Copyrighting my code

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
irisblaze
Forum Newbie
Posts: 22
Joined: Sun Mar 19, 2006 3:24 am
Location: Palestine
Contact:

Copyrighting my code

Post by irisblaze »

or something like that, anyhow, I finished scripting my own php application, I want to ditribute it freely but I want to add a link in the bottom of the pages to my site, now what's the best way to encrypt that section of code to ensure that users of my code won't remove it, and I want to add a security hole so that I only know, to delete the data and the application in case users removed that link, any ideas? oh sorry for misspelling some words
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Post by AGISB »

There is no way you can do that.
User avatar
irisblaze
Forum Newbie
Posts: 22
Joined: Sun Mar 19, 2006 3:24 am
Location: Palestine
Contact:

Post by irisblaze »

yes there's away and I saw it many times before, anyway what m going to do is to encrypt the code then call eval() to execute the encrypted code, I'll make it so that the encrypted code contains basic function for the applications thus if the user tried to manipulate the encrypted code the whole app will stop working, but I need guidelines
User avatar
shiflett
Forum Contributor
Posts: 124
Joined: Sun Feb 06, 2005 11:22 am

Re: Copyrighting my code

Post by shiflett »

irisblaze wrote:I want to ditribute it freely but I want to add a link in the bottom of the pages to my site, now what's the best way to encrypt that section of code to ensure that users of my code won't remove it, and I want to add a security hole so that I only know, to delete the data and the application in case users removed that link, any ideas?
I think you're on the wrong forum.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Anyone seen the PHP - Obscurity forum? ;)

Anyway, i've seen a couple of times scripts that performs a couple of times eval and base64 encoding.. I still don't get what they were thinking... The only workable solution i can imagine is to host the script yourself.
User avatar
irisblaze
Forum Newbie
Posts: 22
Joined: Sun Mar 19, 2006 3:24 am
Location: Palestine
Contact:

Re: Copyrighting my code

Post by irisblaze »

shiflett wrote:
irisblaze wrote:I want to ditribute it freely but I want to add a link in the bottom of the pages to my site, now what's the best way to encrypt that section of code to ensure that users of my code won't remove it, and I want to add a security hole so that I only know, to delete the data and the application in case users removed that link, any ideas?
I think you're on the wrong forum.
wtf? then what's the right forum? 8O it's a security issue, isn't it?
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

I think anyone here will laugh at you if you try to encrypt your code. It just won't work :roll: The best way to do it is to have a 'You must include this link' amendment in your EULA.
User avatar
irisblaze
Forum Newbie
Posts: 22
Joined: Sun Mar 19, 2006 3:24 am
Location: Palestine
Contact:

Post by irisblaze »

agh! but I saw it somewhere before
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

Find out where and maybe we can help you more, because it's probably easy to get around.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: Copyrighting my code

Post by Roja »

irisblaze wrote:wtf? then what's the right forum? 8O it's a security issue, isn't it?
No, and the title of your original post shows that you don't understand the difference between encrypting code, and copyrighting it.

Lets explain a little in detail.

Copyrighting your code gives you plenty of protection. You can use public opinion, and you can sue if that fails.

Similarly, your contracts give you substantial protection as well, allowing negotiation, and lawsuits.

The problem is that being a programmer, you feel that the legal system won't do what it is ideally suited to do, and so you want to try to solve it by programming a solution.

The problem is that it has been tried, and it fails. The concept of encrypted PHP relies on three steps:

- Encode
- Decode (before running)
- Run

The problem is that your client can intercept the code bwteen step two and three. No matter what the product is, how secure it is, how tough the encryption, for PHP to run it, it has to decrypt it and hand it to PHP. When that happens, its unencrypted, and they win.

Practically every "encoder" solution has been defeated, including Zend's own - and if Zend can't get it right, no one else can.

Its far better to choose clients you can trust, build a strong relationship with them, do work in chunks (one page, one payment, two pages, two payments), and offer a strong support model than to try and force them to pay.

Besides, under US copyright law, selling code that you know will break in the future can be malfeasance on your part. Worse, it could be considered Fraud!

There are effective solutions to the problem, but not encryption. Copyright, contracts, and a good relationship is far stronger than any two-bit encoding scheme. :)
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

PHP encoding is pretty difficult - for starters in order to be compiled it must be decoded. Since it decoded, it can be printed. If it can be printed (and made sense of!) then the encoding failed miserably - which is exactly what the vast majority of PHP encoders do. There's a nice article somewhere I read about modifying the APC extension to print code pre-compilation from an encoded source.

What you need is a copyright, a license (or a EULA), and some self-education on these topics. They cover everything you need, and do what simple encoding will not - protect your work under the Law.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

I think I mentioned somewhere before, but someone told me that if you print out code you want to be copyrighted, pop it in an envelope addressed to yourself, post it, then receive it and keep it unopened then it is rightfully copyrighted.

You can see the date from the stamp the post office stamp on it. Then if anyone steals your code, you can produce your envelope in court and let them open it.

Is that just a myth? 8O
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

jayshields wrote:I think I mentioned somewhere before, but someone told me that if you print out code you want to be copyrighted, pop it in an envelope addressed to yourself, post it, then receive it and keep it unopened then it is rightfully copyrighted.

You can see the date from the stamp the post office stamp on it. Then if anyone steals your code, you can produce your envelope in court and let them open it.

Is that just a myth? 8O
That is a method of copyrighting that dates back a very long time ago. However, I hardly doubt it would hold much strength today :)
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

jayshields wrote:I think I mentioned somewhere before, but someone told me that if you print out code you want to be copyrighted, pop it in an envelope addressed to yourself, post it, then receive it and keep it unopened then it is rightfully copyrighted.

You can see the date from the stamp the post office stamp on it. Then if anyone steals your code, you can produce your envelope in court and let them open it.

Is that just a myth? 8O
Its not a myth, but you've got the details wrong. More specifically, thats a method of protection, but for patents, not generally for copyright.

In patent applications, the early bird gets the worm. To prove that is rather tricky. The patent process requires that you do a (lengthy) patent research process. That process can take *years*, and the patent office will look unfavorably upon applications that attempt to skip that.

The way around it is to do just as you describe - send a registered letter, sealed, and dated, to yourself. Then begin the application process. If down the road, you end up with someone else being granted the patent, you have proof of first discovery.

Copyright doesn't benefit or hurt from doing the same thing. Copyright is established as soon as you write the document. Proving that you wrote it can be easy, or complicated, depending on the contents. The US Copyright office does allow you to register your copyright (via mail), but the benefits are relatively minor. Having a letter you sent yourself only shows that you have a copy, and on a certain date - that doesnt matter much in copyright law, but matters quite a bit in Patents.

Hope that helps clear it up a bit.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Whether a copyright exists or not in comparison to a challenge can indeed be date dependent - hence registered unopened mail of a copyrighted work is useful. It's still a practice used when you don't have a publishing house backing up your claim. It may be old fashioned but where else do you verify the date the copyright was in place outside of registering the claim?

Might be different in the US I'll grant.
Post Reply