1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Encrypt code for 3 party sites to use

Discussion in 'PHP' started by Jargonaut, Feb 19, 2007.

  1. #1
    I would like to allow other websites to run a PHP script that interacts with one of my databases but I don't want the script to be viewable or modifiable in any way. Is this possible without any special installations on the 3rd parties server?

    Any advise would be apreciated.
     
    Jargonaut, Feb 19, 2007 IP
  2. TwistMyArm

    TwistMyArm Peon

    Messages:
    931
    Likes Received:
    44
    Best Answers:
    0
    Trophy Points:
    0
    #2
    If you want NO restrictions / requirements on the setup of the servers that your code will run on, you would need to obfuscate your code. That will generally require your code to adhere to certain standards (eg. no call_user_func stuff, no register globals etc.).

    Other 'real' encryption techniques require a loader of some sort (some much more prevalent than others) on the server...
     
    TwistMyArm, Feb 19, 2007 IP
  3. keiths

    keiths Peon

    Messages:
    109
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I know you said no special installation but I wanted to throw it out there anyway.

    There's 2 programs I know:

    ionCube
    ZendGuard

    They encrypt your code but you need to have a decrypter on the server. The reason why I wanted to post them anyway is because a lot of servers already run Zend Optimizer which is what decrypts ZendGuard.

    ionCube is a very easy decrypter to install on the server.
     
    keiths, Feb 19, 2007 IP
  4. Icheb

    Icheb Peon

    Messages:
    1,092
    Likes Received:
    31
    Best Answers:
    0
    Trophy Points:
    0
    #4
    LOL

    Obfuscation! Joke of the day!
     
    Icheb, Feb 19, 2007 IP
  5. TwistMyArm

    TwistMyArm Peon

    Messages:
    931
    Likes Received:
    44
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Hmm... why do you say that?

    Firstly, if obfuscation is such a joke, what do you suggest with the given restrictions?

    Secondly, encryption WITHOUT obfuscation is a losing proposition, too: there are numerous 'hacks' out there that are designed to read source from memory after encrypted scripts have been decrypted. Hence the reason most of the encryption programs I've seen do obfuscation as well... it seems as though obfuscation is a necessary part of the process (so as to stop reading code straight from memory).

    It can't be 'unobfuscated' automatically, so why is it 'Joke of the day!', exactly?
     
    TwistMyArm, Feb 20, 2007 IP
  6. Dawzz

    Dawzz Active Member

    Messages:
    66
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    50
    #6
    Codelock does a decent job. All of the encryption programs are like doorlocks
    They only keep an honest person honest. If someone wants to get the code and they will spend the time/money they will get it. codelock is by far one of the cheapest options and requires no extra installs on the server.
     
    Dawzz, Feb 20, 2007 IP
  7. Icheb

    Icheb Peon

    Messages:
    1,092
    Likes Received:
    31
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Did you mention encryption before? No? Too bad. It should be obvious why obfuscation ALONE is a JOKE. :rolleyes::rolleyes::rolleyes::rolleyes:
     
    Icheb, Feb 20, 2007 IP
  8. TwistMyArm

    TwistMyArm Peon

    Messages:
    931
    Likes Received:
    44
    Best Answers:
    0
    Trophy Points:
    0
    #8
    No I didn't mention it before, but as I said, the restrictions were 'nothing required on the server'. I don't know of any decent encryption code that requires nothing server side: if the decryption is all done by PHP code, then it's fairly easy to dump the original code. Like I say, I didn't make the restrictions.

    Having said that... it's not up to me to decide why obfuscation is a joke: I asked you to explain why it is, and you still haven't. I'm not baiting you... I'm very curious as to why you would consider obfuscation a joke.

    You say "It should be obvious why obfuscation ALONE is a JOKE." I wonder, if the code is not obfuscated in the first place and post-decryption mem-reading is fairly common, couldn't you just as easily say "It should be obvious why encryption ALONE is a JOKE."

    I really would like to know why you consider it such a joke.
     
    TwistMyArm, Feb 20, 2007 IP
  9. libneiz

    libneiz Peon

    Messages:
    9
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #9
    just offer it as a soap service
     
    libneiz, Feb 20, 2007 IP
  10. Jargonaut

    Jargonaut Peon

    Messages:
    166
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Thanks for all the responses. Does anyone have any idea of the % of servers do have e.g. zend?
     
    Jargonaut, Mar 6, 2007 IP