PHP code safeguard technique for Remote call, scenario based

Question

hi,

I am thinking about safeguardimg my php code in a different way for my project, but it may be childish method. Please let me know alternative or pros and cons of this method.

Both client and server has LAMP.

Client system holds client sensitive data, which will not be shared to the server. Client will have Auth key to access server.

When client requests the server using the Auth key, after server verifies it, server will send the php code to client for the execution. The Php code will be executed in client and it will connect to other sites from client for processing.

Client will use remote include to get code and execute.

<?php include('http://www.example.com/clientCode.php'); ?>

Client side files is provided by Server admin, with ioncube or zend safeguard encoded one.

So they will not know the PHP code (my assumption). Also client server interaction will be processed through secure connection.

Answer 1

Including the remote file like that might not work as expected, as the included file is actually executed on the remote server and the result is included in the script that invokes it, not the the actually PHP code from the included file.

If that is what you wish, then that's ok; but you can't transfer the actual PHP code from the remote server.

However, if you MUST transfer the actual code from the remote server to the client, than you could create an API that takes care of the authentication and authorization of the client, reads (without interpreting) the desired PHP file, and then sends it to the client. You could then either eval the code, or cache it as a local file on the client.

Answer 2

You will need special encryption software like Zend Guard if you want to protect your code from your clients.