noob asking question about securing sourcecode, please do me

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
kylix999
Forum Newbie
Posts: 5
Joined: Sat Mar 11, 2006 1:22 pm

noob asking question about securing sourcecode, please do me

Post by kylix999 »

i am creating my own php cms system with java/ajax support, i wish sell it in future but the problem is to make it much more secured, becouse php can be viewed by anyone who will use it. In java i do not have that problem -> bytecode coding etc and ajax functions are not so critical. One option is to use php obfuscator etc, but i was thinking is there any free toll to make my source code more secure or do you have ideas how to protect code of php scripts etc.

it is my first post so do not shoot me if it was earlier anwsered etc...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Some previous discussions we've had on this and similar topics:

viewtopic.php?t=42698
viewtopic.php?t=42673
viewtopic.php?t=37667
viewtopic.php?t=10766
kylix999
Forum Newbie
Posts: 5
Joined: Sat Mar 11, 2006 1:22 pm

Post by kylix999 »

zend enconder cost 900$ !!! and need some aditional extensions, probably not many users will be able to install them on their virtual server (buyed from hosting providers) etc...

I have some new questions:

1) Does it means that php has not got any support to interpreting some bytecode from prevoiusly compiled scripts like bytecode in java.
Will it be suported in future?


2) And how you php programers secure your code, i am asking especialy independent programmers who code some standalone php programs which are sold to ohers users.

3) Are some polpular php programs like vbulletin etc protected in any way? Or they just count on that users wil not change they code?


feyd thank you for that links, they were very useful
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

kylix999 wrote:1) Does it means that php has not got any support to interpreting some bytecode from prevoiusly compiled scripts like bytecode in java.
PHP does not have native (read built-in by default) support for bytecode. Extensions like ionCube, APC, Zend and others must be installed to decode them.
kylix999 wrote:Will it be suported in future?
I'm not appraised as to what features will be in future release as much as I'd like at times. But what I can say, even if they are built-in, it takes hosts a long time to upgrade beyond minor version changes. PHP 5 has been available for quite some time, and how many hosts have it installed? Almost none compared to those still running PHP 4. Granted, since PHP 4 is still continuing to be developed there's less and less motivation for hosts to migrate without the behest of their customers. Some hosts do support various bytecoded files though, ionCube is fairly popular, as is Zend .. I've seen APC on some hosts too.
kylix999 wrote:2) And how you php programers secure your code, i am asking especialy independent programmers who code some standalone php programs which are sold to ohers users.
I don't waste time trying to lock my code. That's what my license is for.
kylix999 wrote:3) Are some polpular php programs like vbulletin etc protected in any way? Or they just count on that users wil not change they code?
Most of the "popular" ones I know have no such blockage. They often encourage people looking at the code, modifying where they need or want to. Frankly, I see very little that's all that special about code in itself.

kylix999 wrote:feyd thank you for that links, they were very useful
You're welcome. :)
kylix999
Forum Newbie
Posts: 5
Joined: Sat Mar 11, 2006 1:22 pm

Post by kylix999 »

and last question feyd, i would not like to waste your time but please be patient for more than a minute please

you said that license is that what protect your code from intelectual side, yes licensing is the easiest way but isn't it too naive.
Well lets imagine that some user is using your php program without paing you for your license and what you can do if he is from another country even if it is in your country where you live, only you can go to judgement , but who will bother for a couple of $. So you can only send him an email with some curse etc...

What you will do in such situation?

Of course much better situation is with companys who MUST use legal software, so it is much easier to force them to use legal software ....
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

My software is only sold to real companies who are legally bound or they don't get the software. That includes going through their local legal system if need be. If their local system doesn't support the license(s) I want to use, then they don't get the software. Due dilligence. ;)

If they still want to use it, I can offer them hosted solutions where I control the servers. They own the content, but I hold the source.
kylix999
Forum Newbie
Posts: 5
Joined: Sat Mar 11, 2006 1:22 pm

Post by kylix999 »

that is all i wanted to know, even much more that i expected, Feyd God bless you for your patience and time
and greatings from Poland, since you are in German

FEYD THE GTRATEST :D
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

psst, I'm not in Germany. I'm in Germantown, Tennessee (USA). :)
kylix999
Forum Newbie
Posts: 5
Joined: Sat Mar 11, 2006 1:22 pm

Post by kylix999 »

8O ok germantown in Wisconsin , greatings anyway :D
Post Reply