Protect my PHP source? (obfuscate?)
Posted: Tue Jul 26, 2011 7:01 am
I'm offering PHP solutions to my clients in two ways:
1. I deliver full PHP source code, complete with comments / documentation / etc, so they can modify and expand it and build upon it themselves (and/or call me for further development later on, if they prefer)
2. I only deliver a working PHP script, no comments / documentation, they're not supposed to modify this (so they get a solution as-is and need to get back with me if they want changes)
Obviously I charge less for nr 2, essentially they're buying functionality here. This comes in the form of .php files that work on their server, but aren't supposed to be easily modified.
In this scenario I keep full commented and documented php source code locally, and only deploy a minimal / stripped version to them, so they cannot easily mess around with it.
I understand this can never be achieved 100%, since they still get working .php files one way or the other. But what would be the best approach to this? Stripping comments, reducing variable names, and obfuscating the .php files? Or are there other possibilities?
When I google on obfuscate php I get quite some alternatives, and I've also heard of Zend Guard which seems to do something similar. Any solutions you can recommend?
1. I deliver full PHP source code, complete with comments / documentation / etc, so they can modify and expand it and build upon it themselves (and/or call me for further development later on, if they prefer)
2. I only deliver a working PHP script, no comments / documentation, they're not supposed to modify this (so they get a solution as-is and need to get back with me if they want changes)
Obviously I charge less for nr 2, essentially they're buying functionality here. This comes in the form of .php files that work on their server, but aren't supposed to be easily modified.
In this scenario I keep full commented and documented php source code locally, and only deploy a minimal / stripped version to them, so they cannot easily mess around with it.
I understand this can never be achieved 100%, since they still get working .php files one way or the other. But what would be the best approach to this? Stripping comments, reducing variable names, and obfuscating the .php files? Or are there other possibilities?
When I google on obfuscate php I get quite some alternatives, and I've also heard of Zend Guard which seems to do something similar. Any solutions you can recommend?