homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

Protecting PHP Code
Encryption or Obfuscator?

 9:58 pm on Jan 1, 2010 (gmt 0)

Hello everyone,

I have a PHP program that I have created and would like to offer to customers. I currently use IonCube for encryption but I'm finding many customers don't know how to enable support on their hosting/server for this type of encryption.

I'm looking for a better way to protect my code while still offering it to my customers. Does anyone here have any experience with offering a PHP application that works across most hosting accounts but still protects the PHP code?

Is it possible to setup an external "offsite" PHP include that houses all the PHP functions? Or, do most hosting accounts not support this?

Thanks in advance for your help!



 11:07 pm on Jan 5, 2010 (gmt 0)

I have been thinking about this same issue lately with my most recent project. But you are going to have issues setting up trust relationships between servers, and in most shared enviroments this wont be possible.

You could build your own API that accepts HTTP requests and return the data in JSON or XML.

You supply open code wrapper that makes calls to this api via curl or fopen and return the work. Probably would be a lot of work to recode your application, but might be worth it to keep it safe.


 11:11 pm on Jan 5, 2010 (gmt 0)

One other idea, the way I have gone with my latest web app, is to start your own hosting company.

Virtual Dedicated, and Dedicated servers are pretty cheap. If you code is that valuable, people may be willing to switch over to your hosting company to have access to this code.

Will take some work to build everything, but with Enom, for purchasing domains and SSL, and Cpanel/WHM for management, you can build something fairly quick, and remarkably cheap.


 1:18 pm on Jan 6, 2010 (gmt 0)

Thanks Willis! The XML is a good idea but might be a bit taxing on my server if I get multiple people using my application.

I already offer hosting and considered the option of offering the hosting with the application and not providing them FTP access.

Do you know anything about setting up an API or Serial for the code? I already created a PHP function that creates a serial number based on their domain but it is in the code so they would be able to see the function and how it works.


 11:28 pm on Jan 6, 2010 (gmt 0)

That is the problem with having the code being translated by a function/method that the user has access to.

Im really not too sure. Dont know what you can do to "truly" protect your code. PHP compiles on the fly, so the code is visible to whomever is running it at 1 pointe or another.

However, you can run code precompiled, however I do not know if this will solve your cross server problems. There are a couple of places you can take a look at thanks to wikipedia.



I dont know much about these, but the first one offers obfuscate (experimental though).

And precompiled PHP code unlike JAVA; I dont think there are decompilers out there, so this might protect you fairly well.


 3:37 am on Jan 7, 2010 (gmt 0)

Thanks again for the info. I will look over the two links to see if I can figure out a solution.


 1:39 pm on Jan 7, 2010 (gmt 0)

most every php host have zend optimizer (not zend engine, but the optimizer) installed by default - see it using phpinfo(). suggest it over ioncube.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved