[poll] Program only works if registered

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Would you mind if part of the non-essential source code was encrypted?

Yes and i wouldnt buy it because of the encryption
3
43%
I would have to think about it
2
29%
No, as long as i can change core functionality
2
29%
Encode it all! i dont care
0
No votes
 
Total votes: 7

malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

timvw wrote:Imho, i would write a php extension, and only deliver the compiled version.. And then write scripts that load the extension...
Excellent idea
Syranide
Forum Contributor
Posts: 281
Joined: Fri May 20, 2005 3:16 pm
Location: Sweden

Post by Syranide »

timvw wrote:Imho, i would write a php extension, and only deliver the compiled version.. And then write scripts that load the extension...
serious setbacks there too as many public servers (paid or not) doesn't allow you to use extensions, or even run programs due to safe_mode. penalizing the good to make it harder for the bad isn't acceptable in larger scales if you ask me, I would not ever run a software that queries from another computer for each page, it would severly impact performance and also, I would go in-****-sane if a client would come to my page and not being able to buy things because "your" server is down, thus not responding to queries... even it is not sales, such things are not acceptable I would say.
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

malcolmboston wrote:
Buddha443556 wrote:since we're off topic ... Have you considered hosting the application yourself and selling accounts? No need for elaborate protection measures just keep your server secure.
i personally believe because this is an advanced project manager with other stuff, it would be more suited to localhost only
User avatar
dreamscape
Forum Commoner
Posts: 87
Joined: Wed Jun 08, 2005 10:06 am
Contact:

Post by dreamscape »

if you are going to be selling commercial scripts, you might consider a php encoder...

For example, you might have the main index.php that sets up the script and is necessary to run the application be encrypted but the rest source code so users can make any changes they may need.

Most commercial PHP encoders should enable you to require the encrypted file to use a license key. Then you can generate licenses that are for example bound to the users domain, so that the script in combination with that key will only work on a certain domain.

I know SourceGuardian, which I use, has this option plus many other binding options. I believe Ion Encoder does as well.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Have a look at the last comment on this blog:

http://www.sitepoint.com/blog-post-view?id=270520
http://www.sitepoint.com/blog-post-view?id=270520 wrote:
What binds it would have to be things such as customer agreements and such. You cannot have open source with a few encoded files ;)

Interestingly, this is Cerberus's approach. The GUI and pretty much the entire application is clear-code PHP, but a key component (the email <-> GUI interface) is a binary executable which validates the customers' license key. Seems to work well for them.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Syranide wrote:such things are not acceptable I would say.
But asking an admin to run code that could do *anything* is okay? Thats what a black-box, closed-source php script is.. its an serious security risk.
Syranide
Forum Contributor
Posts: 281
Joined: Fri May 20, 2005 3:16 pm
Location: Sweden

Post by Syranide »

Roja wrote:But asking an admin to run code that could do *anything* is okay? Thats what a black-box, closed-source php script is.. its an serious security risk.
yes, that is what you do all the time, you have to rely on that what you get is what you should, I mean you run windows, for all you know it could be a great great virus (which some thinks)... something you in some manner has to trust. however, starting up windows and it says that the microsoft-server is down and won't let you in would make you furious... so you would just sit 8h at your job doing nothing because the server is down? not acceptable at all, in almost any situation if you ask me.

the more paranoid people get, the worse the products becomes.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Syranide wrote:the more paranoid people get, the worse the products becomes.
Could you elabourate on what you mean by that, please?

What you've written says:

"Security concerns make software products more unwieldy & complicated"

If I take this to its somewhat pointed logical opposite: "if you want ease of use, expect to be screwed."

You seem to have never experienced or read about what cracking/XSS/SQL injection etc. can do, because yours is a very flippant point to make. If you are serious and professional about what you're doing, you certainly want to offer a product that's both secure and has an intuitive GUI and workflow. That's what this discussion is about: how to create a professional and commercial application.
Syranide
Forum Contributor
Posts: 281
Joined: Fri May 20, 2005 3:16 pm
Location: Sweden

Post by Syranide »

ok, perhaps "paranoid" wasn't the most suiting word, but, if you have watched the latest games, you see HL2 for instance... where activate hitler-mode with Steam forcing all people to be online to play, even singleplayer... people were pretty darn furios about that, especially when it commonly liked to start updating when you start the computer eager to play... nope! sorry updating your HL2 for an hour now. At least half of my friends refused to by HL2 because of their punishing of "good people", and one couldn't even play the game because of the protection.

Same is coming along with StarForce, which is a good protection as it doesn't punish people the way Steam does but yet is secure, however, they also do some tricks which doesn't work for all, and people are always happy to know that their game don't start because of a protection, WHICH really shouldn't be there, they bought the game, they have full rights to it.

