Solved

How can I protect my PHP code by scrabbling the source

Posted on 2008-10-30
5
374 Views
Last Modified: 2009-11-02
Hello

I've written a site in PHP and my client is worried that the source code could be accessed/modified by their clients. I suggested that we could scrabble the source code so it still functions the same way but when you look at the code most of the variables, custom function names, etc are changed to prevent a PHP programmer from understanding the code well enough to make changes.

Does anyone know of a way or an existing piece of software to do this.

Regards

Jonathan
0
Comment
Question by:jwfranklin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
alain34 earned 168 total points
ID: 22842905
Hello jwfranklin,

You should use a php obfuscator. Use your favorite search engine and pick one. Free and commercial obfuscator are available.

http://www.semdesigns.com/Products/Obfuscators/PHPObfuscator.html

Regards,

alain34
0
 
LVL 4

Expert Comment

by:MattKenefick
ID: 22842959
@alain34

Can he find it if he uses his least favorite search engine?

:) Kidding!
0
 
LVL 16

Assisted Solution

by:hankknight
hankknight earned 332 total points
ID: 22843739
The most fool-proof way to do this is to use Zend Gaurd or IonCube:
   http://www.zend.com/en/products/guard/
   http://www.ioncube.com/

Unfortunatly both these products cost money and require hosting companies to provide support.

All other options can be hacked to some degree.

However you can use a combination of tricks to achieve good protection.

Take a look at PHP's native tokenizer support:
http://www.php.net/tokenizer

This can be used to break your code into such small pieces (very close to compiled) that it would be nearly impossible to get the original source code.

PHP Trasher uses this and other methods to obfuscate code:
http://www.phpclasses.org/browse/file/7000.html
0
 
LVL 16

Assisted Solution

by:hankknight
hankknight earned 332 total points
ID: 22843897
Also, before you obfuscate your code you should first add something in your code to prevent it from working on unauthorized websites.

The following code will cause your application to fail unless it is run from example.com or any sub-domain of example.com such as:
         www.example.com
         subdomain.example.com
         www2.example.com

If some one tries to run this from www.hacker.com it would fail.

<?php
 
$domainName = "example.com";
if ($domainName != substr($_SERVER['HTTP_HOST'], 0 - (strlen($domainName))))
   {
   echo "This application will not work on this website.";
   exit;
   }
 
?>

Open in new window

0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question