Page 1 of 1

noob asking question about securing sourcecode, please do me

Posted: Sat Mar 11, 2006 1:32 pm
by kylix999
i am creating my own php cms system with java/ajax support, i wish sell it in future but the problem is to make it much more secured, becouse php can be viewed by anyone who will use it. In java i do not have that problem -> bytecode coding etc and ajax functions are not so critical. One option is to use php obfuscator etc, but i was thinking is there any free toll to make my source code more secure or do you have ideas how to protect code of php scripts etc.

it is my first post so do not shoot me if it was earlier anwsered etc...

Posted: Sat Mar 11, 2006 1:42 pm
by feyd
Some previous discussions we've had on this and similar topics:

viewtopic.php?t=42698
viewtopic.php?t=42673
viewtopic.php?t=37667
viewtopic.php?t=10766

Posted: Sat Mar 11, 2006 2:01 pm
by kylix999
zend enconder cost 900$ !!! and need some aditional extensions, probably not many users will be able to install them on their virtual server (buyed from hosting providers) etc...

I have some new questions:

1) Does it means that php has not got any support to interpreting some bytecode from prevoiusly compiled scripts like bytecode in java.
Will it be suported in future?


2) And how you php programers secure your code, i am asking especialy independent programmers who code some standalone php programs which are sold to ohers users.

3) Are some polpular php programs like vbulletin etc protected in any way? Or they just count on that users wil not change they code?


feyd thank you for that links, they were very useful

Posted: Sat Mar 11, 2006 2:11 pm
by feyd
kylix999 wrote:1) Does it means that php has not got any support to interpreting some bytecode from prevoiusly compiled scripts like bytecode in java.
PHP does not have native (read built-in by default) support for bytecode. Extensions like ionCube, APC, Zend and others must be installed to decode them.
kylix999 wrote:Will it be suported in future?
I'm not appraised as to what features will be in future release as much as I'd like at times. But what I can say, even if they are built-in, it takes hosts a long time to upgrade beyond minor version changes. PHP 5 has been available for quite some time, and how many hosts have it installed? Almost none compared to those still running PHP 4. Granted, since PHP 4 is still continuing to be developed there's less and less motivation for hosts to migrate without the behest of their customers. Some hosts do support various bytecoded files though, ionCube is fairly popular, as is Zend .. I've seen APC on some hosts too.
kylix999 wrote:2) And how you php programers secure your code, i am asking especialy independent programmers who code some standalone php programs which are sold to ohers users.
I don't waste time trying to lock my code. That's what my license is for.
kylix999 wrote:3) Are some polpular php programs like vbulletin etc protected in any way? Or they just count on that users wil not change they code?
Most of the "popular" ones I know have no such blockage. They often encourage people looking at the code, modifying where they need or want to. Frankly, I see very little that's all that special about code in itself.

kylix999 wrote:feyd thank you for that links, they were very useful
You're welcome. :)

Posted: Sat Mar 11, 2006 2:30 pm
by kylix999
and last question feyd, i would not like to waste your time but please be patient for more than a minute please

you said that license is that what protect your code from intelectual side, yes licensing is the easiest way but isn't it too naive.
Well lets imagine that some user is using your php program without paing you for your license and what you can do if he is from another country even if it is in your country where you live, only you can go to judgement , but who will bother for a couple of $. So you can only send him an email with some curse etc...

What you will do in such situation?

Of course much better situation is with companys who MUST use legal software, so it is much easier to force them to use legal software ....

Posted: Sat Mar 11, 2006 2:38 pm
by feyd
My software is only sold to real companies who are legally bound or they don't get the software. That includes going through their local legal system if need be. If their local system doesn't support the license(s) I want to use, then they don't get the software. Due dilligence. ;)

If they still want to use it, I can offer them hosted solutions where I control the servers. They own the content, but I hold the source.

Posted: Sat Mar 11, 2006 2:45 pm
by kylix999
that is all i wanted to know, even much more that i expected, Feyd God bless you for your patience and time
and greatings from Poland, since you are in German

FEYD THE GTRATEST :D

Posted: Sat Mar 11, 2006 2:47 pm
by feyd
psst, I'm not in Germany. I'm in Germantown, Tennessee (USA). :)

Posted: Sat Mar 11, 2006 2:52 pm
by kylix999
8O ok germantown in Wisconsin , greatings anyway :D