Somewhere you have to draw the line, how many will you lock out from your product?
Being paranoid is when you start taking drastic measures to keep it safe (which will be cracked eitherway), even though in the end it doesn't matter because the basic thought isn't secure enough to sustain the idea, such as making PHP contact a server or use external modules and binaries... you have effectively locked out a whole bunch of people, some will not buy it because of his interest being more money than more customers by use of performance degrading solutions or solutions that don't work on all systems. sure protection is good, but as PHP is opensource, and human readable it means no protection in the world would ever stop it.

The source will always be available in the end eitherway, why not put in some cheap protection which is obvious (takes 5min to crack), instead of some more advanced protection which is hidden and perhaps encrypted (takes 30min to crack) which will also make some customers not able to use it, and also some customers to think of it as a poor product, if someone wants to crack it, there is no stopping for PHP.

EDIT: don't take me as being angry or so, I'm just trying to explain my opinion towards copy protections.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Pick up any book on security and one of the first sentences you read is "Nothing is 100% secure". The point is to raise the threshold to a level that it's as close to 100% as reasonably possible. In essence: there is a lot of grey inbetween black and white.

P.S.: no worries
Syranide
Forum Contributor
Posts: 281
Joined: Fri May 20, 2005 3:16 pm
Location: Sweden

Post by Syranide »

patrikG wrote:Pick up any book on security and one of the first sentences you read is "Nothing is 100% secure". The point is to raise the threshold to a level that it's as close to 100% as reasonably possible. In essence: there is a lot of grey inbetween black and white.
yes of coarse, I'm fully aware of that, nothing can be fully protected, but there is no need in trying to make it more secure than what it relies on... try adding a lasergun and a taser to a car... overkill considering you could just make a copy of the key (for instance).

I'm just saying, as there is a lot of grey, that grey might also be potential loss of customers, everyone serious buys what they use, if they copy, they most likely wouldn't have bought it eitherway, and that's what you need to consider, not whether or not to punish people, but who many will I ACTUALLY loose/gain in doing this in respect to peoples thoughts about it, not how many copies, because then we come to that where 1.000.000 people has copied my game, yet there only lives 100.000 on earth. and perhaps, with a little smarts, you could even turn the "copiers" into future customers, think ahead, don't think money.

that's all I'm saying
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

so ok, lets not make it secure, let me spend 100's of hours of my time (ive spent about 100 already and its about 10% done) just for someone to email it to a friend?

im sure if you were in my position you would be looking at the most secure options available too
Syranide
Forum Contributor
Posts: 281
Joined: Fri May 20, 2005 3:16 pm
Location: Sweden

Post by Syranide »

malcolmboston wrote:so ok, lets not make it sure, let me spend 100's of hours of my time (ive spent about 100 already and its about 10% done) just for someone to email it to a friend?

im sure if you were in my position you would be looking at the most secure options available too
you haven't been reading a word of what I've said apparently, not offence, but try reasoning with me, money isn't all. you have to think further than that, as with piracy today, music industry claims they loose billions and billions... however, if nobody would copy, they would perhaps gain a few percent... so then you can ask yourself, could there be a gain in letting people copy? perhaps I could get future customers by that, as they discover my products and my "signature" would get widely known, or widely "hated" if abused in order to make as much money as you possibly could, disregarding the consequences of your actions.

EDIT: there was a great gamecompany that actually started out like this back in the old days, a really really awesome 3d-game, it wasn't <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span>... what did they do? they gave it for free, what happened? next to every single person with a computer in the world played their game... thus giving their name huge amounts of respect and widely known over the world, giving them unlimited opportunities for their "first" game that was being charged for.
Last edited by Syranide on Thu Jun 09, 2005 8:30 am, edited 1 time in total.
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

lol, no offence but that BS to be honest, so someone goes and gets a copy of my project illegally they use it think its good and think "hmmm, i might buy the next version"

i highly doubt it to be honest, they'd be trawling google for all those "nasty" sites for the brand new version for free. Granted im building this application for myself as much as anything but the stuff im adding into it are more of a "hub" and not required by me as such.

also, im not "trying to make as much money as i can" mate, im simply trying to earn a little cash from something that i think would be a nice utility for people like me, where the wrong in that?
Last edited by malcolmboston on Thu Jun 09, 2005 8:33 am, edited 1 time in total.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Let's stay on the problem at hand, shall we? If malcomboston was Microsoft one could develop valid points about copyright and copyleft. As it is, malcomboston is a guy who wants to earn his living. It's economies of scale, Syranide. No food on the table and being morally right will let you still starve.
Post Reply