views:

73

answers:

3

What is code security?

And also what is obfuscator? Do they have major similarities?

I have been hearing about the security issues of the code. How can we secure our code in php? How necessary is it to make our code secured and how?

+3  A: 

The Obfuscated Code article at Wikipedia is good read there for you :)

Obfuscated code is source or machine code that has been made difficult to understand. Programmers may deliberately obfuscate code to conceal its purpose or its logic to prevent tampering, deter reverse engineering or as a puzzle or recreational challenge for readers. It is a form of security through obscurity. Programs known as obfuscators transform readable code into obfuscated code using various techniques that might induce anti-debugging, anti-decompilation and anti-disassembly mechanism. Code obfuscation is different in essence from hardware obfuscation, where description and/or structure of a circuit is modified to hide its functionality.

Sarfraz
+4  A: 

Secure code is such that has little or no vulnerabilities that can be exploited by malicious users.

Obfuscated code is code that is intentionally made hard to read.

Obscure code is code that is unintentionally hard to read and also probably insecure.

Mchl
+1  A: 

Code security in a nutshell means that your code does what you want it to, and nothing else. Badly written, insecure code can have side effects, that users might be able to exploit. SQL injections is one good, common example.

It is very necessary to write secure code, especially for open-source projects where other users could easily find your vulnerabilities otherwise. As to how to write secure code, that's a bit more difficult question. The best answer would be with experience. It's hard to protect your code against something before you know what to protect it against. However common sense and some basic steps like always escaping unsafe user input go a long way.

Obfuscating code is simply taking user-readable code, and turning it into something that is not so readable. There are many reasons to do this. One reason is to make it harder to find vulnerabilities from your code, but it by no means prevents it. Another reason is to make it harder for people to make modifications to your code, which is what you might want to do for commercial software. But there are better alternatives in that case, like using Zend Guard

reko_t