Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

Risk of stealing php code?

el_roachmeister@yahoo.com
Guest
  
Posts: n/a
#1: Jul 17 '05
I am an ASP, selling hosted software and am concerned that someone will
steal my source code and resell it? I did a google search and it seems
unlikely since it is typically easier to write one's own script from
scratch then try and figure out what someone else has done (for code <
10,000 total lines). Plus there is so much open source scripts out
there already for people to copy and modify for their own needs that
they should not have to do something illegal. What do you think?

I know there are php obfuscators but my code is under daily development
.. It would be a pain to constantly run the obfuscator each time I make
a small change to it.

Michael Vilain
Guest
  
Posts: n/a
#2: Jul 17 '05

re: Risk of stealing php code?

In article <1117828356.390011.9130@g44g2000cwa.googlegroups.c om>,
el_roachmeister@yahoo.com wrote:
[color=blue]
> I am an ASP, selling hosted software and am concerned that someone will
> steal my source code and resell it? I did a google search and it seems
> unlikely since it is typically easier to write one's own script from
> scratch then try and figure out what someone else has done (for code <
> 10,000 total lines). Plus there is so much open source scripts out
> there already for people to copy and modify for their own needs that
> they should not have to do something illegal. What do you think?
>
> I know there are php obfuscators but my code is under daily development
> . It would be a pain to constantly run the obfuscator each time I make
> a small change to it.[/color]

Well, don't put your development code on-line and in production. Only
put obfuscated code in production. If you following product cycle
methodology, this should be a problem.

--
DeeDee, don't press that button! DeeDee! NO! Dee...
NC
Guest
  
Posts: n/a
#3: Jul 17 '05

re: Risk of stealing php code?

el_roachmeister@yahoo.com wrote:[color=blue]
>
> I am an ASP, selling hosted software and am concerned that
> someone will steal my source code and resell it?[/color]

Unless they have access to your PHP files via FTP or Telnet,
this is a near-impossibility. There's always a chance that
one of your files allows a code injection, but those are
rare in well thought out applications.
[color=blue]
> I know there are php obfuscators[/color]

Yes; there are also PHP encoders and PHP compilers.
[color=blue]
> but my code is under daily development. It would be a pain
> to constantly run the obfuscator each time I make a small
> change to it.[/color]

Use source control and release new builds daily.

Cheers,
NC
Tomi Holger Engdahl
Guest
  
Posts: n/a
#4: Jul 17 '05

re: Risk of stealing php code?

"NC" <nc@iname.com> writes:
[color=blue]
> el_roachmeister@yahoo.com wrote:[color=green]
> >
> > I am an ASP, selling hosted software and am concerned that
> > someone will steal my source code and resell it?[/color]
>
> Unless they have access to your PHP files via FTP or Telnet,
> this is a near-impossibility. There's always a chance that
> one of your files allows a code injection, but those are
> rare in well thought out applications.[/color]

You are true.

One thing besides FTP and Telnet whaich can give sometimes
access to the PHP source code.

It is possible to have such HTTP server misconfiguration
that PHP files are not run thourhg PHP parser, but are
sent to the user as they are.
There is a small risk that this kind of thign happens when
you make major changes to your server configuration or
you upgade server to newer version that needs somewhat
different configuration.

I have seen it happen that user gets the source code
instead the PHP output..


--
Tomi Engdahl (http://www.iki.fi/then/)
Take a look at my electronics web links and documents at
http://www.epanorama.net/
steve
Guest
  
Posts: n/a
#5: Jul 17 '05

re: Risk of stealing php code?

"el_roachmeister" wrote:[color=blue]
> I am an ASP, selling hosted software and am concerned that
> someone will
> steal my source code and resell it? I did a google search and
> it seems
> unlikely since it is typically easier to write one's own
> script from
> scratch then try and figure out what someone else has done
> (for code <
> 10,000 total lines). Plus there is so much open source scripts
> out
> there already for people to copy and modify for their own
> needs that
> they should not have to do something illegal. What do you
> think?
>
> I know there are php obfuscators but my code is under daily
> development
> .. It would be a pain to constantly run the obfuscator each
> time I make
> a small change to it.[/color]

I would not use obfuscators, since you have to protect certain
variables (e.g. query string variables) against being obfuscated,
which is headache. Also as you correctly stated, you have to
obfuscate all the files.

Instead, use php encoders which encode files individually. That way,
if you make a change to one file, you can just upload it, knowing that
all your other files are encoded, and there is only a small risk.

Look into Zend small biz program, or mmcache (free), or ionsphere.

steve

--
Posted using the http://www.dbforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbforumz.com/PHP-Risk-ste...ict229495.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbforumz.com/eform.php?p=796275
Hans van Kranenburg
Guest
  
Posts: n/a
#6: Jul 17 '05

re: Risk of stealing php code?

Tomi Holger Engdahl wrote:[color=blue]
> "NC" <nc@iname.com> writes:
>
>[color=green]
>> el_roachmeister@yahoo.com wrote:
>>[color=darkred]
>>> I am an ASP, selling hosted software and am concerned that
>>> someone will steal my source code and resell it?[/color]
>>
>> Unless they have access to your PHP files via FTP or Telnet, this
>> is a near-impossibility. There's always a chance that one of your
>> files allows a code injection, but those are rare in well thought
>> out applications.[/color]
>
> You are true.
>
> One thing besides FTP and Telnet whaich can give sometimes access to
> the PHP source code.
>
> It is possible to have such HTTP server misconfiguration that PHP
> files are not run thourhg PHP parser, but are sent to the user as
> they are. There is a small risk that this kind of thign happens when
> you make major changes to your server configuration or you upgade
> server to newer version that needs somewhat different configuration.
>
> I have seen it happen that user gets the source code instead the PHP
> output..[/color]

That's why you should put all php files with interesting content outside
the docroot, and why hosting providers should give the possibility for
doing so.

Hans

--
"He who asks a question is a fool for five minutes;
he who does not ask a question remains a fool forever"
Closed Thread

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,471 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved