Protect my PHP source? (obfuscate?)

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
GimbaL
Forum Newbie
Posts: 18
Joined: Thu Apr 16, 2009 3:28 am

Protect my PHP source? (obfuscate?)

Post by GimbaL »

I'm offering PHP solutions to my clients in two ways:

1. I deliver full PHP source code, complete with comments / documentation / etc, so they can modify and expand it and build upon it themselves (and/or call me for further development later on, if they prefer)

2. I only deliver a working PHP script, no comments / documentation, they're not supposed to modify this (so they get a solution as-is and need to get back with me if they want changes)

Obviously I charge less for nr 2, essentially they're buying functionality here. This comes in the form of .php files that work on their server, but aren't supposed to be easily modified.
In this scenario I keep full commented and documented php source code locally, and only deploy a minimal / stripped version to them, so they cannot easily mess around with it.

I understand this can never be achieved 100%, since they still get working .php files one way or the other. But what would be the best approach to this? Stripping comments, reducing variable names, and obfuscating the .php files? Or are there other possibilities?

When I google on obfuscate php I get quite some alternatives, and I've also heard of Zend Guard which seems to do something similar. Any solutions you can recommend?
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Protect my PHP source? (obfuscate?)

Post by Jonah Bron »

Looks like there's an obfuscator here:

http://www.semanticdesigns.com/Products ... scator.jsp

Or you can use Zend Gaurd or Ioncube. Note though that these require the client to install extra software, namely the Zend Gaurd Runtime Decoder or Ioncube Loader, respectively.
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: Protect my PHP source? (obfuscate?)

Post by yacahuma »

you need to use something like ioncube or PHP Encoder from NuSphere
Post Reply