Zend Encoder [zend.com]

try Googling for "turck mmcache"

Also check out ioncube and codelock
Codelock is not secure though.
But it takes a PHP geek to decrypt the source (I had one of em decrypted mine!).

It is safer to go for ioncube or zend.

[edited by: jatar_k at 3:22 pm (utc) on Sep. 4, 2004]

Has anyone tried one of these? I'm looking into putting a number of customers on a shared codebase CMS, and had thought of elaborate measures to protect the php code, like using non-php file templates and only allowing them to upload to directories with an .htaccess file that prevents php file parsing. However, first version is likely to be on a WHM reseller's account to keep initial costs down, and since I don't have enough knowledge at the moment to consider myself competent in server management (and that's on a shared server), so in the beginning stages, anyone who wanted to could just find someone with an account on the same server and do some directory traversal.

I'd like also to be able to have some config files pulled in - I guess I could make them non-php and parse them, but that's just more overhead.

Thoughts?

I just set a php_include_path in http.conf and store any code libraries there. They're "included" in each site as if they were local but the actual files are outside the web-space and user-space.

You could use ioncube to encode the portion of your script that sets the base URI (domain name) so that your installation only works with theoriginal domain name.

I hate it when vendors do that, but I must admit that it works well as a copy guard. There are cases where a customer should be able to change the domain name.... so you would need to accommodate that with support.