to write code then write code, and then when you're done give them the code and collect your money. They paid for the code so why do you think you still own rights to it? they possess the acumen and free time to be able to reverse-engineer the code themselves, I honestly don't know why they'd pay someone to develop the application in PHP for them in the first place. I honestly don't know where you find clients so dumb that they who would put up with not getting full source code for a paid project. -- Greg Donald http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On Feb 7, 2008 4:56 PM, Greg Donald [EMAIL PROTECTED] wrote:
On 2/7/08, Richard Heyes [EMAIL PROTECTED] wrote:
http://www.phprecovery.com/
Pointless? I think it is exactly the answer to the original persons
question.
Yup, it's the exact correct answer, to a pointless question.
Even Zend knows it's pointless to encode PHP. When you type decode
php into Google you see ads for the Zend Encoder. Does that tell you
anything?
Actually, Greg, I respectfully disagree. First, just because
there may be ways to reverse-engineer things doesn't mean it's a bad
idea to attempt to protect your code against such. I know that people
can smash in the windows of my Durango and steal my equipment, but I
still lock it when I park it and go into the store. Why? Because I
don't want to make things easy enough for someone to be tempted to
take something. I know that if they want something badly enough,
they'll take it but I'm just not going to make it that easy.
And if Zend considered it pointless, they probably would no
longer attempt to further develop - nor put their name on the line to
sell - the product line. By definition, pointless means Lacking
meaning; senseless. Ineffectual: pointless attempts to rescue the
victims of the raging fire.[1] I fail to see the correlation here;
Zend is aware that there are ways to decode their method of
obfuscation (any and all are trivial, really), but admitting defeat is
failure in this case. That, in my opinion, is pointless.
Encoding PHP, or licensing it, or compiling it to an extension, or any
other silly obfuscation ideas you come up with, in the end, only keeps
an honest person honest. If someone wants to reverse code that you
have put in their possession, they will find a way.
It also keeps script kiddies from typing decode php into Google
and being able to pull one over. While industry standards may not be
the lock that cannot be picked, proprietary obfuscation will keep
people who don't know what they're doing out of your code --- and if
they possess the acumen and free time to be able to reverse-engineer
the code themselves, I honestly don't know why they'd pay someone to
develop the application in PHP for them in the first place.
Deductive reasoning leads to two possible options:
1) Don't give the code to anyone.
2) Give the code to the client and accept the fact that it may get pirated.
I completely agree with you here. I'll also add the same thing I
always tell people when they ask me about security: any time there is
a way to connect to a device over the wire or otherwise, the data will
never be secure.
That stands for ASP (Application Service Providers, in this case -
the only *decent* ASP there is! ;-P) as well.
[1] - http://www.answers.com/pointlessr=67
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On Feb 7, 2008 6:20 PM, Greg Donald [EMAIL PROTECTED] wrote: On 2/7/08, Daniel Brown [EMAIL PROTECTED] wrote: Actually, Greg, I respectfully disagree. First, just because there may be ways to reverse-engineer things doesn't mean it's a bad idea to attempt to protect your code against such. Why would you encode to start with? The only reason I can think of is because you don't trust your client. So why are you doing business with people you don't trust? Because who's to say you're selling to one client? If it's your Intellectual Property, wouldn't you want to protect it, at least as much as possible? I know that people can smash in the windows of my Durango and steal my equipment, but I still lock it when I park it and go into the store. Why? Because I don't want to make things easy enough for someone to be tempted to take something. I know that if they want something badly enough, they'll take it but I'm just not going to make it that easy. That's my whole point. Honest people aren't gonna steal your code anyway. Trying to prevent them from making a simple change when you're not around is pointless. No, but it does allow for a better contract stating something along the lines of, in order to maintain a valid warranty, all updates must be done by Company XYZ, at a fee of $n. However, I'll agree to the point that, if you're selling something once-off to a client, then it's ludicrous to encode the software. However, it still doesn't make the practice of encoding pointless. Would you have bought that Durango if the hood had been welded shut? I'm guessing you're not a mechanic, so you'll _never_ need to raise the hood, right? What about when you come out of the grocery store and there's a hot blonde who needs a jump because she forgot and left her lights on before she went in? That's like comparing apples to vaginas. There's no similarity between the two unless you *really* look for it and make a lot of concessions. I may never need to look under the hood, but a qualified mechanic - as so designated in the vehicle owner's manual, contract, and warranty specifications (relate this to my first paragraph) - will need access to the engine compartment. In my case, it would be the dealer --- who is employed by the manufacturer of the code --- err, car. ;-P And if that hot blonde is there, I'll