To encrypt or not to encrypt?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
voodoo9055
Forum Commoner
Posts: 51
Joined: Sat Apr 26, 2003 3:27 pm
Location: Montgomery, AL

To encrypt or not to encrypt?

Post by voodoo9055 »

There has been quite a bit of talk about protecting your scripts on this forum and others, but how do you know when it is appropriate to encrypt your scripts? I would think if your target customers will be other developers/webmasters, then encrypting wouldn't be appropriate because you are providing an engine for them to work with and they can customize it at there leisure, but if you are making a website for someone who don't have web programming experience at all like your basic Joe Smo, then you will encrypt. If I am wrong, someone explain to me why.
penguinboy
Forum Contributor
Posts: 171
Joined: Thu Nov 07, 2002 11:25 am

Post by penguinboy »

If you're charging for a service I assume you'll be hosting it;
so there wouldn't necessarily be any need encryption.

If you're selling a product you have to decide wether or not you want your customers modifying the product.
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

the only reason i would use encryption on scripts is to make sure that the script can only be run on 1 domain per licence.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

A way to implement this: write a little function that queries a webservice (implemented by you) to check if it's the only instance running.....
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Encryption can be useful if you don't want people to modify your code - which can lead to support-nightmares.

Imagine a client who bought a PHP web application from you, then decided to get a coder in to change this that and the other. If that coder knows what he's doing: great. If he doesn't and <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> off (which has happened quite a number of times) with half the money and the application half functioning, the client will call you and tell you that your application is dead. Here go hours on the phone with the client.

Also, if you want to earn money (and yes, at the moment I depend on the money I make from programming), you can put a nice little copyright notice in your code, but you have no way of enforcing that copyright. You rely on people's trustworthiness.
If suddenly a competing product comes on the market which works remarkably similar to yours - hmmm.... you start loosing.

Encryption is simply to keep people from messing with your code as far as I am concerned. Yes, I support Open Source, but the money has to come from somewhere.
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

timvw wrote:A way to implement this: write a little function that queries a webservice (implemented by you) to check if it's the only instance running.....
yea but the client can get another programmer to remove that function from the app :?. and if your "service" goes down, then you will have a very un-happy client.
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

What is the best way to encrypt your code?
Post Reply