Solved

How can I protect my PHP code by scrabbling the source

Posted on 2008-10-30
5
370 Views
Last Modified: 2009-11-02
Hello

I've written a site in PHP and my client is worried that the source code could be accessed/modified by their clients. I suggested that we could scrabble the source code so it still functions the same way but when you look at the code most of the variables, custom function names, etc are changed to prevent a PHP programmer from understanding the code well enough to make changes.

Does anyone know of a way or an existing piece of software to do this.

Regards

Jonathan
0
Comment
Question by:jwfranklin
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
alain34 earned 168 total points
ID: 22842905
Hello jwfranklin,

You should use a php obfuscator. Use your favorite search engine and pick one. Free and commercial obfuscator are available.

http://www.semdesigns.com/Products/Obfuscators/PHPObfuscator.html

Regards,

alain34
0
 
LVL 4

Expert Comment

by:MattKenefick
ID: 22842959
@alain34

Can he find it if he uses his least favorite search engine?

:) Kidding!
0
 
LVL 16

Assisted Solution

by:hankknight
hankknight earned 332 total points
ID: 22843739
The most fool-proof way to do this is to use Zend Gaurd or IonCube:
   http://www.zend.com/en/products/guard/
   http://www.ioncube.com/

Unfortunatly both these products cost money and require hosting companies to provide support.

All other options can be hacked to some degree.

However you can use a combination of tricks to achieve good protection.

Take a look at PHP's native tokenizer support:
http://www.php.net/tokenizer

This can be used to break your code into such small pieces (very close to compiled) that it would be nearly impossible to get the original source code.

PHP Trasher uses this and other methods to obfuscate code:
http://www.phpclasses.org/browse/file/7000.html
0
 
LVL 16

Assisted Solution

by:hankknight
hankknight earned 332 total points
ID: 22843897
Also, before you obfuscate your code you should first add something in your code to prevent it from working on unauthorized websites.

The following code will cause your application to fail unless it is run from example.com or any sub-domain of example.com such as:
         www.example.com
         subdomain.example.com
         www2.example.com

If some one tries to run this from www.hacker.com it would fail.

<?php
 
$domainName = "example.com";
if ($domainName != substr($_SERVER['HTTP_HOST'], 0 - (strlen($domainName))))
   {
   echo "This application will not work on this website.";
   exit;
   }
 
?>

Open in new window

0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Add email address from a web page to outlook 2010 contacts ? 8 41
selector:validator cookies 4 30
Row insertion failed. Array 5 48
Wordpress Query 5 27
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question