Programming - - By Thomas Rutter

Closed-Source PHP

To some developers, one of the large drawbacks to PHP is that it provides no official method for distributing closed-source, binary web applications. Developers of commercial applications often want to keep their source code private, for various reasons.

There are, however, some third-party solutions. From the people that brough you the PHP interpreter comes the Zend Encoder . This encoder converts your PHP into a binary form which Zend calls ‘Zend Intermediate Code’. Zend Encoder’s major drawback to small developers is its price tag, currently $2400 US. Binaries created with the Zend Encoder can be executed using the free Zend Optimizer, which is installed on many LAMP hosting accounts, making binaries created with the Zend Encoder somewhat portable.

A competitor to the Zend Encoder is ionCube’s PHP Encoder. The cost of the PHP Encoder starts at $199, making it more affordable. To use the binaries generated by the PHP Encoder, you’ll need to have their PHP Accelerator installed on the server, which is not as common as the Zend Optimizer. It is therefore likely to be less portable.

Also available is Turck MMCache. Recent versions of MMCache include an encoder and loader for PHP, allowing PHP scripts to be distributed in an intermediate binary form. The price is right – MMCache is free and open source. It is also likely to be more attractive to hosting companies, as it can be installed at the same time as the Zend Optimizer.

Alternative products exist that do not distribute a compiled version of the application, and thus may not require an interpreter installed on the server. However, such products tend to rely on either code obfuscation, or source code encryption. The problem with both of these is that the source code can be accessed by somebody with programming skills, even though it may be difficult.

Code obfuscation changes the names of functions and variables to strange, garbage-like names and removes all your formatting. This makes it very hard to understand the code, though if somebody really wanted to borrow from it or modify it, they could.

The problem with source code encryption is that you will also need to supply a means of decrypting the source along with the key to do so. This gives users all they need to decrypt your source. The user will need to either install a binary executable (such as a PHP extension) or a PHP script to decrypt the files, and the user can reverse-engineer this to obtain the source code. The decrypting process also detracts from performance.

Some may claim that distributing PHP applications as ‘closed-source’, in binary form, is a bad thing as it is detrimental to the open source community from which PHP itself comes. However, The PHP Group themselves are happy for PHP to be used commercially – the PHP license is very permissive in order “to help PHP become as popular as possible”. I would argue that if being able distribute their applications in binary form only allows more developers to switch to PHP, it is a good thing for PHP.

Sponsors