views:

306

answers:

12

I'm developing some web-based software. However, commercial launch, as far as I can tell, will require distribution of the PHP code. How can I prevent this code from being pirated?

A: 

Personally hosting it and having the purchaser change DNS

(Downfall: Purchaser might want code hosted on their own server to make sure I won't hijack their domain/subdomain. Also, they might worry if I close my website, they've lost what they paid for)

waiwai933
A: 

You can't.......

Daniel A. White
A: 

Having the program phone home

Downfall: Purchaser could take out the include statement.

Remedy: Have code be pulled from my server while it's phoning home

Downfall: Purchaser could take the code and simply replace the include statement with it

waiwai933
+1  A: 

you can encode it using something called Turck MMCache. i'll have to look up the details for how to encode, but I remember it pretty simple.

maybe this link will help http://turck-mmcache.sourceforge.net/index%5Fold.html

cchampion
This will effectively encrypt the php code. Only problem is there's no way to un-encode it (atleast there wasn't when I used it), so that makes you have to keep an unencoded copy along with the encoded source in your repository. Of course you'll only distribute the encoded php files and this will prevent others from seeing your code.
cchampion
Why would you keep the encoded version in your repository? You would keep it outside of the repo, for sure, but there's no reason to version control the encoded version itself.
Narcissus
+3  A: 

You could try something like Zend Guard to obfuscate and protect the code.

Adam Maras
A: 

I think this is why the Software as a Service model is so popular. It allows you to have customers for your application but you're hosting it and maintaining the service so they can't really see the code, of course. :)

Bartek
They can't see the back-end code, that is. They can still rip off all the javascript and html they want.
JasonWyatt
If you use a JS minimizer it makes the code very hard to rip off because they won't really be able to tell what to use and how things are called without a lot of inspection. By the time they finished understanding it, they could have learned to write it themselves.I don't think there can be such a thing as ripping off HTML. Design/Style? Yes, but not HTML code ... it's just too simplistic.
Bartek
A: 

You could release the code for free.

yjerem
That's a great idea. So you are going to pay for his lunch and rent?
Pekka
pay for his what?? http://stackoverflow.com/users/89334/waiwai933
yjerem
ok he edited his profile, sorry waiwai.
yjerem
+6  A: 

Choose your customers wisely, and use appropriate licence terms.

Alternatively, change your business model so that piracy stops being an issue. (e.g. free software but charge for service and support)

Artelius
+9  A: 

The PECL byte code compiler should do the trick. Unlike Zend guard obfuscation, it is free. At work, we have found that Zend Guard tends to tie you to dated PHP distributions.

Ewan Todd
A: 

There is a number of solutions out there, namely obfuscation and compilation. Among the most prominent products are Zend and IonCube. However, those bring a lot of hassle for the user as well as for you, plus always the requirement to phone home or hard-code the domain. Unless you are writing a piece of software that is extremely likely to be pirated (like a blog), I recommend you just threaten heavy penalties in your License Agreement, ship the source and be done with it. Any reasonable customer will be too scared to pirate the product, and the unreasonable ones wouldn't have paid in the first place. Shipping the source protects the customer's investment as well and is a great selling poing - you never know what might happen: You might go out of business, or step in front of a truck. In that case, with compiled code, the customer is screwed. In my opinion, a one-man business tailoring web applications should always ship the source for exactly that reason.

Pekka
A: 

Copyright and a well written license.

Frank V
+6  A: 

I worked for a commercial entity once. The protection system and license check could be fooled if enough effort was put into it. This software was a hell of expensive. we are talking thousands of dollars per seat license.

When I pointed it out, the answer was: If someone pirates it, they were not going to be our clients anyway, so why bother ? Clients that want your software, pay for it. Time is money. the university student can afford to pirate because his time is cheap and he would not have bought your application anyway. Professional clients don't bother about the license. They pay it and expect a working product and someone helpful to call when things go FUBAR.

Heck... Personally, I paid for my Adobe Illustrator, for my Papers, for my Omnigraffle and for my Cyberduck (yes, even if it's free). Yes, I could have pirated them. No, I did not because I am a fair person, a fair client and I recognize and approve what is fair and what is not with my money. Be fair with your client, they will be fair with you. Those who aren't would have never been your client in the first place.

Now, as for the code, your worry is that someone takes it and includes it into his project ? Do you really believe that copying and pasting your code for reusing it, even unscrambled code, is so linear that anyone can do it without particular hassle ? If you do believe this, then probably you have never coded. Reusing code is difficult even if the code is yours. When it's someone's else code is almost impossible, unless engineered for that. And once copied into a third party app, the final code is clearly dangerous to be released. Do you really think any company wants to go into this kind of trouble? And if they use your code for a strictly internal product, do you really care ? Does a tree falling in the forest makes a sound if no one is there to listen ? Yes it does. No you don't hear and care.

Stop worrying and enjoy your programming life. Keep piracy as a fact, and try to find better ways to make money even with piracy. Insurance companies have a positive business despite fires, burglaries and house incidents actually happen. Do the same.

Stefano Borini