hi all, What is the best, optimized and free way to protect my source code (i mean encrypt in a way hard to decrypt for humans)?
actually I want to protect my website and CMS, as php files are just simple text files. anyone who knows a little bit of php can modify in an illegal way.
I have also learned about Zend Guard, IonCube etc... I dont want a paid solution, or a ready made solution. any idea ?
The only free (or at least cheap) ones I've seen generally all do the same thing: recursive eval()/base64_decode() calls. Any of these can be decrypted by any reasonably skilled PHP coder with a bit of patience -- it will only stop the casual user (or impatient skilled user, who will likely not want to use such obfuscated code in the first place).
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
yeah i too have done this kind of decryption of some shells that were placed on my server by a hacking attack. is there some way to convert the source code into binary or similar and run without any problem. Like in ASP.NET (I think its possible in ASP.NET as I don't know much about it)
You might be able to use the bytecode extension, but I've never used it, and you now know at least as much about it as I do.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
You might be able to use the bytecode extension, but I've never used it, and you now know at least as much about it as I do.
Excellent suggestion NogDog.
Having your programs as byte code makes them incredibly portable. If you do not know anything about how Java works then you'll be in for a surprise, even if you already know a fair deal about OOP in PHP.
If you have not used Java then be very cautious using this extension. It comes from a different world not the least bit like PHP.
If you don't like the JVM you can compile your PHP with Hip Hop (from what I have heard).
I use (, ; : -) as I please- instead of learning the English language specification: I decided to learn Scheme and Java;
Protect against *casual* reading of your code by the .htaccess
file in the directory from which your PHP is called, and also give
this directory drwxr-xr-x permissions.
-
Always place 'Options -Indexes' in the .htaccess file and always
have a file called 'index.html' or 'index.php' in the directory.
- Determined hacking (usually by brute force FTP) will always result
in some clown f**king up your site. It has happened to me on a few
occasions. Even if you run compiled programs on the server, *someone*
will get in, someday, and replace your code with malicious crap of
their own.
-
Vigilance, and frequent changes of FTP passwords on your host, do
their bit to help. Otherwise, the first you may hear of it is a dreaded
Google "this site may harm your computer" flag ! ! [At least, this shows
your SEO is effective :-) ]
Chris
Last edited by chriseccles; 06-12-2011 at 02:27 AM.
Reason: afterthought
yes you said right but i just want to protect my source code from reuse/modification without my by someone else (who is not the part of my team, I mean).
I tried "PHP Obfuscator" it does work a bit, and can be helpfull... But it also modifies HTML tags that makes the structure messy or makes the document invalid (valid XHTML)
Reply With Quote
Originally Posted by ralphchadkirk
Bookmarks