Protect PHP code

Howdy! This might seem like a strange question bit I’m strange anyway so here goes. Is there anyway to create a wrapper application that would execute php code but not let folks get to the php code to view or change it? Or have a front end java application for folks to download, run as a desktop application and run the php from a server? I’d like to protect my php code from unauthorized use. Thanks for not calling me stupid.

Thanks for the enlightening discussion. I’ll look into the cloud while I’m developing. I have a target date of Feb. 1, '11 for launch as I am writing all the code and structuring the biz. I’ll drop you a line.

If you are running from a server then users can’t see your php but if you’re running a desktop app of some kind then obviously things are different. I’ve done similar things before and used an encrypted SQLite database. For example:

  • create a text file that contains the SQL to create a database, ie tables and data to contain your php scripts
  • compress and encrypt the database. In my case I used the zip format and Blowfish
  • when your app starts, read in the encrypted file, decrypt and decompress then
  • create an in-memory database ie SQLite :memory:
  • now when you want to call a php script, get it from the in-memory database and submit to your php engine

In one of my apps I used an in-memory database that was created from a compressed and encrypted 10 MB SQL source file. This app was written in C++ and the app took about 5 seconds, at start up, to decrypt, decompress and create the :memory: database. If you use a scripted language like php it will take longer.


Yes, a cloud app is what I had in mind. If your app is a paid service then your users log in so nothing is open. I assume that the users are creating templates for use on their own websites so it might work for them by using the web app to create and view templates ie you provide a sandbox on your server. The templates are saved in a database and when the user is satisfied, they download a package that they use wherever they wish. You just generate a zip from your database.

You also have other options for the platform. For example, Google Apps and Amazon AWS. They present different ways of doing things but are worth looking at. I think both of these are ultimately paid services but basically you only pay for what you use. Like me, you’re finding out that there are many ways to do these things. The trick is deciding what is the best fit for a given app.

Let me know how you go. If you like you can send me a private message.

The only reason I’m leaning toward a client to server type system is perception and marketing. The application I’m building is a template builder. The perception of online template builders is not very positive and most seem quite cheesy with poorly designed user interfaces, not to mention the god awful styles. The lack of features and options, make the reputation well deserved, I believe. Yes, most of them are offered as a free service but I’ll not be following that model.

I am thinking that if I could package the system with the feel of a desktop application and the general perception my not be associated with other template builders. When I say the feel of a desktop application, I mean the file and directory handling would be local. Where one could view instantly the new directory structure and pages they have generated with those directories readily available to plug-in. Maybe a cloud application! Is that what you speaking of?

I could package the thing for extraction and use on a local web server, but that leaves my code open and I don’t want that at all. There’s too many lazy butt faces out there looking to steal whatever they can. And that includes code.

It looks like a cloud type situation might be the best as you said. Hey Wyndella, I appreciate your time.

Is there any particular reason for using a local web server? Also, does your app have any special requirements that would preclude it using a remote server? I ask because you can have your cake and eat it by developing a pure web app.

This approach allows your clients to use the browser as a thin client and you do the heavier work on a remote server. If you don’t currently have a web hosting package then perhaps consider investing in one. The cost is not huge and for 200 to 300 dollars a year or less you can get your own domain, http server, mysql server, email addresses etc.

Then all of your php goes server-side and you write your app in javascript, css, html and use AJAX etc. There are lots of free js and css libraries and frameworks and with HTML 5 looming up along with CSS 3, you can do almost anything a desktop app can do and have tighter control over security and distribution.

The downside is you won’t get the speed of a desktop app, the upsides are that the release and update issues of desktop software disappear, your app can be run from anywhere the user has access to a computer/mobile device and the net, you enhance your web development and design skills, you avoid things like Java and C++ etc so development time is much quicker. Don’t overlook also that there are many good php frameworks around, things like CodeIgniter and CakePHP for example.

I’m not trying to put you off from doing what you decide is best, after all that is your choice. I only suggest these things because I have already used the kind of application model you are considering and it works fine. But it is a time-consuming and costly way to go and, with the benefit of hindsight, I think the pure web app is a better solution. That’s what I am planning for the future.

Very interesting concept, if one could speed up the process. 10MB and over 5 seconds to load, would both render the usability frustrating at best. However, I don’t think my db will be that big, maybe 500k or so. I may test it.
I’m not very well versed in this type of thing but I was thinking that a java language client used as a desktop type application with local file handling and database capability while handing the http calls off to and from the server to process code. Of course this is all theory and conceptual. A local virtual server similar to apache so the user wouldn’t have to install an AMP application. My brain hurts.