tags:

views:

234

answers:

4
+2  Q: 

Protecting Scripting Language Source Code

I'd like to protect the PHP and JavaScript program source code from the prying eyes of my client. How can I do that?

+1  A: 

If someone has access to your source code it will always be susceptible. The best you can do is obfuscate it ala Google-JS style but it can always be reverse-engineered.

And what makes your application so special anyway? Unless it's some sort of program for something like the government I don't think you should really give a care.

meder  2009-09-22 13:49:52
er... my boss think it is important.. ... :P
Ted Wong  2009-09-22 13:53:26
Tell him he’s an idiot.
Bombe  2009-09-22 13:57:58
@Ted Wong - I have had the same problem with my boss for some .Net systems .. so I feel you pain .. lol
Peter M  2009-09-22 13:58:23
@Bombe - some of us enjoy being employed :)
DVK  2009-09-22 21:32:58
+5  A: 

your javascript source is fair game I'm afraid. You can minify it, you can obscure it and compress it but you can't hide it.

if you are storing PHP files on your clients server, then this issue will be difficult to overcome also.

Apparently there are some PHP encrypters available but they have an adverse affect on performance.

So yeah, not much you can do really. Especially if your client is technically savvy.

Evernoob  2009-09-22 13:51:00
IMO all you need to do is make breaking into your system (slightly) more expensive than buying a new license from you then thats about as best as you can do on an adhoc basis. After that you have to start investing in all sorts of other technologies that will screw around with things [ie Port your php to C++ ]
Peter M  2009-09-22 14:01:42
+1  A: 

Use a javascript obfuscator.

Jasob :: JavaScript Obfuscator - CSS Obfuscator

Although it won't be 100% irreversible. Just makes it hard to read and understand.

For PHP

PHP Obfuscator

and

Code Eclipse

rahul  2009-09-22 13:51:42
+1  A: 

Given you are using a scripting language that is interpreted at runtime, your options are limited:

1) Run the most sensitive parts of your application on your own server and have the client access them over web services.

2) Code obfuscation (this is reversible with enough effort).

Asaph  2009-09-22 13:52:02

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases