Results 1 to 21 of 21
-
11-30-2013, 03:03 PM #1Newbie
- Join Date
- Nov 2013
- Posts
- 13
[PHP] Does anyone know any good method to encrypt PHP code?
Does anyone know any good method to encrypt PHP code?
Something like the method which the BoxBilling uses
-
11-30-2013, 03:24 PM #2Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
ionCube encoder is the best one.
http://www.ioncube.com/php_encoder.php
-
11-30-2013, 03:30 PM #3Web Hosting Guru
- Join Date
- Oct 2004
- Location
- Oakville, ON
- Posts
- 263
BoxBilling and such use ioncube encoding to encrypt their content. You can check this out at: http://www.ioncube.com/online_encoder.php
However keep in mind that this doesn't fully prevent someone from obtaining the source code. Where there is a will theres a way, and people have developed decoders.Regards,
Josh Dargie
Kualo.com
Developer & Designer-Friendly Web Hosting
-
11-30-2013, 03:37 PM #4Newbie
- Join Date
- Nov 2013
- Posts
- 13
Does anyone know any free?
-
11-30-2013, 03:43 PM #5Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
There are trial, nothing is free when it's good
Another option is: SourceGardian, however I've heard they are having issues getting it working on PHP 5.4: http://www.sourceguardian.com/index.html
There is a free one, but I've not heard of it for a long time: http://www.zend.com/en/products/guard/ Maybe that will help you.
-
11-30-2013, 03:47 PM #6New Member
- Join Date
- Nov 2013
- Posts
- 2
Zend has it's own encryption software, but it costs.
-
11-30-2013, 04:56 PM #7Web Hosting Evangelist
- Join Date
- May 2009
- Location
- Markham, Canada
- Posts
- 458
I am yet to see an encoder that cannot be decoded in 5 minutes... unfortunately
-
12-02-2013, 05:08 PM #8Junior Guru
- Join Date
- Feb 2006
- Posts
- 188
Best: ionCube
Free: JavaScript (Ex. http://www.javascriptobfuscator.com/Default.aspx)★ Web Hosting by Brontobytes
-
12-02-2013, 11:18 PM #9Web Hosting Master
- Join Date
- Mar 2005
- Location
- Ten1/0/2
- Posts
- 2,529
PHP encoders only slow down honest people..... They don't stop the dis-honest one's.
CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
Running Linux since 1.0.8 Kernel!
Providing Internet Services since 1995 and Hosting Since 2004
-
12-03-2013, 04:37 AM #10Newbie
- Join Date
- Dec 2013
- Location
- Sydney, Australia
- Posts
- 15
What're your encrypting your file for? That would be a good question to ask first.
e.g: Distribution (a product), hide password in script on a server, hide secret messages from FBI, etc.
-
12-03-2013, 04:44 AM #11Junior Guru Wannabe
- Join Date
- Nov 2013
- Posts
- 94
Naah, if i we're you i won't even consider encrypting your php code. You will just spend money on something that will only delay people who really wants to obtain your source code.
-
12-03-2013, 08:55 AM #12Newbie
- Join Date
- Nov 2013
- Posts
- 9
Ioncube method is the best method to use as most major companies use it and it's really a safe method!
-
12-09-2013, 11:27 PM #13WHT Addict
- Join Date
- Jan 2007
- Location
- Canada
- Posts
- 113
I've used Zend in the past... no complaints. As said, why are you encrypting your code?
-
12-10-2013, 11:07 PM #14New Member
- Join Date
- Sep 2013
- Posts
- 2
and the encoder makes your server working harder.
-
12-11-2013, 01:42 AM #15Disabled
- Join Date
- Mar 2007
- Posts
- 365
-
12-13-2013, 06:49 AM #16Web Hosting Master
- Join Date
- Mar 2013
- Posts
- 1,328
Why do you want to?
That's the real question.
-
12-13-2013, 07:20 AM #17Web Hosting Master
- Join Date
- Mar 2012
- Location
- United Kingdom
- Posts
- 1,136
IonCUBE is the best I have to say
★ Sapatana.eu ILoveBilling
★ 120Gbps DDoS Protection on Shared Hosting, Reseller Hosting, XEN Windows and Linux VPS, Domains, SSL Certificates
★ PayPal | BitPay (BitCoin) | UK Bank Transfer | International Bank Transfer
-
12-13-2013, 08:06 AM #18VP Of Twinkies
- Join Date
- Jan 2004
- Location
- Toronto, ON
- Posts
- 1,104
Honestly.. The only reason to encode it is to stop the run of the mill people who just randomly download things and try it... IonCube doesn't stop anyone who actually wants/needs to know what's going on in the encoded files.
