Are there some recomendations on Open Source or Free PHP Encoder systems? Is something available?
Asked
Active
Viewed 7,200 times
3
-
5-1 for irony overload between Open Source and PHP encoder. – cbrandolino Dec 23 '10 at 13:54
3 Answers
3
Obfuscating PHP just makes it difficult for the casual observer to study the code. It will not keep someone who is determined at bay for very long. Granted, the unobfuscated version they're able to produce might not match your code line by line, but it will be close enough.
The only reason I could see to use one would be to ensure that people did not short circuit a licensing check, however even that is trivial to accomplish in most cases.
I recommend just trusting your customers, or build offerings that are designed to be delivered mostly, if not entirely as a service.
That being said, you can try actually compiling your PHP apps into native executables that work via FCGI dispatch or come complete with an embedded web server. Tools to help you do that are the PHP Compiler (phpcompiler.org) and Roadsend.
Still, you won't stop someone who is determined to modify their copy, or study how it works.
Tim Post
- 18,757
- 2
- 57
- 101
-
great, thanks. Actually the software is to be served as a service, then no problem about who will use this. The major problem is, inside a company, as a programmer / supervisor of the whole project I need to keep the code closed even being a php code. 'cause I can't trust another programmers inside company. They can use the project to sell as another name or another purpose, and it is a risk to the company. I read about PHC, perheaps is a great ideia, I will give a try. I know I can't stop someone who is determined to modify, but at least it must be a little difficult.. :-) – devasia2112 Dec 23 '10 at 14:47
-
@Fernando Costa: Locking code internally from other coders is a major issue. How are they supposed to work effectively on it, if it is all locked up? You need stricter contracts and better staff if this a problem. – Orbling Dec 24 '10 at 09:26
-
Back to the problem. Actually I have models of delivery my software to Clients. One is entirely by SaaS (No Problem). The Second one is by installing an instance in my client (put my code there). Any programmer or even experienced users can read it. The code is not an open source, then I still fighting on this matter, and trying to my clients get convinced to host software in my SaaS model.. but some clients, just want the code hosted by himself. o_O – devasia2112 Nov 24 '11 at 00:36
-
@FernandoCosta Make each 'source' installation slightly unique. Something subtle about it should be different for each client, and record those differences. Let clients know that their installation is unique, and if a version finds it's way out in the wild, they will be held responsible. Then ask them if they _really_ want the source code. Or, just don't allow on site licensing. You can also make some proprietary PHP extensions that your code depends on.. you have options. – Tim Post Nov 24 '11 at 00:51
-
@Tim Post - Thanks for the advice. I really liked about "proprietary PHP extensions" How should I do that? Any resource or a How to build up extension in php? Is it something that need to be coded in C/C++ ? Thanks for the response! :) – devasia2112 Nov 24 '11 at 02:03
-
@FernandoCosta You'd need to do it in C, but there are some [good tutorials](http://devzone.zend.com/303/extension-writing-part-i-introduction-to-php-and-zend/) on the topic. Just make your code depend on some kind of hash, or something that only _your_ server can provide. Then use the functions in your custom module to get it. Compile the module specific for each client. It's hard to recommend _what_ to put in that module, I have not seen your code. But it need not be very complicated. – Tim Post Nov 24 '11 at 02:07
-
@Tim Post - I'd love to do such a thing in C, I will read up the reference "good tutorials". What does it means "Compile the module specific for each client" ? I will follow the reference and test the results, and for sure I will think about something "very complicated". Thanks again man. – devasia2112 Nov 24 '11 at 02:15
-
@Tim Post - I had collected some good resources about how to build the extensions in php, and I found 2 different ways, the first is at the ZE Zend Engine level (low level programming) and the second is PHP extension (High Level programming). Since I came from C, and now programming for web... It is a little bit confused to me.. I just want to build or use some engine that make part of my code (a lib for instance) hidden from eyes of others --- :) It can be a kind of encrypted dependencies ... anyway it must be compiled in the client with the PHP module ? Yeah? – devasia2112 Nov 25 '11 at 01:39
-
@Tim POst - then an user, programmer or whatever can find the extension and read up .. and all the hard work gone.. :( Now I'm a lot confused about.. hehehe – devasia2112 Nov 25 '11 at 01:39
-
PHC does not support return values in included scripts. It is a problem since you are using a webservice, I suppose if you call a webservice from your own code. – devasia2112 Jan 18 '12 at 14:27
-
@FernandoCosta It's kind of hard to guide you because I'm kind of in the dark about what you're doing. You may very well be better off with ioncube or source guardian if you're spending this much time on it, just don't expect 100% protection out of either. – Tim Post Jan 18 '12 at 14:32
-
@Tim Post I had realized that there are nothing good enough on this way, there are companies like Ioncube that charge for their solution, and I had tested already (Works Good), but like we discussed is not 100% safety, then I'm going on the SaaS way. – devasia2112 Jan 18 '12 at 14:45
-
continue... Centralized all the instances, the whole code at only one server. Then if the customer want the code hosted by himself, I will host the code at the company (Mainly Interfaces and Calls), but it will be something "API like", it will request the business logic from the remote server. Then the requisites will be a working connection and the Core still held by myself. – devasia2112 Jan 18 '12 at 14:46
-
Just to say one more word -> Do not use this -> http://www.rssoftlab.com/phpenc.php It is the worst crazy shit I have ever try to use in last 2 years... No documentation, no command line program as they claim. Really a nightmare. Do waste your time.. I think the only way if really want to encode is here, since it is Raw php, and everything in php born from this. http://br2.php.net/manual/en/book.bcompiler.php – devasia2112 Jan 18 '12 at 23:42
1
Don't fool yourself. You don't need an encoder. If you still feel like it, there is a Raiz Labs PHP Obfuscator. Any many others, just use Google.
-
hey @Vlad was just a question you do not need to shoot lightning cause it. Anyway thanks for your answer. be polite next time man! – devasia2112 Dec 23 '10 at 14:11
