Hi All, I have developed a web application in php/mysql and am about to begin distibuting it. Are there any ways of encrypting the php source code effectively? I've seen things like CodeLock and such, but am unsure if this is really effective. Any help greatly appreciated.........
Hi, although Zend is the best one it is a bit pricy in the beginning and not all webhosts have zend optimiser loaded / integrated. Encryption may also limit you distribution potential, as some webmasters will not be inclined to use encrypted code for security reasons. Maybe you can have enough footprints and a copyright notice so that "normal" players will not abuse it....... Just a thought Expat
Very good points expat. I'm neck deep in a project now that’s based on an encrypted script and can emphatically say that I'll never use one again. If I don't get the source it's not going on my servers. The combination of security, support and costs are all factors and having to rely on the script developer for every customization or modification introduces too much delay. Also, if the script firm goes out of business or decides to stop supporting their product I’m hosed. -jay
I've came across many encrypted PHP scripts before and have not found one to date that I couldn't decrypt - if PHP can decrypt it to execute it, then some who knows what they're doing will also be able to decrypt it. Having said this though - if the people using your script are not PHP experts, then the majority of them may not even realise that it's possible to decrypt your code, let alone do so successfully.
Agreed that the majority of users will not even understand how to go about unencrypting it. Depending on if that small percentage that is capable of encrypting, that is where your price factor should come in. KG
A PHP script encoded with Xend encoder will be able to be decrypted with the same "ease" as a normal compiled application with C++. While anything is decryptable technically, it's not going to yield much useable code. In fact, "encrypting" isn't exactly the right word for it, because it's not encryption... the PHP engine does not decrypt it to execute it. Compiling the code is a better term.
Obfuscating - yes, encrypting - no. Think about it - if the web server can decrypt it, anyone else having access to that machine also will be able too. Granted, the encryption key isn't something (hopefully) that is just sitting there in plain view, but hiding the key in the code will not deter a determinted hacker. All high-level languages, such as Java or C#, can be easily reverse-engineered to a greater extent compared with C++ and the likes. I never used compiled PHP, but unless it produces machine codes (e.g. a DSO or a DLL), it can be reverse-engineered to pretty much original code, minus original function and variable names, which is not much of a discouragement for someone who wants to steal the code. J.D.
Hi All, Thanks for the input........ My reasons were quite simple....... I need something to obfusicate the code to attempt to ensure that the normal IT Boff (If such a beast exists) could not copy / read it (Essentially, generating a competitor) I have no issues with a serious php coder making headway into the code.... He / she could probably write the system in 2 weeks flat. After lots of thought, I think I'm just going to use CodeLock. Thanks for all your help and insight here. Cheers
your thank you and openness why you wish to go this route are much appreciated. Best of luck with your undertaking Expat
Has anyone tried "decrypting" btw? I mean Zend here... not exactly trying something "naughty" here but you can never be too old to experiment