ask first if she likes apples. And if Zend considered it pointless, they probably would no longer attempt to further develop - nor put their name on the line to Oh please, Zend isn't the first company to ever create useless software. Creation, in no way, proves usefulness. Exactly. Humankind is a perfect example. Nonetheless, now you're going on a separate tangent. sell - the product line. By definition, pointless means I know where dictionary.com is, thanks :) Cool. I wasn't sure, because I thought you'd have used it prior to using the term pointless incorrectly. ;-P (Note: my smartass remarks are only joking around, I'm not attacking you in any way. I just really enjoy a debate.) It also keeps script kiddies from typing decode php into Google and being able to pull one over. I fail to see how Zend adding decode into their list of Google Adwords keeps script kiddies from doing anything. I used the Google Adwords example as confirmation Zend is well aware of existing decoders. Yes, and I used the same phrase for searching as an example of for what even a low-level cracker would first search. It doesn't mean that Zend is or isn't aware of the existence. So this part, to me, seems baseless and unrelated to the overall discussion, but feel free to re-explain if my brain isn't grabbing hold properly. While industry standards may not be the lock that cannot be picked, proprietary obfuscation will keep people who don't know what they're doing out of your code --- and if If you're paid to write code then write code, and then when you're done give them the code and collect your money. They paid for the code so why do you think you still own rights to it? Again, I agree wholeheartedly, save for two situations: 1.) Multiple customers, such as an off-the-shelf script being sold. 2.) Contract retention. While the document should legally protect your interests, your adding *A BENEFIT* to your product for the client: deniability. If a huge bug is discovered in your scripts that costs the client $10,000, they can turn around and say, well, we didn't touch the code because we couldn't, so the bug was already there. However, with that risk comes the benefit of being granted exclusive contracts for continued support on the scripts. they possess the acumen and free time to be able to reverse-engineer the code themselves, I honestly don't know why they'd pay someone to develop the application in PHP for them in the first place. I honestly don't know where you find clients so
RE: [PHP] PHP Source code protection
-Original Message- From: Daniel Brown [mailto:[EMAIL PROTECTED] Sent: Thursday, February 07, 2008 7:10 PM To: Greg Donald Cc: php-general@lists.php.net Subject: Re: [PHP] PHP Source code protection On Feb 7, 2008 6:20 PM, Greg Donald [EMAIL PROTECTED] wrote: On 2/7/08, Daniel Brown [EMAIL PROTECTED] wrote: Actually, Greg, I respectfully disagree. First, just because there may be ways to reverse-engineer things doesn't mean it's a bad idea to attempt to protect your code against such. Why would you encode to start with? The only reason I can think of is because you don't trust your client. So why are you doing business with people you don't trust? Because who's to say you're selling to one client? If it's your Intellectual Property, wouldn't you want to protect it, at least as much as possible? I know that people can smash in the windows of my Durango and steal my equipment, but I still lock it when I park it and go into the store. Why? Because I don't want to make things easy enough for someone to be tempted to take something. I know that if they want something badly enough, they'll take it but I'm just not going to make it that easy. That's my whole point. Honest people aren't gonna steal your code anyway. Trying to prevent them from making a simple change when you're not around is pointless. No, but it does allow for a better contract stating something along the lines of, in order to maintain a valid warranty, all updates must be done by Company XYZ, at a fee of $n. However, I'll agree to the point that, if you're selling something once-off to a client, then it's ludicrous to encode the software. However, it still doesn't make the practice of encoding pointless. Would you have bought that Durango if the hood had been welded shut? I'm guessing you're not a mechanic, so you'll _never_ need to raise the hood, right? What about when you come out of the grocery store and there's a hot blonde who needs a jump because she forgot and left her lights on before she went in? That's like comparing apples to vaginas. There's no similarity between the two unless you *really* look for it and make a lot of concessions. I may never need to look under the hood, but a qualified mechanic - as so designated in the vehicle owner's manual, contract, and warranty specifications (relate this to my first paragraph) - will need access to the engine compartment. In my case, it would be the dealer --- who is employed by the manufacturer of the code --- err, car. ;-P And if that hot blonde is there, I'll ask first if she likes apples. And if Zend considered it pointless, they probably would no longer attempt to further develop - nor put their name on the line to Oh please, Zend isn't the first company to ever create useless software. Creation, in no way, proves usefulness. Exactly. Humankind is a perfect example. Nonetheless, now you're going on a separate tangent. sell - the product line. By definition, pointless means I know where dictionary.com is, thanks :) Cool. I wasn't sure, because I thought you'd have used it prior to using the term pointless incorrectly. ;-P (Note: my smartass remarks are only joking around, I'm