Results 1 to 10 of 10
  1. #1

    * What about ZEND --- PHP Encoding

    Hey how are you all ...
    I'm wondering about the ZEND encoder for PHP code.
    Q1--- Is it secure enough or can anyone find a crack to its encoding mechanism and reverse engineer it to get the original code??

    Q2--- Another question is, won't the performance of the web application get affected performance wise by using the intermediate layer which is ZEND-Optimizer which has got the functionality of DE-coding the PHP code..???

    If anyone can genoursly tell me his opinion about these 2 questions I'll be so grateful to him.. Thanks for your help...

    You Know.. Sometimes you really feel that your code must be encoded to prevent your client from RE-selling or RE-using your application...

  2. #2
    Join Date
    Aug 2002
    Wilmington, NC
    I just created a tread about other encoders besides Zend, I have read some postings in this forum about Zend's optimz. I also think some of the PHP programers beleive everthing needs to be free so they can modify your work.

    I have found that we allowed customers to edit the code then there back asking us to fix what they break. If you encode it they can't play or breal it.

    These are my thoughts on encoding.

    Thanks for listening
    Lee B. Remsnyder, Jr.
    Providing Billing, Marketing and Customer Care Solutions

  3. #3

    Smile Thanks LeeB

    Thank you very much for your reply ,,, But about the performance will it make a difference... I mean it will affect the performnce adversely.... And if you can give the name of the PHP encoding thread I will be thankful..... Thanks Again..

  4. #4
    Join Date
    May 2001
    Dayton, Ohio
    Actually encoding can help speed scripts up...

    Since all white space and comments are stripped during the encoding proccess, PHP doesn't have todo that...

    As I remember an unencoded script still goes though an encode, so if it is already encoded it just skips it...

    There is a nice PHP encoding system, that is low cost, and works much like Zend Encoder...

    The author is very helpful...
    -Mat Sumpter
    Director, Product Engagement
    Penton Media

  5. #5
    Join Date
    Jan 2002
    PHP files are first compiled (in memory) and then executed. Starting from PHP4, this process is actually done twice (two pass compiler). This allows some features like calling functions that are defined later in the source file.

    This process takes some times, and the script is only executed after this has been done.

    Zend Cache makes use of this by storing the PHP data in the format and only executing the script from the already compiled, in-memory version.

    Zend Optimizer does this step, and instead of executing the file, it prints the in-memroy information in a yet another source format (binary format). This binary format is optimized for fast re-construction of the in-memory format. It is more like un-packing than parsing. So far, the files are executed faster.

    According to what I heared, the files are also encrypted. Now I'm not sure if this is true or not, but if it was true, then I can't say that the overhead of decrypting the files before reading them will equalize the overhead of parsing the files. I doubt it, I think it will make them slower.

    The only to tell, in that case, is to do your own benchmarking.

    You can also contact Zend about weather or not they encrypt the binary format files.

    If they were encrypted, then I must say that it's nothing but a big waste of resources and false security.
    Ahmad Alhashemi
    PHP, Apache, C, Python, Perl, SQL
    18 related BrainBench certificates

  6. #6
    Join Date
    Mar 2002
    London & Kent, UK
    Thanks to prohacker for mention the ionCube encoder. Like Zend, the ionCube encoder encodes compiled code. This is the key to security and performance. Because code is compiled before it's even encoded (we use the same technology developed for PHPA, so it's reliable, proven and efficient), you get great security because code is never restored to source for execution. You get performance because the compilation process is eliminated (remember, it already happened when you encoded) Performance wise, the ionCube encoded files tend to be faster than the original source. The encoder also contains an optimiser developed for PHPA, and so the compiled code is a bit more efficient than from the PHP compiler without code optimisation.

    Because Zend and ionCube use server extensions rather than modified php engines or modules, you get safe mode compatibility if that's important to you. You can also install both the Zend Optimiser and the ionCube Loader on the same server, so you could execute a mix of zend encoded or ionCube encoded files. The ionCube encoder has two other advantages. It's compatible with PHP Accelerator, and provided that safe mode isn't used, it can be installed outside of the server (i.e. you make no changes to the server config at all). In this case, the loader is installed by the encoded scripts themselves on the fly.
    Real-time intrusion protection and error reporting for PHP sites
    Software protection for website owners and PHP developers ionCube PHP Encoder

  7. #7
    Zend Encoder (from Zend) is a fabulous tool! I've been using it now for about 4 months and here are some answers to many of the questions above:

    While given time, resources and desire just about ANYTHING can be cracked, applications/code encoded with the Zend Encoder is simply too expensive to break into. In short it is functionally and operationally hacker proof simply because the time and energy to crack it would make the effort SO EXPENSIVE folks would give up in short order...

    Files are compiled in a literal sense, they are put through the same engine as to run un-encoded files but the internal memory ONLY format is saved, this cuts steps when you run it, cuts code size in the saved files, and speeds execution.

    Files are also encrypted, meaning even if you break the encryption (not very likely) you'd still only have raw object code that can't be turned back into source code (much like and MD5 hash...) even if you really wanted to...

    So, YES the results are FASTER, SMALLER (sometimes QUITE a bit smaller) and for all intents and purposes crack proof! Well worth the money IMHO...


  8. #8
    Join Date
    Apr 2002
    Is there a licesnse cost associated with the ionCube encoder? If so, is it comparable to/less than the license fee for the Zend Encoder?
    Fire extinguisher extraordinare
    FastServers.Net NOC Admin

  9. #9
    Join Date
    Mar 2002
    London & Kent, UK

    Thumbs up

    Is there a licesnse cost associated with the ionCube encoder? If so, is it comparable to/less than the license fee for the Zend Encoder?
    Not in the way there is for Zend. In fact you are buying licenses and not the product with ionCube, but the bottom line is that for $349, you get the same encoding technology as Zend (we both encode compiled. optimised code, giving great performance and security), and 4 licenses that never expire. So you can run the encoder on up to four machines of your choice, although it's suggested to keep 2 licenses as spares. The product is largely the same as Zend feature wise, and actually possibly better and with more attention to detail, and certainly much cheaper. I've been told by people evaluating both that Zend also have problems with handling _FILE_ correctly in some cases, and ionCube encoder works just fine. In tests, encoded files tend to execute faster than unencoded files, but performance may vary.

    Encoded files can of course run anywhere, and provided that a host doesn't use safe mode, if necessary can run without php.ini edits or a server restart as the loader can be installed as an extension or loaded on demand. A feature missing in Zends product. You can also install the loader with Zend Optimiser if you have to, or with PHP Accelerator if you're after the same acceleration for unencoded files as Zend Cache but without the price tag; PHPA is free

    Hope the info is helpful. Good luck!

  10. #10
    Join Date
    Oct 2002
    Pawtucket, RI USA
    I have been using ionCube for awhile now and I love it. It DOES speed up my scritps and.. It just rocks, well worth the $349.

    And 100x better than SourceGuardian since I am able to decode SourceGuardian files.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts