I have finished my new php script, and I'm about to sell it. I want to encrypt/encode/obfuscate or any thing that will enable me to protect my code. I read every single post here about this matter, but I didn't get any clue. Is there any FREE tool I can use? Do you have other ideas on how to protect my code, so that nobody can resell it with their name?
+8
A:
What you want is called an obfuscator. There are many available for PHP, but they all have one thing in common: they will only stop casual observers from reading your code. A determined person with access to your files will be able to decode it and get the original (mostly) back again.
You also need to couple with the fact that once obfuscated, the person buying your code is not going to be able to debug it, fix any problems or add features of their own. If I bought a PHP script from someone and it came back obfuscated, I'd ask for my money back because obfuscated code is completely useless to me: I'd have to contact you (and you'd probably want to charge me) for every minor thing I wanted changed.
Dean Harding
2010-07-05 23:39:35
+1 great points. Also, why would you want to penalize your paying customers?
Alan
2010-07-06 00:12:51
+1 Obfuscatation is often a good sign for low quality code, flaky security, and even problems in the basic application structure.
mario
2010-07-06 06:35:12
The mere existence of an application is often the sign of low quality code, flaky security, and even basic problems. This is a symptom of the lousy quality of software in general (and especially in the PHP world), not of obfuscation.
Ira Baxter
2010-07-06 17:54:13
A:
There isn't much that you can do. There should be a PHP obsfuscator out there, but the client will need something to un-obfuscate it. That said, obsfucation isn't exactly secure. Even compiled languages can be reverse engineered with the right know-how. Best bet? Get a good lawyer and keep an eye on the market.
Brad Heller
2010-07-05 23:40:11
The client will *need* a PHP un-obfuscator? Not for products that ship using one; such products are intended to be delivered for production use of the code, not for hacking on it. If you as a client *insist* that you want the source code to hack on, then you aren't buying a product; you're buying a prototype. That's fine; just be clear on the nature of your business deal.
Ira Baxter
2010-07-06 17:56:52
+1
A:
You could check out the php compiler. It should make your code as secure as c would be, and much cheaper than a lawyer.
amccausl
2010-07-05 23:40:36
this seems promising but I use windows and don't know how to use it
Naughty.Coder
2010-07-05 23:56:32
Lèse majesté
2010-07-06 03:45:57
Anybody that ships an application program with a copyright string that isn't protected from outside modification is subject to this. Computing a checksum on the copyright string is pretty trivial, and the outcome can be used to make the program function poorly, which effectively stops such changes. So majeste's attack is easily avoided.
Ira Baxter
2010-07-07 20:01:54
+1
A:
The simplest terms requre obfuscation - which simply makes the code harder to read, though it can still be reverse engineered. Products like RaizeLabs, POBS and CodeEclipse are free.
You may wish to actually encrypt your code with a commercial product like Turck MMCache, or Zend Guard, though be aware that these may require special PHP modules running on the server. If you use one and your clients don't have full control of their hosting servers, they may not be able to use your tool.
Chadwick
2010-07-05 23:50:58
I liked POBS ,, but is not is a bit old .. it's latest version is from 2003
Naughty.Coder
2010-07-05 23:58:45
... and encrypted solutions have easily web-found decrypters. Pure encryption solutions really are pointless. (Some tools offering encryption offer more than just encryption; you'd better like the other parts of such tools).
Ira Baxter
2010-07-06 17:58:27
+1
A:
How about converting your PHP code to C++? That way it can be compiled to machine code.
HipHop for PHP does it for you.
http://stackoverflow.com/questions/1090124/convert-php-to-c-code
Luca Matteis
2010-07-05 23:59:23