1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

php source script encryption / obfusication

Discussion in 'PHP' started by HolyMan, Feb 8, 2005.

  1. #1
    Hi All,

    I have developed a web application in php/mysql and am about to begin distibuting it.

    Are there any ways of encrypting the php source code effectively?

    I've seen things like CodeLock and such, but am unsure if this is really effective.

    Any help greatly appreciated.........
     
    HolyMan, Feb 8, 2005 IP
  2. classifieds

    classifieds Sopchoppy Flash

    Messages:
    825
    Likes Received:
    51
    Best Answers:
    0
    Trophy Points:
    150
    #2
    classifieds, Feb 8, 2005 IP
  3. expat

    expat Stranger from a far land

    Messages:
    873
    Likes Received:
    18
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Hi,

    although Zend is the best one it is a bit pricy in the beginning and not all webhosts have zend optimiser loaded / integrated.

    Encryption may also limit you distribution potential, as some webmasters will not be inclined to use encrypted code for security reasons.

    Maybe you can have enough footprints and a copyright notice so that "normal" players will not abuse it.......

    Just a thought
    Expat
     
    expat, Feb 8, 2005 IP
  4. classifieds

    classifieds Sopchoppy Flash

    Messages:
    825
    Likes Received:
    51
    Best Answers:
    0
    Trophy Points:
    150
    #4
    Very good points expat.

    I'm neck deep in a project now that’s based on an encrypted script and can emphatically say that I'll never use one again. If I don't get the source it's not going on my servers.

    The combination of security, support and costs are all factors and having to rely on the script developer for every customization or modification introduces too much delay. Also, if the script firm goes out of business or decides to stop supporting their product I’m hosed.

    -jay
     
    classifieds, Feb 8, 2005 IP
  5. norfstar

    norfstar Peon

    Messages:
    1,154
    Likes Received:
    62
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I've came across many encrypted PHP scripts before and have not found one to date that I couldn't decrypt - if PHP can decrypt it to execute it, then some who knows what they're doing will also be able to decrypt it.

    Having said this though - if the people using your script are not PHP experts, then the majority of them may not even realise that it's possible to decrypt your code, let alone do so successfully.
     
    norfstar, Feb 8, 2005 IP
  6. Pen Tongue

    Pen Tongue Grunt

    Messages:
    78
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Pen Tongue, Feb 8, 2005 IP
  7. Eadz

    Eadz Peon

    Messages:
    108
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #7
    also mmcache has a free encryption plugin, free.
     
    Eadz, Feb 8, 2005 IP
  8. keywordguru

    keywordguru Peon

    Messages:
    206
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Agreed that the majority of users will not even understand how to go about unencrypting it. Depending on if that small percentage that is capable of encrypting, that is where your price factor should come in.
    KG
     
    keywordguru, Feb 8, 2005 IP
  9. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,333
    Likes Received:
    2,613
    Best Answers:
    462
    Trophy Points:
    710
    Digital Goods:
    29
    #9
    A PHP script encoded with Xend encoder will be able to be decrypted with the same "ease" as a normal compiled application with C++. While anything is decryptable technically, it's not going to yield much useable code.

    In fact, "encrypting" isn't exactly the right word for it, because it's not encryption... the PHP engine does not decrypt it to execute it. Compiling the code is a better term.
     
    digitalpoint, Feb 8, 2005 IP
  10. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    65
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Obfuscating - yes, encrypting - no. Think about it - if the web server can decrypt it, anyone else having access to that machine also will be able too. Granted, the encryption key isn't something (hopefully) that is just sitting there in plain view, but hiding the key in the code will not deter a determinted hacker.

    All high-level languages, such as Java or C#, can be easily reverse-engineered to a greater extent compared with C++ and the likes. I never used compiled PHP, but unless it produces machine codes (e.g. a DSO or a DLL), it can be reverse-engineered to pretty much original code, minus original function and variable names, which is not much of a discouragement for someone who wants to steal the code.

    J.D.
     
    J.D., Feb 8, 2005 IP
  11. HolyMan

    HolyMan Peon

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Hi All,

    Thanks for the input........

    My reasons were quite simple....... I need something to obfusicate the code to attempt to ensure that the normal IT Boff (If such a beast exists) could not copy / read it (Essentially, generating a competitor)

    I have no issues with a serious php coder making headway into the code.... He / she could probably write the system in 2 weeks flat.

    After lots of thought, I think I'm just going to use CodeLock.

    Thanks for all your help and insight here.

    Cheers
     
    HolyMan, Feb 10, 2005 IP
  12. expat

    expat Stranger from a far land

    Messages:
    873
    Likes Received:
    18
    Best Answers:
    0
    Trophy Points:
    0
    #12
    your thank you and openness why you wish to go this route are much appreciated.

    Best of luck with your undertaking

    Expat[​IMG]
     
    expat, Feb 10, 2005 IP
  13. frud0

    frud0 Peon

    Messages:
    25
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #13
    Has anyone tried "decrypting" btw? I mean Zend here... not exactly trying something "naughty" here but you can never be too old to experiment ;)
     
    frud0, Feb 20, 2005 IP