Page 1 of 1
Protecting PHP code
Posted: Mon Apr 05, 2004 10:31 am
by mangosta
I need to know what can I do to protect my PHP code from being seen(better understood) by other users in the server. I have written a rather big aplication in PHP for the school I work for, and I have noticed that someone else is using my files for his software company and even deleting mine.
I thing that some type of encriptation would help me and I want to know if this is possible. I have browsed and found that something related to zend technologies could help me, but I saw this would cost money, and I do not have this resource.
The other solution would be to "compile" all my php scripts, so they are just executables files and use them as C cgis, but I do not know how to accomplish this or if it is even possible. Any information can be of help. Thank You.
Posted: Mon Apr 05, 2004 10:35 am
by ol4pr0
For as i know to get the source code of php, they will need to hack youre computer or server.
However are they deleting youre code on the server ?
There are applications around , on the web ( for which you need to pay) that will encrypt youre php code
You might wanna look around on how you can protect youre computer instead of looking around to protect the src code if you dont have money resources.
Posted: Mon Apr 05, 2004 11:03 am
by lostboy
If the user can hack the server to get at the source code, you have bigger problems than just having your code stolen/hacked/deleted...
Always keep a backup of your code in another (secure) location, that way if something happens, be it server failure or hackers, you can recover. Back up procedures for both code and data [if any] should be a mandatory part of the application planning
Posted: Mon Apr 05, 2004 11:05 am
by magicrobotmonkey
I think hes on a public server or something - is that right? Then good luck! you got to get yourself a private location
Posted: Mon Apr 05, 2004 4:39 pm
by mangosta
You are right. It is like a public server. Windows.
There is no way I can avoid other users to do the operations I mentioned. I obviously have a backup of all data and scripts, so there is really no problem with the guy deleting the things, except the time I have to spend putting things OK again, and I accept my destiny in this sense. What really matters is that I do not want my code being understood neither used by a third party in this unacceptable way. All sugestions about the operational system and that stuff can not be used because it's not my computer I am just an employee and I have to use it that way... Please help!
Posted: Mon Apr 05, 2004 4:54 pm
by ol4pr0
I guess you could do something like this.. to protect the pages ..
not very hardcore but.. ohwell. you could make youre own variables of this ofcourse... make it as hard as you want or.... dificult
Atleast you can do is make it a living hell to edit all the pages.
Code: Select all
$version ='1';
$author = 'you';
if ($author !='you' && $version !='1') {
// do something nasty like deleting the page...
}
else
{
//ran out of ideas
}
Posted: Mon Apr 05, 2004 5:51 pm
by werlop
Have you talked to the guy that's doing this to you? You should point out how much of a f**ker he's being and make sure they know that they are so untalented that they have to steal your hard work.
As your in a school, have you not got the power to speak to someone in the hierarchy above you, eg head teacher or principal and have them deal with the situation.
I would be furious if this was hapenning to me!
Hope you can resolve this situation amicably.
Posted: Mon Apr 12, 2004 10:08 am
by mangosta
I have decided to talk to my boss and try to solve the situation in this way. I hope this can help me.
I have also chenged a lot of variable names and functions so they ar not clear, but this is thing is a little absurd for myself in the development.
Anyway I am thinking of using a C function inside all my files which decripts the code even do I am not clear of how I am really going to do this. Thank everyone for the help...
Posted: Mon Apr 12, 2004 5:51 pm
by llanitedave
Trying to make your code confusing will only hurt you in the long run. Remember, whether anyone is stealing, borrowing it or using it, YOU will have to be the one maintaining it.
I think your best bet is what you're trying to do now -- talk with your administration about getting a more secure setup.
Posted: Mon Apr 12, 2004 6:12 pm
by JAM
Havn't heard of any either, as if someone can see the actual files (you are sharing server/ftp account) there is little to do. The only thing I can think of is to put some verification system deep within the code as hidden as possible, fetch variables set from other parts of the script (can be anything, even a database field) and verifies that using a decifer:
Code: Select all
<?php
$something = 'Hi and welcome to my page.';
echo $scrambled = base64_encode(serialize($something)) . '<br />'; // hard to spot
echo $unscrambled = unserialize(base64_decode($scrambled)); // original
?>
Result:
Code: Select all
czoyNjoiSGkgYW5kIHdlbGNvbWUgdG8gbXkgcGFnZS4iOw==
Hi and welcome to my page.
http://www.ioncube.com/online_encoder.php
Is something abit cheaper than the Zend Encoder, but not entirely free. Worth mentioning tho.
In addition;
http://codelock.co.nz/ is not nearly cheap, but I'd like to mention it also for the sake of other forum users reading this thread.
Good luck to you. Hope it works out okay.
Posted: Sun Jun 06, 2004 9:28 am
by kettle_drum
Could always write a little C program to go through all your files you want to publish and exchange variable names to babble - $hytwjn753jd6f = 'blah' - so then people wouldnt want to use your code then anyway as it would look messy, then you just have the program reverse what it did to your code when you want to add/edit it.
Code: Select all
<?php
function blah($var1, &$var2, $var3 = 0){
//do something here
//and here
return $var;
}
$hmm = 'hello';
$john = 1;
echo "hello".blah($hmm, $john);
?>
to
Code: Select all
<?php function blah($kyr764hstd4hd74, &$fjye5g3gstfdunfds, $d7yh5jwdtdnegcswgs = 0){return $sss74hdsbhfder;}$htydhe875jg63w = 'hello';$jjtyhteydhsg743hs6d = 1;echo "hello".blah($htydhe875jg63w, $jjtyhteydhsg743hs6d);?>
I wouldnt even want to try and mess about wasting my time to see what the second bit of code did, and on bigger real apps it would make it unbariable to go through it. And all this has done is remove any comments and changed all var names - im sure you could make it do more things as well - like move functions about, switch class/function names so it calls like logout() to login etc.
People dont really want to steal code that will hinder them

Posted: Sun Jun 06, 2004 7:28 pm
by launchcode
This isn't cheap, but it will do EXACTLY what you need.
http://www.sourceguardian.com/
Have fun!