Encoding PHP Scripts

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
choppsta
Forum Contributor
Posts: 114
Joined: Thu Jul 03, 2003 11:11 am

Encoding PHP Scripts

Post by choppsta »

I'm looking to be able to distribute one of our projects as a kind of stand alone product and I've been looking at the various encoding tools out there.

I kinda like the look of Source Guardian, but there's also the Ioncube stuff that looks quite good too.

What do you use and are there any "gotchas" that I should be aware of?
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

If it's been encrypted, it can be decrypted with, and without the key :P

I've not got any experience with encrypting PHP source, but I do know that the Zend encryption method has been "broken" and there are readily available 'decryption' apps.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Its down (from what I understand) to the weakness that PHP needs to be decoded prior to parsing - if you can intercept the decoded version between the decoder and the parser...
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

viewtopic.php?t=33935

Already covered this topic. All known encryption/encoding systems for php scripts at the interpreter level have been broken.

Focus your efforts on your contracts - they will protect you far better than weak encoding.
Post Reply