not attacking you in any way. I just really enjoy a debate.) It also keeps script kiddies from typing decode php into Google and being able to pull one over. I fail to see how Zend adding decode into their list of Google Adwords keeps script kiddies from doing anything. I used the Google Adwords example as confirmation Zend is well aware of existing decoders. Yes, and I used the same phrase for searching as an example of for what even a low-level cracker would first search. It doesn't mean that Zend is or isn't aware of the existence. So this part, to me, seems baseless and unrelated to the overall discussion, but feel free to re-explain if my brain isn't grabbing hold properly. While industry standards may not be the lock that cannot be picked, proprietary obfuscation will keep people who don't know what they're doing out of your code --- and if If you're paid to write code then write code, and then when you're done give them the code and collect your money. They paid for the code so why do you think you still own rights to it? Again, I agree wholeheartedly, save for two situations: 1.) Multiple customers, such as an off-the-shelf script being sold. 2.) Contract retention. While the document should legally protect your interests, your adding *A BENEFIT* to your product for the client: deniability. If a huge bug is discovered in your scripts that costs the client $10,000, they can turn around and say, well, we didn't touch the code because we couldn't, so the bug was already there. However, with that risk comes the benefit of being granted
[PHP] PHP Source code protection
Hi, I'm building a C# application that connects to a server that has PHP scripts on it. We need to deliver the complete solution to a firm, the C# is no problem because it is compiled... But PHP is a problem bacause it is interpreted and we will have to deliver pure, unprotected script... Is htere a way to secoure my code so when they put it on the server, they can't see it! Thank You! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
I'm building a C# application that connects to a server that has PHP scripts on it. We need to deliver the complete solution to a firm, the C# is no problem because it is compiled... But PHP is a problem bacause it is interpreted and we will have to deliver pure, unprotected script... Is htere a way to secoure my code so when they put it on the server, they can't see it! There's the Zend Encoder at www.zend.com. Though it may be called something else now. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and Helpdesk software for £299 hosted for you - no installation, no maintenance, new features automatic and free -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Source code protection
zend encoder? http://sourceforge.net/projects/php-screw/ google for more bastien To: php-general@lists.php.net From: [EMAIL PROTECTED] Date: Wed, 6 Feb 2008 12:28:12 +0100 Subject: [PHP] PHP Source code protection Hi, I'm building a C# application that connects to a server that has PHP scripts on it. We need to deliver the complete solution to a firm, the C# is no problem because it is compiled... But PHP is a problem bacause it is interpreted and we will have to deliver pure, unprotected script... Is htere a way to secoure my code so when they put it on the server, they can't see it! Thank You! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _
Re: [PHP] PHP Source code protection
See also: http://www.ioncube.com/ - Original Message - From: Bastien Koert [EMAIL PROTECTED] To: Zoran Bogdanov [EMAIL PROTECTED]; php-general@lists.php.net Sent: Wednesday, February 06, 2008 2:27 PM Subject: RE: [PHP] PHP Source code protection zend encoder? http://sourceforge.net/projects/php-screw/ google for more bastien To: php-general@lists.php.net From: [EMAIL PROTECTED] Date: Wed, 6 Feb 2008 12:28:12 +0100 Subject: [PHP] PHP Source code protection Hi, I'm building a C# application that connects to a server that has PHP scripts on it. We need to deliver the complete solution to a firm, the C# is no problem because it is compiled... But PHP is a problem bacause it is interpreted and we will have to deliver pure, unprotected script... Is htere a way to secoure my code so when they put it on the server, they can't see it! Thank You! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
Is htere a way to secoure my code so when they put it on the server, they can't see it! Short answer: NO Long answer NO, but: There are some products that claim they protect your code, but they all basicly rely on security through obscurity. A principle that is often frowned upon by security experts. All those products make the code harder to read, but the code is still there becouse the server has to run it. It all comes down to these questions: How much do you trust your clients? How important is your code to you? If your code is some basic accounting database or something, just make it clear to your clients that they are not allowed to re-use the code (put a licence on top of each file). If you are ashamed of your crappy code, use something like PHP Encoder to hide this from your clients. It will probably hide all the curse word in your comments for example. If you really do use some hight tech, top secret NSA crypto code. Stop distributing your code. If someone can run your code, he/she can view, modify and copy your code. All you can do is make it harder, but if your code is valuable enough, someone will reverse engineer it. Floor Terra -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On Feb 6, 2008 11:13 AM, C.R.Vegelin [EMAIL PROTECTED] wrote:
- Original Message -
From: Bastien Koert [EMAIL PROTECTED]
zend encoder?
