i am creating my own php cms system with java/ajax support, i wish sell it in future but the problem is to make it much more secured, becouse php can be viewed by anyone who will use it. In java i do not have that problem -> bytecode coding etc and ajax functions are not so critical. One option is to use php obfuscator etc, but i was thinking is there any free toll to make my source code more secure or do you have ideas how to protect code of php scripts etc.
it is my first post so do not shoot me if it was earlier anwsered etc...
noob asking question about securing sourcecode, please do me
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Some previous discussions we've had on this and similar topics:
viewtopic.php?t=42698
viewtopic.php?t=42673
viewtopic.php?t=37667
viewtopic.php?t=10766
viewtopic.php?t=42698
viewtopic.php?t=42673
viewtopic.php?t=37667
viewtopic.php?t=10766
zend enconder cost 900$ !!! and need some aditional extensions, probably not many users will be able to install them on their virtual server (buyed from hosting providers) etc...
I have some new questions:
1) Does it means that php has not got any support to interpreting some bytecode from prevoiusly compiled scripts like bytecode in java.
Will it be suported in future?
2) And how you php programers secure your code, i am asking especialy independent programmers who code some standalone php programs which are sold to ohers users.
3) Are some polpular php programs like vbulletin etc protected in any way? Or they just count on that users wil not change they code?
feyd thank you for that links, they were very useful
I have some new questions:
1) Does it means that php has not got any support to interpreting some bytecode from prevoiusly compiled scripts like bytecode in java.
Will it be suported in future?
2) And how you php programers secure your code, i am asking especialy independent programmers who code some standalone php programs which are sold to ohers users.
3) Are some polpular php programs like vbulletin etc protected in any way? Or they just count on that users wil not change they code?
feyd thank you for that links, they were very useful
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
PHP does not have native (read built-in by default) support for bytecode. Extensions like ionCube, APC, Zend and others must be installed to decode them.kylix999 wrote:1) Does it means that php has not got any support to interpreting some bytecode from prevoiusly compiled scripts like bytecode in java.
I'm not appraised as to what features will be in future release as much as I'd like at times. But what I can say, even if they are built-in, it takes hosts a long time to upgrade beyond minor version changes. PHP 5 has been available for quite some time, and how many hosts have it installed? Almost none compared to those still running PHP 4. Granted, since PHP 4 is still continuing to be developed there's less and less motivation for hosts to migrate without the behest of their customers. Some hosts do support various bytecoded files though, ionCube is fairly popular, as is Zend .. I've seen APC on some hosts too.kylix999 wrote:Will it be suported in future?
I don't waste time trying to lock my code. That's what my license is for.kylix999 wrote:2) And how you php programers secure your code, i am asking especialy independent programmers who code some standalone php programs which are sold to ohers users.
Most of the "popular" ones I know have no such blockage. They often encourage people looking at the code, modifying where they need or want to. Frankly, I see very little that's all that special about code in itself.kylix999 wrote:3) Are some polpular php programs like vbulletin etc protected in any way? Or they just count on that users wil not change they code?
You're welcome.kylix999 wrote:feyd thank you for that links, they were very useful
and last question feyd, i would not like to waste your time but please be patient for more than a minute please
you said that license is that what protect your code from intelectual side, yes licensing is the easiest way but isn't it too naive.
Well lets imagine that some user is using your php program without paing you for your license and what you can do if he is from another country even if it is in your country where you live, only you can go to judgement , but who will bother for a couple of $. So you can only send him an email with some curse etc...
What you will do in such situation?
Of course much better situation is with companys who MUST use legal software, so it is much easier to force them to use legal software ....
you said that license is that what protect your code from intelectual side, yes licensing is the easiest way but isn't it too naive.
Well lets imagine that some user is using your php program without paing you for your license and what you can do if he is from another country even if it is in your country where you live, only you can go to judgement , but who will bother for a couple of $. So you can only send him an email with some curse etc...
What you will do in such situation?
Of course much better situation is with companys who MUST use legal software, so it is much easier to force them to use legal software ....
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
My software is only sold to real companies who are legally bound or they don't get the software. That includes going through their local legal system if need be. If their local system doesn't support the license(s) I want to use, then they don't get the software. Due dilligence. 
If they still want to use it, I can offer them hosted solutions where I control the servers. They own the content, but I hold the source.
If they still want to use it, I can offer them hosted solutions where I control the servers. They own the content, but I hold the source.