SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: Securing Script

  1. #1
    SitePoint Addict Shaydez's Avatar
    Join Date
    Jul 2006
    Location
    Boca Raton, Florida
    Posts
    352
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Securing Script

    I finally finished my application now i need to secure the code. does anyone recommend any methods?

    I was thinking of having a license and engine code on a separate server; and have majority of the database design on a separate server. I'm wondering if passing MySQL query over 2 different server over the internet would impact the performance / loading time of the website.
    Sr. Website Developer and Internet Marketing
    www.CarlosJa.com Note: If anyone
    needs to get ahold of me please feel free to email me through
    my site. Apparently i missed quite a few private messages.

  2. #2
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are trying to hide your source code, I would suggest using a php comiler.

    Compiler used by facebook https://github.com/facebook/hiphop-php/wiki/

    Open source compiler http://www.phpcompiler.org/

  3. #3
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Take a look at Zend Guard or IonCube.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  4. #4
    SitePoint Addict Shaydez's Avatar
    Join Date
    Jul 2006
    Location
    Boca Raton, Florida
    Posts
    352
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Arrow

    what about handling licenses. is that monitor via mysql?

    Table
    id | client name | website | join | expire
    1 | waka waka | waka.com | 12/21/2010 | 12/21/2012

    and i can have a script that runs and checks the offsite database every day for validation?

    Volution and other major eCommerce stores keep their sites on their own servers. so its easier for them to lock up their stuff.
    Sr. Website Developer and Internet Marketing
    www.CarlosJa.com Note: If anyone
    needs to get ahold of me please feel free to email me through
    my site. Apparently i missed quite a few private messages.

  5. #5
    SitePoint Addict Shaydez's Avatar
    Join Date
    Jul 2006
    Location
    Boca Raton, Florida
    Posts
    352
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I used Zend Encoder and everything worked like a charm. So I gave the application to someone with confidence.. and they used some type of decoder or something and read me parts of my code that they didn't understand, that was encrypted.

    Is code safe these days :/
    Sr. Website Developer and Internet Marketing
    www.CarlosJa.com Note: If anyone
    needs to get ahold of me please feel free to email me through
    my site. Apparently i missed quite a few private messages.

  6. #6
    SitePoint Enthusiast
    Join Date
    Dec 2007
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It'll always be possible to reproduce source code; even compiled code must follow rules (otherwise how would a processor understand it!) and so it can be reverse engineered.

    In this case you're using an interpreted scripting language and merely obfuscating it... even easier to break

    This is why, as you mentioned, many people provide hosted services. This allows the provider to have full control of licensing and ensures nobody gets to see the source.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •