p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: Does any body has a way to hide PHP code


Message #1 by "jorge" <jorge@d...> on Fri, 6 Sep 2002 20:02:51 -0500
Hi all: 
What is the bestway  to protect your scripts from being stolen.
Is it worth to hide the PHP behind an extra extension to the file name like filename.php.xxx, and changing the config file to take
it as php
 
Jorge 

:)


Message #2 by "Nikolai Devereaux" <yomama@u...> on Fri, 6 Sep 2002 18:00:16 -0700
> What is the bestway  to protect your scripts from being stolen.
> Is it worth to hide the PHP behind an extra extension to the file
> name like filename.php.xxx, and changing the config file to take it as php


Being stolen how, exactly?  Generally speaking, you can never get the PHP
source that generated a page through the web server -- it's always run
through the interpreter first.


nik

Message #3 by "jorge" <jorge@d...> on Fri, 6 Sep 2002 21:13:39 -0500
Hi Nick
    I dont want my clients or competitors to grab the source code of my
programs.
Jorge
:(

----- Original Message -----
From: "Nikolai Devereaux" <yomama@u...>
To: "beginning php" <beginning_php@p...>
Sent: Friday, September 06, 2002 8:00 PM
Subject: [beginning_php] RE: Does any body has a way to hide PHP code


>
> > What is the bestway  to protect your scripts from being stolen.
> > Is it worth to hide the PHP behind an extra extension to the file
> > name like filename.php.xxx, and changing the config file to take it as
php
>
>
> Being stolen how, exactly?  Generally speaking, you can never get the PHP
> source that generated a page through the web server -- it's always run
> through the interpreter first.
>
>
> nik
>
>
>


Message #4 by "Nikolai Devereaux" <yomama@u...> on Mon, 9 Sep 2002 09:51:30 -0700
> I dont want my clients or competitors to grab the
> source code of my programs.

Okay -- competitors, no problem... your PHP source is always interpreted
when requested through a properly configured web server.

Your clients are a different matter -- if you're going to install
applications on their servers, the best thing you can do is get some PHP
compiler/encrypter application.  There's one available from Zend which
apparently works pretty well.  http://www.zend.com/


Take care,

Nik

Message #5 by "David Scott-Bigsby" <DScott-Bigsby@P...> on Mon, 9 Sep 2002 10:59:07 -0700
> What is the bestway  to protect your scripts from being stolen.
> Is it worth to hide the PHP behind an extra extension to the
> file name like filename.php.xxx, and changing the config file
> to take it as php

As a test, set up a PHP file on your server, then access it over the web 
and try to get the source code. You'll likely find (as Nik pointed out) 
that the PHP has been executed and stripped from the served page. Unless 
someone can alter the behaviour of your server, this is not a security 
issue.

dsb

***************************************       
David Scott-Bigsby
Product Manager, Web Site and PEDN

PureEdge Solutions
The Leader in Secure XML e-Forms

v:250-708-8145  f:250-708-8010
1-888-517-2675   www.PureEdge.com
***************************************


  Return to Index