What php encoder do you usually use?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
sammyphp
Forum Newbie
Posts: 17
Joined: Tue Jul 03, 2007 2:39 am

What php encoder do you usually use?

Post by sammyphp »

Hello everyone, this is my first time to post here. I am a newbie.

1. What php encoder do you usually use nowday?
(I am considering phpShield, ionCube PHP Encoder, zend phpencoder, etc.)

2. When we use these encoder, do we need to inform isp to install any programs on server or client (eg. decoder in order to read the encoded php code)?

Thanks in advance. :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Re: What php encoder do you usually use?

Post by feyd »

sammyphp wrote:Hello everyone, this is my first time to post here. I am a newbie.
Welcome.
sammyphp wrote:1. What php encoder do you usually use nowday?
(I am considering phpShield, ionCube PHP Encoder, zend phpencoder, etc.)
None; they are such a thin veil of security that it's worthless to me. A solid license works better.
sammyphp wrote:2. When we use these encoder, do we need to inform isp to install any programs on server or client (eg. decoder in order to read the encoded php code)?
The server must support the encoding, so yes, if they don't already have it installed.
sammyphp
Forum Newbie
Posts: 17
Joined: Tue Jul 03, 2007 2:39 am

Post by sammyphp »

Hi feyd,

1.
None; they are such a thin veil of security that it's worthless to me
Do you mean even the php prg is encoded, you could decode it easily?

2.
A solid license works better.
What is solid license? Are there any examples that I could study with?
To my knowledge, to prevent the php code from accidentally downloading by hackers, we would better encode it with some php encoder (eg. zend, ionCube, etc.) This is the situation when we protect source code of exe program of pc. Am I right? Or, when we are talking about web application, the situation is completely different?

3.
The server must support the encoding
As you mentioned, we need to ask isp if they have installed any zend or ionCube decoder (because this results running bytecode after encoding protection).
If not, we ask them if they could install them or not. Right?

Thanks in advance.
:)
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Do you mean even the php prg is encoded, you could decode it easily?
Yes.
What is solid license? Are there any examples that I could study with?
Find a reputable company that sells a computer program, and read it.
To my knowledge, to prevent the php code from accidentally downloading by hackers, we would better encode it with some php encoder (eg. zend, ionCube, etc.)
It is a far better idea to secure the server.
This is the situation when we protect source code of exe program of pc. Am I right? Or, when we are talking about web application, the situation is completely different?
PHP is an interpreted language. EXE files are a result of compilation, which PHP does not do.
As you mentioned, we need to ask isp if they have installed any zend or ionCube decoder (because this results running bytecode after encoding protection).
If not, we ask them if they could install them or not. Right?
Yes and Yes, although they probably won't install it if they don't have it already.
sammyphp
Forum Newbie
Posts: 17
Joined: Tue Jul 03, 2007 2:39 am

Post by sammyphp »

Thank you for your reply.

Is it very difficult to manage a linux server?
(having mysql and phpmyadmin installed)
Assuming there is no experience on linux, is it better to rent servers from isp or data centre?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

First thing I would do is uninstall phpMyAdmin. :) Seriously.
sammyphp
Forum Newbie
Posts: 17
Joined: Tue Jul 03, 2007 2:39 am

Post by sammyphp »

Hi feyd,

According to http://www.phpmyadmin.net/home_page/index.php
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 52 languages. GPL License information.
It also says it wins a lot of awards:
http://www.phpmyadmin.net/home_page/awards.php

Does phpMyadmin not help us to manage mysql in linux or windows?
Why it is the first thing is to uninstall it? Is it not secure?

Thanks in advance
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

phpMyAdmin cripples you SQL-wise.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

MySQL provides a perfectly useful command line client and they also provide some graphical clients. Havig phpMyAdmin installed is also adding another potential weak point in your security too.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

I use MySQL's own MySQL Administrator if I'm feeling too lazy to use the command line.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

MySQL Query Browser is an essential tool for any MySQL developer's toolkit. It offers quick-and-easy documentation, forces you to learn SQL, and gives you a convenient way of viewing rows in your database.
User avatar
nathanr
Forum Contributor
Posts: 200
Joined: Wed Jun 07, 2006 5:46 pm

Post by nathanr »

completely offtopic here but I like the way you guys think - like minded over here and develop in the same manner.. why people feel the need to fix what ain't broken I don't know - mysql is far more powerful, like dump an entire database from command line with simple > if you don't know how to do soemthing, read the manual, if you need help with some protocol, read the rfc and do it the correct way. Time consuming but well worth it in the end :)

anyways just a quick "respect, your giving proper answers" - it's very rare that one sees that in any developer orientated forum(s)
Post Reply