Lock Php Code?

[cmcarey]

Hey, first post here.

I need to know if it is possible to lock a certain line into a php file, whatever method, so that when I distribute this php file I always have a way of remotely disabling it.

I would prefer if it involved the default libraries rather than having to install / recompile php and other libraries, but if needed then I will.

 

Cheers,

CM

[ManiacDan]

PHP is not a compiled language, it is interpreted. The source code is always available. There are expensive products like ioncube which attempt to obfuscate the code so something like this is possible, but it's not possible to simply push a button somewhere and "lock" your source code.

 

As an aside: I would never buy a product which relies on your server being up in order to work.

[cmcarey]

PHP is not a compiled language, it is interpreted. The source code is always available. There are expensive products like ioncube which attempt to obfuscate the code so something like this is possible, but it's not possible to simply push a button somewhere and "lock" your source code.

 

As an aside: I would never buy a product which relies on your server being up in order to work.

 

This is a temporary solution for a large scale project I am currently coding.

Is there any way for it to require an external php file which tells it the mysql password on each run?

 

Cheers,

CM

[Psycho]

This is a temporary solution for a large scale project I am currently coding.

Is there any way for it to require an external php file which tells it the mysql password on each run?

 

Cheers,

CM

file_get_contents();

 

But, yeah, what you are asking to do sounds very problematic. At the very least it is going to introduce a slight delay in processing. At worst it could prevent the application from running if there are connectivity problems

Edited September 28, 2012 by Psycho

[ManiacDan]

You need to pay someone to do this. Because you don't know how, any solution you come up with could be circumvented by anyone with higher skill than you. If you use file_get_contents(), you'd have to either use eval() (which is wrong) or force your clients to turn on allow_url_fopen and require() a remote file (which is not only wrong, but a serious security flaw). Even so, I could just as easily pull that file down by hand and replace your security code with a local version.

 

The only true way to protect your PHP code is to not give it to anyone. Have this demo or whatever run on your server, don't distribute the code.

[Christian F.]

Not to mention that the connection details would be easily available to everyone who wanted to see them, by simply visiting the same URI in any kind of browser. Which would end up as a huge security issue, unless you added quite a bit of security layers to it.

Though, in the end the ones running the code would still be able to see the details quite easily. Which means that all of the extra work added to get this secure was a waste, when compared to the original intent.

 

As Dan just posted: The only way to keep your code (relatively) safe, is to keep it all in house and not let any outsiders get access to run any custom code in your system.

[Mahngiel]

even if you used an API to check cross server, if the end user has the code, they have the code. there are better ways to profit from your work without trying to figure how to control it. look at the major entertainment studios: sure their products are infringed by some users, but a majority of people will pay for quality products.

[Psycho]

Even so, I could just as easily pull that file down by hand and replace your security code with a local version.

 

Um, yeah. I have no idea what I was thinking.