Thoughts on obvusicating code?

I've had a php/mysql script created that I would like to sell but am concerned that anyone could then 'steal' the code. What are your thoughts about obfuscating the code? I'm sure it will put some people off, especially as the script requires cpanel usernames and passwords to be entered so I guess some people will be worried about the credentials being stolen.

What do you suggest? Should I just use a license key and hope for the best or obfuscate the code?

Thanks in anticipation,
Benz1

 

I think obfuscation of PHP code is quite useless. I've never come across it, nor have I ever used it.

 

Well, it will certainly put people off, and some people certainly will decrypt the code and remove your check function IF your script gets that popular.
You, of course, have to calculate that into the cost when selling your script. I wouldn't worry too much about it, if you're just starting out.

 

So not much point obfuscating the code then. I guess there's no point worrying about it, if someone was that keen to rip it off they could reverse engineer it anyway.

Thanks.

 

I'd look at it this way: large web software like this forum, vBulletin and others, as far as I'm aware, don't obfuscate their code; granted they have access to good lawyers, no doubt.

 

Hi,

There are a few things to consider - are you looking to just deter a typical web-user or really protect your product?

To deter a typical web-user, obfuscation can help - further to that compact the code to make it even more unreadable, you can bas64 encode strings within the code and base64 encode the whole script - perhaps with letter (typicall vowel-number) swapping --> all of this would stop the majority of attacks.
Remember all this will typically add to the size of a project and execution time, as all the layers you add have to be undone before the code can execute.

For serious protection, you can ioncube or zend encode it - this will cost you money, but I have to say, can still be decoded, but is harder - they need to have the tools or pay someone (typically per file - hint encode many files!!)

I'm unsure what your product is, I work with physical and software products myself - if someone wants to hack it or replicate it, they will - it's just down to how much would it cost to reverse engineer it compared to how much to create it from scratch.

I actually do quite a bit of hacking/cracking/decoding of physical and software products - not for profit nor to replicate, but to discover the best ways that I can protect my own stuff from such attacks.

One method I've used is to retain some key functionality on my own server, so the client code calls in to collect something or have something done.
You can control this many ways and protects your key functions - if it gets shared or stolen, they're just getting a client shell that you can detect and deny

Hope that helps?

Si

 

Interesting points SiJz. I suppose the main deliberation is who your target is. If you're freelancing and creating software for a client, this issue is redundant. However, if you program with the aim of selling multiple copies to a wide audience and market, protection becomes more prominent.

 

That not what I meant...I'd go with it (obfuscating the code).
The average joe won't go and mess with your code.

So unless like I mentioned, it becomes popular enough that someone experience will do it.
And if it becomes popular, you should be making some good money by then.

Of course if you do encode your code, it could put some people off who want to develop off your code or make plugins/add-ons for it.

 

That is true, but vBulletin has grown so big that they can probably afford to eat the % cost of those who don't use it.
But yes, I do agree, as I developer I like looking through the code as well but the average person probably wouldn't.