It takes 5 minutes to find, download and run the tool necessary to decode ioncube files.I specialize in neck beards
https://thatshirt.com
-
12-13-2013, 08:12 AM #19WHT Addict
- Join Date
- Mar 2011
- Posts
- 106
Ioncube is the better option by far, especially newer versions. For those wondering why someone would want to encrypt their code there's lots of reasons, I'll name a few below:
1. Stop the tinkerers. The tinkerers are people who really know nothing about coding or what they are doing yet somehow feel the need to try and modify it anyways, thus breaking what the code is intended to do and possibly breaking their own server. If they can't modify it, they can't break it.
2. Stop the middle men. These are the jerks who like to steal code because they are incapable of writing their own. But they are also generally incompetent and therefore cannot fix any "decoded" files because they have no idea what they are doing in the first place (you can't fully decode an ioncube file, there are always mistakes and you need to know what you are doing to make the decoded file usable).
Now lots of people make the point that someone who does know what they are doing can decode the file and fix the mistakes. That's not why we encode files, anyone good enough to decode and fix the file would generally prefer to use their own code anyways. It's quicker to write their own than mess with decoding someone elses work, which won't suit their style anyways.
So as a general rule the main purpose of encoding files is to stop ppl who don't know what they're doing from modifying them and also to stop the general average user that might not have the knowledge or will to write their own code and prefer to just steal others hard work.Tara Roberts
www.whmxtra.com
-
12-13-2013, 09:38 AM #20VP Of Twinkies
- Join Date
- Jan 2004
- Location
- Toronto, ON
- Posts
- 1,104
It boils down to license key usage, it's harder to null a script if it's in a encrypted file (average person).. tinkerers will break a script regardless of what is where. It's honestly a waste of money to encrypt files unless it's required for your due diligence.
In terms of the script being decoded properly, the things it screws up are very basic.. creating lines like
$db = new ( );
instead of $db = new db();
which will throw an error and isn't difficult to fix... the problem is how these things are marketed to the general developing public... They make it seem like it's a security measure - which technically it is, but it's no different than DRM. It doesn't stop anybody who wants it... and for people who work on it it will sometimes include very important information like class init and functions that IDE's will need for codecompletion/insight.
All mainstream software that uses any sort of licesning or encoding methods are all available widely... So again, you're only stopping the bottom barrel people who don't know how to find these, don't have friends who can give it to them, etc etc etc.
All it does is annoy developers that will work with your product if you're hiding useful class declarations and things in it. If it's just protection key requests and what not that's fine (but still pointless, since some places have key locked to domains which limits setting up staging sites which completely locks out any usage).I specialize in neck beards
https://thatshirt.com
-
12-13-2013, 05:26 PM #21WHT Addict
- Join Date
- Mar 2011
- Posts
- 106
Tinkerers can break the script, that's ok, a simple upgrade or reinstall will fix that. But if they change something they could end up rm -rf'ing root without realising it. So it's better not to give them the chance
Also, newest version of Ioncube stuffs up a lot more than that when you decode it. But that's my point, ppl who decode stuff don't have the knowledge of how to fix the broken code and those that do can write their own much faster. So it's a way to deter the average script kiddie.
FYI not all mainstream software has a nulled version out there. Ours is running on thousands of servers and there is no nulled version out there. And if a nulled version were to pop up I could change things entirely and do things differently (I routinely change the way licenses and functions are handled anyways).
But as you pointed out, Ioncube stops the bottom of the barrel people. That's all we want it to do.
Just a quick example here, when I first took over this company with William 10+ years ago I redid the code from html and bash into php. Within a month there were two competing products (WHMPlus and WHMExt I think was the second one).
Both companies were stealing my code, slapping a new css style on it and trying to compete. Once I started encoding the important stuff both companies shut their doors after a few weeks because without being able to outright steal my code they couldn't update their own software as they weren't smart enough to write their own code.
That's the kind of thing we encode for, to stop guys like that from stealing from us. And anyone really good enough to decode it and fix the code has integrity and won't decode it as they can write their own code in their own style much faster than fixing someone elses.
So like you said, it's a way to stop the bottom of the barrel people, which is really the main reason to encode. It's not even a security thing really, just a way to keep the worst of them from stealing our hard work.Tara Roberts
www.whmxtra.com
Similar Threads
-
What is the best cheap way to encrypt php?
By tihhc in forum Programming DiscussionReplies: 14Last Post: 02-02-2012, 12:58 PM -
Encrypt PHP
By Danny159 in forum Programming DiscussionReplies: 27Last Post: 09-14-2007, 02:39 PM -
Encrypt PHP Code
By batulang in forum Programming DiscussionReplies: 7Last Post: 08-21-2006, 02:56 PM -
encrypt password with php
By GazCBG in forum Hosting Security and TechnologyReplies: 6Last Post: 01-27-2003, 09:03 PM