Jump to content
Sign in to follow this  
akopacsi

Protecting Php Source Code With "key File" On Other Server?

Recommended Posts

I developped a simple html/php/mysql website. I would like to run it on my customer's server and I don't want to reveal my source code, so I am looking for a way to hide or encrypt it. I came across ionCube and other commercial solutions, but I need something cheaper (free) and less complex. And I also came across "eval gzinflate str_rot13 base64_decode", but it can be decoded easily, because it doesn't use a "secret key". My question is, how can I encrypt my html/php files with a key file that is placed on my own server. So if I remove it, the software on my customer's server' will not work anymore. Is there anything like that? Thanks.

Share this post


Link to post
Share on other sites

if the customers are paying you for code, don't they technically own it? Why would you take it away from them?

Share this post


Link to post
Share on other sites

Things like IonCube or Zend Guard are your options. Anything else is not secure. A key file on your server is not secure unless it's also encrypted. Then you would need a way to decrypt it, which means the decryption key is on the customer's server, then they can decrypt whatever they want.

Share this post


Link to post
Share on other sites
if the customers are paying you for code, don't they technically own it? Why would you take it away from them?
This is not like physical objects, where an object is immutable. Any text you can see on a computer, you can copy unlimited number of times => Giving anyone access to the code gives them the ability to copy this code. Sure, such acts could be (and are in social terms) illegal, but you can't hunt down and sue every offender.
So if I remove it, the software on my customer's server' will not work anymore. Is there anything like that?
In combination with the aforementioned Zend Guard (for the purpose of hiding the source), you could make the client code connect to your server on regular basis, and stop working if it doesn't get a proper response.This approach is extremely destructive though, so I ask you to SERIOUSLY think about it... your server stopping for whatever reason... your domain changing... your ISP/electrity (or your host's ISP/electricity) doing down... your scheme changing... all of those will FORCE users' sites down, and in some cases, you might be left unable to react. Imagine a horror story of a web host stopping for a day, and multiply it by the number of your clients... my stress level rises just trying to imagine it... you don't want to actually experience any of it.If you're going to do this, you MUST have several servers available, and you MUST ensure that you use a SOLID protocol in which clients give their version number along with everything else, so that you allow yourself some flexibility later on.

Share this post


Link to post
Share on other sites
if the customers are paying you for code, don't they technically own it? Why would you take it away from them?
The law is quite clear, that unless there's an agreement to the contrary, the coder owns her/his script. Producing code as an employee is an exception to this rule. Edited by niche

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...