SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Zealot
    Join Date
    Jun 2003
    Location
    Italy
    Posts
    112
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    php source code protection

    Hi,
    I developped a SW for restaurants, pub, ecc... and I need a system to protect it.
    It's developped in php (and html, javascript, mysql) and runs by an Apache webserver (phpdev 4.2.3)

    The my setup process copies the .php files inside the end-user PC.
    Therefore I have to copy on the end-user PC the .php files, that is the source code files.

    I had to main requirements:
    1) to encrypt the .php files so that the source code cannot be saw.
    2) to deny the access to the folder containing all the php files (that are hundreds...). I mean that I want to avoid that this folder can be opened/read/copied, while of course Apache must be able to run it. A solution could be that the encoder produces an unique big encoded files instead of to get all the files encoded one by one in the same folder and subfolder structure of my source code folder.

    If somebody knows a product or a solution for me, I'll really apprieciate it.
    I found many php encoders, but those one I tried don't hyde the folder structure.


    Thank you in advance
    Fausto Pricoco
    fausto.pricoco@tin.it

  2. #2
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I think your best option here is to setup APACHE in folders with random names. Encrypting seems over-the-top IMHO.

    What I do when I make software in PHP is hide APACHE in a folder called:
    C:\Documents and Settings\[username]\My Documents\systemdll\dll_old\dll_system
    Whilst also adding random folders to the parent folders. This misleads people into thinking that the folder is full of important DLL files which shouldn't be messed with. Also, change the .PHP extension to a random 3-letter extension, such as .SPT, or even .DLL (haven't tried using DLL, so i'm not sure if .htaccess will accept it), and enable it in .HTACCESS to parse as PHP, using:
    Code:
    AddType application/x-httpd-php .[ext]
    replacing [ext] with your chosen extension.

    This will stop people from knowing the root directory (And they would have to be SERIOUSLY determined/bored to do so, and even if they did, the next step would stop them in their tracks), and also change the extension so they can't search for PHP files.

    There might be better ways, but I find it useful.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  3. #3
    SitePoint Zealot
    Join Date
    Jun 2003
    Location
    Italy
    Posts
    112
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi again,
    first of all than you very much, your solution could be very useful!

    I have another question, sorry but I'm not so expert...
    at the moment, all my php files are inside the dir "...phpdev/www/xxx/" , that is then my "http://localhost/xxx" dir.

    According to your solution I should locate the my php files in a dir not inside "...phpdev/www" but for example inside "C:\Documents and Settings\[username]\My Documents\systemdll\dll_old\dll_system\xxx\";

    How can I configure Apache in order to set that "C:\Documents and Settings\[username]\My Documents\systemdll\dll_old\dll_system\xxx/" is the my "http://localhost/xxx" dir?

    Consider that I have hundreds of php files, therefore is not easy to modify all for the path "http://localhost/xxx", it could be better for me only change some setting (may be in Apache) in order to modify the localhost path.

    Because I'm not so expert may you insert me an example code of how to change that setting?

    If it could be useful for you, I use a freeware encoder/optimizer (Turk MMcache), that encode all the php files. The my problem is that it leaves unchanged the folder structure... if you need it I can send you by email with some use instructions.

    Thank you very much in advance
    Ciao
    Fausto

  4. #4
    SitePoint Zealot
    Join Date
    Jun 2003
    Location
    Italy
    Posts
    112
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have an crazy solution, but it's too complicate for a bad programmer like me:
    to have a module/application (may be it could be also php...) able to:
    - receive in input a folder (containing .php files, also inside subfolders)
    - delete all the comments form the files
    - gives in output an unique big php files with the same functionalities of the php folder.
    Then you could encrypt the big .php file (for example using a free enconder like Turk-MMcache) and may hide is random directory with a strange name and extension.
    Is it so crazy ??????

  5. #5
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  6. #6
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Really in the end it is point less to try and hide. The more you try to hide/obscure it the more people want to see inside. If someone really wants it they can get it with the right about of time and knowledge.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •