close source php application?
Moderator: General Moderators
close source php application?
I have built an application that i would like to make close source, any one have any ideas or links on how to do this? I dont even have the slightest idea how to prevent people from taking my code or editing it.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: close source php application?
Haha... 
A few techniques:
1) Use one of those byte code obfuscators (ie: ionCube) - apparently easily reverse engineered.
2) Write a custom code obfuscator. Pull everything into a single script and expand all functions, etc...
3) Compile into binary code (RoadSend) - you'd have to *really* dedicated to reverse engineer this.
Lastly, you could simply keep your application hosted...which is the route I finally settled on after a few weeks of struggle with option #2.
Option #3 is promising but you have to code your application in such a way that it's capable of being compiled.
Cheers
A few techniques:
1) Use one of those byte code obfuscators (ie: ionCube) - apparently easily reverse engineered.
2) Write a custom code obfuscator. Pull everything into a single script and expand all functions, etc...
3) Compile into binary code (RoadSend) - you'd have to *really* dedicated to reverse engineer this.
Lastly, you could simply keep your application hosted...which is the route I finally settled on after a few weeks of struggle with option #2.
Option #3 is promising but you have to code your application in such a way that it's capable of being compiled.
Cheers
Re: close source php application?
I do it with a custom obfuscator and all code in a single file, plus a couple of copy-protection tricks.
Hockey, there is a mixed solution I have thought about, but not yet tried and not sure of how viable it is. The app in question is an intranet app, so it might not be suitable for public web sites (but in that case just hosting it yourself would work fine). The idea is to install a virtual appliance in the client's intranet - on booting it starts a web server with your app installed. The client has a mechanism for making database backups, so he is in control of the data. The source (still obfuscated / encoded or whatever) lies on the appliance, and the question here is how well can you deny access to the appliance FS.
I'm not well-versed in GNU/Linux or virtual appliances, but I imagine it is possible to have an installation with no users bar root, so an attacker should have to either exploit the OS remotely (good luck with nothing but a web server running) or access the hard-disk emulation files on the host OS. If both options are hard enough things to do, thus we have an additional layer of protection between the attacker and the source code.
Anyone with experience in these matters?
Hockey, there is a mixed solution I have thought about, but not yet tried and not sure of how viable it is. The app in question is an intranet app, so it might not be suitable for public web sites (but in that case just hosting it yourself would work fine). The idea is to install a virtual appliance in the client's intranet - on booting it starts a web server with your app installed. The client has a mechanism for making database backups, so he is in control of the data. The source (still obfuscated / encoded or whatever) lies on the appliance, and the question here is how well can you deny access to the appliance FS.
I'm not well-versed in GNU/Linux or virtual appliances, but I imagine it is possible to have an installation with no users bar root, so an attacker should have to either exploit the OS remotely (good luck with nothing but a web server running) or access the hard-disk emulation files on the host OS. If both options are hard enough things to do, thus we have an additional layer of protection between the attacker and the source code.
Anyone with experience in these matters?
Re: close source php application?
This is something that interests me as well. Maybe the 3 of us can get together and create our own methods. I have software that I need to keep protected as well. I currently use ioncube but I'm in the dark as to what someone can see when they do an opcode dump. I think ioncube is better than zend, but neither of them are rock solid.
Re: close source php application?
IonCube is paid, right?
I've downloaded several ready-made virtual appliances for VMWare, but haven't found time to play with them yet.
----
The strength of a copy protection should not (and cannot) be infinite - just enough that the cost of reversing the protection would be comparable to the cost of development. Thus, any simple layer we can add will help immensely, as generally users are not smart and experienced enough to reverse engineer protection schemes, and a specialist in the area will cost them.
I've downloaded several ready-made virtual appliances for VMWare, but haven't found time to play with them yet.
----
The strength of a copy protection should not (and cannot) be infinite - just enough that the cost of reversing the protection would be comparable to the cost of development. Thus, any simple layer we can add will help immensely, as generally users are not smart and experienced enough to reverse engineer protection schemes, and a specialist in the area will cost them.
Re: close source php application?
Yeah ioncube is a purchased product.