hi,
I want to introduce my "small creature" phpGuardian, a script php that it allows of monitorare and protect sources through codifies and/or obfuscator...
download here the version 3.0: http://www.service4pc.it/logging/
if someone wants to participate to this project sends me a pvt.
I hope that there is useful to all, I hope to receive of the response with respect to the using and eventual problems Smiley
I have created also a group on linkedin for anyone wanted to support this project:
http://www.linkedin.com/e/gis/53884/3CFFD81EB4A6
bye bye
ps: sorry for my english:(
phpGuardian (protect your script!)
Moderator: General Moderators
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: phpGuardian (protect your script!)
Moved to General Discsussion.
Re: phpGuardian (protect your script!)
Hi phakko. I had a look at your code. For the most part the code is pretty decent.
Here is some feedback.
1. You're using error suppression a bit more than I would like to see. I would encourage you to cut that down a bit.
2. Your using global variables. I would get rid of those.
3. There are some database queries that have numerous unfiltered variables. This can lead to query injection. I didn't track back where the variables came from, but I saw at least one that I believe may come from an end user. I would use data validation using regex and the mysql escape_string functions.
As for the concept of zipping the code and base64'ing the code, which it seems your doing, I can't say that offers hardly any protection. While it would definitely ruin a newbies day, it's fairly trivial for an experienced programmer to get the original code.
Here is some feedback.
1. You're using error suppression a bit more than I would like to see. I would encourage you to cut that down a bit.
2. Your using global variables. I would get rid of those.
3. There are some database queries that have numerous unfiltered variables. This can lead to query injection. I didn't track back where the variables came from, but I saw at least one that I believe may come from an end user. I would use data validation using regex and the mysql escape_string functions.
As for the concept of zipping the code and base64'ing the code, which it seems your doing, I can't say that offers hardly any protection. While it would definitely ruin a newbies day, it's fairly trivial for an experienced programmer to get the original code.