Page 1 of 2
Copyrighting my code
Posted: Sun Mar 19, 2006 3:41 am
by irisblaze
or something like that, anyhow, I finished scripting my own php application, I want to ditribute it freely but I want to add a link in the bottom of the pages to my site, now what's the best way to encrypt that section of code to ensure that users of my code won't remove it, and I want to add a security hole so that I only know, to delete the data and the application in case users removed that link, any ideas? oh sorry for misspelling some words
Posted: Sun Mar 19, 2006 5:00 am
by AGISB
There is no way you can do that.
Posted: Sun Mar 19, 2006 5:09 am
by irisblaze
yes there's away and I saw it many times before, anyway what m going to do is to encrypt the code then call eval() to execute the encrypted code, I'll make it so that the encrypted code contains basic function for the applications thus if the user tried to manipulate the encrypted code the whole app will stop working, but I need guidelines
Re: Copyrighting my code
Posted: Sun Mar 19, 2006 9:51 am
by shiflett
irisblaze wrote:I want to ditribute it freely but I want to add a link in the bottom of the pages to my site, now what's the best way to encrypt that section of code to ensure that users of my code won't remove it, and I want to add a security hole so that I only know, to delete the data and the application in case users removed that link, any ideas?
I think you're on the wrong forum.
Posted: Sun Mar 19, 2006 10:58 am
by timvw
Anyone seen the PHP - Obscurity forum?
Anyway, i've seen a couple of times scripts that performs a couple of times eval and base64 encoding.. I still don't get what they were thinking... The only workable solution i can imagine is to host the script yourself.
Re: Copyrighting my code
Posted: Sun Mar 19, 2006 12:56 pm
by irisblaze
shiflett wrote:irisblaze wrote:I want to ditribute it freely but I want to add a link in the bottom of the pages to my site, now what's the best way to encrypt that section of code to ensure that users of my code won't remove it, and I want to add a security hole so that I only know, to delete the data and the application in case users removed that link, any ideas?
I think you're on the wrong forum.
wtf? then what's the right forum?

it's a security issue, isn't it?
Posted: Sun Mar 19, 2006 1:03 pm
by hawleyjr
I think anyone here will laugh at you if you try to encrypt your code. It just won't work

The best way to do it is to have a 'You must include this link' amendment in your EULA.
Posted: Sun Mar 19, 2006 2:09 pm
by irisblaze
agh! but I saw it somewhere before
Posted: Sun Mar 19, 2006 2:31 pm
by d3ad1ysp0rk
Find out where and maybe we can help you more, because it's probably easy to get around.
Re: Copyrighting my code
Posted: Sun Mar 19, 2006 4:25 pm
by Roja
irisblaze wrote:wtf? then what's the right forum?

it's a security issue, isn't it?
No, and the title of your original post shows that you don't understand the difference between encrypting code, and copyrighting it.
Lets explain a little in detail.
Copyrighting your code gives you plenty of protection. You can use public opinion, and you can sue if that fails.
Similarly, your contracts give you substantial protection as well, allowing negotiation, and lawsuits.
The problem is that being a programmer, you feel that the legal system won't do what it is ideally suited to do, and so you want to try to solve it by programming a solution.
The problem is that it has been tried, and it fails. The concept of encrypted PHP relies on three steps:
- Encode
- Decode (before running)
- Run
The problem is that your client can intercept the code bwteen step two and three. No matter what the product is, how secure it is, how tough the encryption, for PHP to run it, it has to decrypt it and hand it to PHP. When that happens, its unencrypted, and they win.
Practically every "encoder" solution has been defeated, including Zend's own - and if Zend can't get it right, no one else can.
Its far better to choose clients you can trust, build a strong relationship with them, do work in chunks (one page, one payment, two pages, two payments), and offer a strong support model than to try and force them to pay.
Besides, under US copyright law, selling code that you know will break in the future can be malfeasance on your part. Worse, it could be considered Fraud!
There are effective solutions to the problem, but not encryption. Copyright, contracts, and a good relationship is far stronger than any two-bit encoding scheme.

Posted: Mon Mar 20, 2006 7:43 am
by Maugrim_The_Reaper
PHP encoding is pretty difficult - for starters in order to be compiled it must be decoded. Since it decoded, it can be printed. If it can be printed (and made sense of!) then the encoding failed miserably - which is exactly what the vast majority of PHP encoders do. There's a nice article somewhere I read about modifying the APC extension to print code pre-compilation from an encoded source.
What you need is a copyright, a license (or a EULA), and some self-education on these topics. They cover everything you need, and do what simple encoding will not - protect your work under the Law.
Posted: Mon Mar 20, 2006 7:55 am
by jayshields
I think I mentioned somewhere before, but someone told me that if you print out code you want to be copyrighted, pop it in an envelope addressed to yourself, post it, then receive it and keep it unopened then it is rightfully copyrighted.
You can see the date from the stamp the post office stamp on it. Then if anyone steals your code, you can produce your envelope in court and let them open it.
Is that just a myth?

Posted: Mon Mar 20, 2006 9:26 am
by hawleyjr
jayshields wrote:I think I mentioned somewhere before, but someone told me that if you print out code you want to be copyrighted, pop it in an envelope addressed to yourself, post it, then receive it and keep it unopened then it is rightfully copyrighted.
You can see the date from the stamp the post office stamp on it. Then if anyone steals your code, you can produce your envelope in court and let them open it.
Is that just a myth?

That is a method of copyrighting that dates back a very long time ago. However, I hardly doubt it would hold much strength today

Posted: Mon Mar 20, 2006 9:39 am
by Roja
jayshields wrote:I think I mentioned somewhere before, but someone told me that if you print out code you want to be copyrighted, pop it in an envelope addressed to yourself, post it, then receive it and keep it unopened then it is rightfully copyrighted.
You can see the date from the stamp the post office stamp on it. Then if anyone steals your code, you can produce your envelope in court and let them open it.
Is that just a myth?

Its not a myth, but you've got the details wrong. More specifically, thats a method of protection, but for patents, not generally for copyright.
In patent applications, the early bird gets the worm. To prove that is rather tricky. The patent process requires that you do a (lengthy) patent research process. That process can take *years*, and the patent office will look unfavorably upon applications that attempt to skip that.
The way around it is to do just as you describe - send a registered letter, sealed, and dated, to yourself. Then begin the application process. If down the road, you end up with someone else being granted the patent, you have proof of first discovery.
Copyright doesn't benefit or hurt from doing the same thing. Copyright is established as soon as you write the document. Proving that you wrote it can be easy, or complicated, depending on the contents. The US Copyright office does allow you to register your copyright (via mail), but the benefits are relatively minor. Having a letter you sent yourself only shows that you have a copy, and on a certain date - that doesnt matter much in copyright law, but matters quite a bit in Patents.
Hope that helps clear it up a bit.
Posted: Mon Mar 20, 2006 10:30 am
by Maugrim_The_Reaper
Whether a copyright exists or not in comparison to a challenge can indeed be date dependent - hence registered unopened mail of a copyrighted work is useful. It's still a practice used when you don't have a publishing house backing up your claim. It may be old fashioned but where else do you verify the date the copyright was in place outside of registering the claim?
Might be different in the US I'll grant.