akopacsi Posted January 3, 2012 Share Posted January 3, 2012 I developped a simple html/php/mysql website. I would like to run it on my customer's server and I don't want to reveal my source code, so I am looking for a way to hide or encrypt it. I came across ionCube and other commercial solutions, but I need something cheaper (free) and less complex. And I also came across "eval gzinflate str_rot13 base64_decode", but it can be decoded easily, because it doesn't use a "secret key". My question is, how can I encrypt my html/php files with a key file that is placed on my own server. So if I remove it, the software on my customer's server' will not work anymore. Is there anything like that? Thanks. Link to comment Share on other sites More sharing options...
thescientist Posted January 3, 2012 Share Posted January 3, 2012 if the customers are paying you for code, don't they technically own it? Why would you take it away from them? Link to comment Share on other sites More sharing options...
justsomeguy Posted January 3, 2012 Share Posted January 3, 2012 Things like IonCube or Zend Guard are your options. Anything else is not secure. A key file on your server is not secure unless it's also encrypted. Then you would need a way to decrypt it, which means the decryption key is on the customer's server, then they can decrypt whatever they want. Link to comment Share on other sites More sharing options...
akopacsi Posted January 5, 2012 Author Share Posted January 5, 2012 Thanks. Link to comment Share on other sites More sharing options...
boen_robot Posted January 7, 2012 Share Posted January 7, 2012 if the customers are paying you for code, don't they technically own it? Why would you take it away from them?This is not like physical objects, where an object is immutable. Any text you can see on a computer, you can copy unlimited number of times => Giving anyone access to the code gives them the ability to copy this code. Sure, such acts could be (and are in social terms) illegal, but you can't hunt down and sue every offender.So if I remove it, the software on my customer's server' will not work anymore. Is there anything like that?In combination with the aforementioned Zend Guard (for the purpose of hiding the source), you could make the client code connect to your server on regular basis, and stop working if it doesn't get a proper response.This approach is extremely destructive though, so I ask you to SERIOUSLY think about it... your server stopping for whatever reason... your domain changing... your ISP/electrity (or your host's ISP/electricity) doing down... your scheme changing... all of those will FORCE users' sites down, and in some cases, you might be left unable to react. Imagine a horror story of a web host stopping for a day, and multiply it by the number of your clients... my stress level rises just trying to imagine it... you don't want to actually experience any of it.If you're going to do this, you MUST have several servers available, and you MUST ensure that you use a SOLID protocol in which clients give their version number along with everything else, so that you allow yourself some flexibility later on. Link to comment Share on other sites More sharing options...
niche Posted January 8, 2012 Share Posted January 8, 2012 if the customers are paying you for code, don't they technically own it? Why would you take it away from them? The law is quite clear, that unless there's an agreement to the contrary, the coder owns her/his script. Producing code as an employee is an exception to this rule. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.