tags:

views:

86

answers:

3
Q: 

PHP - protecting code

Possible Duplicates:
How to protect your software code?
Protect my PHP App

Hi, I have a framework that I am wanting to be able to sell licenses for. I want people to be able to edit the code if they choose to (to a degree) but also I want to try and stop someone paying for the code and then just putting it up for download.

Is there a way that I can keep part of the code ( small piece of code that is ) on a server which each site using my framework will need to connect to use?

any help or ideas much appreciated.

A: 

Zend Guard seems to be the de facto standard. However, a quick google search revealed a couple others:

In the long run, though, all of these just end up pissing off the people who have to make modifications to their server to run a script. My advice, as someone who has both used and released scripts with this type of encryption, is that you not bother, because someone will (given enough time) decrypt it anyways.

Jason B  2010-07-05 06:24:21
+1  A: 

You can... But do you want to?

PHP scripts are not Java servlets. They're not always running; they start when a request commences and they finish when the request stops.

So, which functionality would you put that requires calling home? It must not be in every page, because it would significantly slow down both the client application and your servers. If you have some page that is rarely used (e.g. some configuration page) you could defer some of its functionality to your server. But even then, consider that your client may not want to run code that depends on some server of yours – you may not be able to guarantee it's always online; the client may have its server behind a firewall that doesn't allow outgoing connections, etc.

Artefacto  2010-07-05 06:24:28
Connecting home every request would be definitly to much, as you said, this would slow down the server. Maybe you could solve this with the sessions. You just connect home once a session...
faileN  2010-07-05 06:29:54
@fail You missed the problem. Your underlying assumption is that the script is doing some check to see if it's legit and storing somewhere that information. That would be trivial to bypass. In order to be difficult to bypass you have to move code from the PHP scripts to some remote server (essentially, you are deferring some functionality to some web service). And for that, you need that deferred functionality to be rarely used.
Artefacto  2010-07-05 06:32:56
Still, no business owner in their right mind would want to make their business depend on the reliability of 2 applications + 2 web hosts. You're essentially doubling your downtime.
Lèse majesté  2010-07-05 06:35:38
A: 

That's the problem with script-languages. You can't protect the code in the way, that a user doesn't see it. However if you plan to provide a license and a customer has to buy it, that's the best way I think. If he would upload the code for others to download, you can go to your lawyer.

The way you mentioned, that everybody has to connect to your server is also a solution. But therefore I would not store the framework on your server, but give the framework to you customer and let him register this framework for one domain for example. Then the framework connects to your server and checks if it was called, from the correct domain.

Sorry, my english it not that good to express myself this good, but I hope you get the idea :)

faileN  2010-07-05 06:27:48
This was my initial plan but what is stopping anyone from removing the piece of code that sends the request to my server?
Phil Jackson  2010-07-05 06:32:33
Yeah you are right, but that's the issue about "open languages". However. You could keep track of all you customers in a database. Then if someone offers your framework for free, then you know, that it had to be someone of your customers. So you have a better chance to investigate the case.
faileN  2010-07-05 06:37:57
That's actually a good idea, you could watermark the code (e.g. make subtle changes in the indentation or give some function a different name) so if it leaked you could know who leaked it and sue them.
Artefacto  2010-07-05 06:42:41
hmmm.... random generated code segments for each user... I like it
Phil Jackson  2010-07-05 06:50:28

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases