Jump to content

How to protect PHP source code


ptt

Recommended Posts

If you're talking about protecting the actual PHP files from being seen, I don't think it's really possible. However if you're referring to the source codes that are shown on a website when the page is done loading, you can do this using a mixture of random encoders.

 

I think you can also set the permissions on the files if you understand how they work.

Link to comment
Share on other sites

If you're talking about protecting the actual PHP files from being seen, I don't think it's really possible. However if you're referring to the source codes that are shown on a website when the page is done loading, you can do this using a mixture of random encoders.

 

I think you can also set the permissions on the files if you understand how they work.

No, I am talking about the real php files on server.

many guys can access that server, and one of them maybe copy and reuse my php code 

Link to comment
Share on other sites

You started by saying you needed to let "them" see your code.  Did you mean your php code, or the html code that is produced BY that code and that is then sent to the client? 

 

1 - They can't see php code from  a browser - it just doesn't work that way.

2 - In order to "see" your PHP code, they would have to download it from the server and use an editor on their client.

3 - If you don't want them to be able to do that you could move the php files to another folder and not allow ftp access to that folder so they can't download them.

 

You need to clarify what you want to allow and what you don't.

Link to comment
Share on other sites

No matter what type encoding you try, if someone really wants it they can get it. You would just be making it take more work to get it.

 

If you really want to protect code use something like an API or SaaS, never let them see the code and host it elsewhere.

 

Another method is to include some vital code from another server needed for the full code to work.

Link to comment
Share on other sites

They are commercial products.

Do you know other free solution?

Anything free is just going obfuscate your code which basically means to make it humanly unreadable. It is by no means encoded. It is referred to as "Security Through Obscurity". It will keep the average Joe from knowing your code but is easily circumvented by anyone with a little knowledge.

 

You can get godaddy hosting for a dollar a month. Why would you put your site on your partners server if you are worried about him seeing your source code?

Link to comment
Share on other sites

And while Godaddy is cheap I've heard that they are not the best people to trust with your server needs.  Certainly not in tech support!  Find a hoster that offers the products you need (php for one, MySQL for another, emails, backups, ftp access) and offers support (while you will be doing the work, sometimes you need them to step in and make adjustments for you or to clean up email/ip problems when they occur) that is responsive.  I've heard that GD doesn't respond very well when asked for this kind of help. 

 

Personal plug here:  123ehost.  Disclaimer: I am not an owner or employee, just a happy customer for several years.  Cost - anywhere from $3 to $20 a month depending upon your needs and demands.

Link to comment
Share on other sites

Anything free is just going obfuscate your code which basically means to make it humanly unreadable. It is by no means encoded. It is referred to as "Security Through Obscurity". It will keep the average Joe from knowing your code but is easily circumvented by anyone with a little knowledge.

 

You can get godaddy hosting for a dollar a month. Why would you put your site on your partners server if you are worried about him seeing your source code?

They required me to do that. And It's hard to deny.

Link to comment
Share on other sites

No matter what type encoding you try, if someone really wants it they can get it. You would just be making it take more work to get it.

 

If you really want to protect code use something like an API or SaaS, never let them see the code and host it elsewhere.

 

Another method is to include some vital code from another server needed for the full code to work.

I have seen the introductions of Zend Encoder and IonCube .

They are  expensive to me, but I so impress on them.

As i see, it's very hard to decrypt

Link to comment
Share on other sites

I may be confused.  You say that you are required to post your source code on your 'partners' server.  Is that your client that you are writing this code for?  Does it have to be posted as you write it or is that just a requirement of the project's completion?  Can you not do your development in a similar environment separate from that server so that you don't show anything until completion and the client is happy and you have been paid?

 

You can never keep the client from seeing your source code once you have turned it over to him.  But at that point, why would you care?  OTOH - if your concern is NOT the client, but the users, putting it outside of the web-accessible tree as I mentioned earlier would be the way to go.  If your client allows users to have ftp access to those areas, it is out of your control and the client is assuming all of the risks in that situation.

 

As I said before - your concern is not clear to me.  Who and 0what is involved needs clarifying.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.