encrypting htaccess code

Forum Moderators: phranque

Message Too Old, No Replies

encrypting htaccess code

protecting source...

happystinky

11:12 am on Aug 3, 2005 (gmt 0)

Hi.

I've searched for the answer to this question everywhere I can think of.

I have htaccess code that I intend to sell to customers. This code's purpose is to control the way a 3rd party perl script operates.

Is there a way to encrypt the actual htaccess rules so that my competitors cannot view, steal and resell my ideas as their own? I only say this because this very thing happened to me in the past.

If not, is there a way to put something in a perl script or php file or something that would serve rules into the htaccess file on the fly or ANYTHING that might be a solution to this rather bizarre problem? Thanks!

Gdog

zCat

11:34 am on Aug 3, 2005 (gmt 0)

If the code is going to be on your customer's servers, there's no way of encrypting any script languages or configuration files. Somehow the server has to have access to the plaintext files to interpret them.

You could replace the htaccess with a very obfuscated mod_perl module: Perl is good for obfuscation, and mod_perl is an arcane art not easily understood by the PHP generation ;-). That still wouldn't be a real hindrance to reverse engineering.

The only way to get the kind of protection your'e looking for would be to write your own custom Apache extensions in C and distribute them as binary modules. (Yes, even these could be reverse-engineered but only with exponentially greater effort).

happystinky

11:31 pm on Aug 3, 2005 (gmt 0)

That is very helpful I appreciate your thoughts very much zCat, thank you. You know, even a good, simple deterrent would do. I'll see if I can find a way to do as you suggested.

In the meantime, any other recommendations?

jdMorgan

11:58 pm on Aug 3, 2005 (gmt 0)

Your best bet might be to copyright the code with a registered copyright, include the registered copyright notice in the code you sell, and require your clients to sign an end-user licensing agreement in which they acknowledge your copyright and agree not to distribute or re-use your code, and agree to always keep your copyright notice in the code.

Jim

happystinky

12:42 am on Aug 4, 2005 (gmt 0)

Thank you jd. That is always the simplest approach. Doesn't stop the 'eeeevil' people but on the other hand, it is a nice thought that a simple copyright notice would stop a thief.

I'm just afraid that because it has happened before I already know the charachter of the fellow doing the damage. As far as this guy goes, hanging a sign saying, 'this code is protected by copyright' might not do the trick. Although I appreciate your thoughts, I think this would be kind of like hanging a sign at a bank saying 'robbing us could lead to a prison sentence' all while leaving the doors unlocked and the vault open. Ouch!

A nice thought but maybe a security system would prove to be more effective. However, finding the best security system might not prove to be an easy task :(

Any other thoughts? Thanks.

jdMorgan

12:52 am on Aug 4, 2005 (gmt 0)

Perhaps you missed the part about the registered copyright. Violation of a non-registered copyright, which accrues to the author of any published work, can result in the a court awarding actual damages to that author. Violation of a registered copyright can result in the awarding of actual, plus punitive damages. Big difference.

Maybe it's more like the equivalent of making bank robbery punishable by the incarceration of your entire family. If your code is worth charging for, then it's worth a registered copyright. It's basically either that, one of the other suggestions above, or just don't worry about it...

Jim

happystinky

1:15 am on Aug 4, 2005 (gmt 0)

-------------
Maybe it's more like the equivalent of making bank robbery punishable by the incarceration of your entire family.
-------------

Lol! Yeah, maybe so. Well, that would probably do the trick then.

Thanks for all your help...Very much appreciated.