http://sourceforge.net/projects/php-screw/
google for more
See also:
http://www.ioncube.com/
All good ideas. And in the case of Zend (and, to a lesser degree,
Ioncube), all industry standards. The problem is, decoding/decrypting
of the files has been done with some success, so if it's that big of a
deal, consider writing your own PHP module to decode your own
proprietary encoding.
Bottom line: if all you want to do is hide the source from
prying eyes, use one of the suggestions you've received from others.
Of those, I'd endorse Zend Encoder.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On 2/6/08, Richard Heyes [EMAIL PROTECTED] wrote: There's the Zend Encoder at www.zend.com. Though it may be called something else now. Pointless. http://www.phprecovery.com/ -- Greg Donald http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On 2/6/08, Greg Donald [EMAIL PROTECTED] wrote: On 2/6/08, Richard Heyes [EMAIL PROTECTED] wrote: There's the Zend Encoder at www.zend.com. Though it may be called something else now. Pointless. http://www.phprecovery.com/ http://www.zendecode.com/ I'm sure there are others. -- Greg Donald http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
On Wed, February 6, 2008 5:28 am, Zoran Bogdanov wrote: I'm building a C# application that connects to a server that has PHP scripts on it. We need to deliver the complete solution to a firm, the C# is no problem because it is compiled... But PHP is a problem bacause it is interpreted and we will have to deliver pure, unprotected script... Is htere a way to secoure my code so when they put it on the server, they can't see it! A clear license will go a lot farther than some technology here... That said, there is the Zend Encoder and the ???Priada Blender??? or somesuch. If you Google for those, you should find more solutions as well in comparisons and archives. One other option. After you get your PHP code all worked out, re-write it as a custom PHP extension -- or even just the core of it, and send them a .so or .dll to install. Note that unless it's something REALLY special, it's faster and easier for somebody to reverse engineer it just from the behaviour than to bother to crack your code with a debugger and dis-assembler. And if it IS that tricky, somebody with enough time/energy CAN dis-assemble it and figure it out if they want to badly enough. So, to come back to the original statement: If you just want to keep honest people honest, a clear license that says exactly what they can and can't do with the code is all you need, and a lot easier for integration. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Source code protection
I'm not sure where PHP stands on this politically. But I believe in Open Source, which allows you to encode your code. But why? At heart I'm a purist GNU. Stallman was right when he first tried to fix a faulty printer. * The freedom to run the program, for any purpose (freedom 0). * The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this. * The freedom to redistribute copies so you can help your neighbor (freedom 2). * The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this. Thankfully there is little that cannot be reversed engineered. If you want to keep the recipe, host it yourself and let others use an interface. This is stepping in a nest of hornets. :p C.R.Vegelin wrote: See also: http://www.ioncube.com/ - Original Message - From: Bastien Koert [EMAIL PROTECTED] To: Zoran Bogdanov [EMAIL PROTECTED]; php-general@lists.php.net Sent: Wednesday, February 06, 2008 2:27 PM Subject: RE: [PHP] PHP Source code protection zend encoder? http://sourceforge.net/projects/php-screw/ google for more bastien To: php-general@lists.php.net From: [EMAIL PROTECTED] Date: Wed, 6 Feb 2008 12:28:12 +0100 Subject: [PHP] PHP Source code protection Hi, I'm building a C# application that connects to a server that has PHP scripts on it. We need to deliver the complete solution to a firm, the C# is no problem because it is compiled... But PHP is a problem bacause it is interpreted and we will have to deliver pure, unprotected script... Is htere a way to secoure my code so when they put it on the server, they can't see it! Thank You! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
