Geek Answers Handbook

PHP code security experience

I know that there are a number of programs for obfuscators / code licensing for PHP. I wanted to know if someone really used them and what their experience was.

Please note: I do not want to know the available solutions. I want to know your experience using one of these solutions. Is it worth investing, say, $ 200, buying an obfuscator code, etc.

I honestly would prefer something that does not have a bootloader, etc. I know that this increases the chance of hacking, but I just want it to be a harmful factor for them.

Thank you for your time.

+6
php obfuscation
source share
4 answers

My experience was that it was a waste of time. People will be able to duplicate your efforts, regardless of the source code.

This is a false sense of security IMHO

+4
source share

I also used IonCube . I found the whole process quite simple. From creating an account on your website, to downloading and installing software, and buying a license was completely direct and painless.

Using the application is simple. You can tell which files to encode, and you can even put a comment header in each encoded file so you can put something like "This file is encoded for copyright protection. Please contact my company for questions ... and etc. " The nice thing is that it does not have a bloat function - it does what it says, plus a few nice functions, without too much complexity.

An IonCube encoder can also obfuscate files other than PHP, such as Javascript files. You can say that he put the encoded files into a new folder on his own or copied other unmodified files with him, so you kind of “build” the project. I found that this is a lot, and I can continue to use it without having to pay for a new license if I do not want it on another computer or do not want a new version. Therefore, I paid once and have been using it for 3 years.

Several disadvantages of encoders in general. 1- you can no longer edit files "on the server", which, despite the fact that this is bad, in any case, it prevents you from making emergency corrections if you do not have access to your computer (for example, if you are on vacation) .

Secondly, if you change the project and add new files for encoding, etc ... you must update the settings of the IonCube project to include new files that need to be encoded. I guess I just find the added step a little annoying, but worth it if you need to protect your code and give users access to FTP.

You can also use this encoder no matter which IDE you use, because it is a standalone application.

I agree with some other reports that coding is not an ideal solution and in some way contradicts some people's feelings ... but for me this provides a piece of mind.

+1
source share

Our SD PHP Obfuscator can obfuscate giant source code systems, easily configure for obfuscation, add zero overhead to obfuscated code and does not require any special loaders or configuration of the target system (the target system launches your software as if it were not confused )

With small files, obfuscation is of limited value. But then we all agree that protecting a small program is a stupid idea.

With large file systems, cross-file scrambling is very difficult to restore the source. Do not let people tell you that they can easily redesign such applications; ask them about your specific experience in such matters, how large the application (number of files) is and how much time they spent. Regular code is hard to understand, even with comments. Obfuscated code is much worse.

Follow the directions in response to the comment on the original question: well-designed obfuscators (including SD) do not violate your code.

+1
source share

I used ionCube and I like it. It works faster and is quite confusing code. It runs on Linux and Windows, which covers most server platforms.

The only drawback is that, due to licensing, you are not allowed to automate coding, so I think you should not use it in your CVS or SVN script after committing.

0
source share

More articles:


All Articles