securing php scripts

beary · #1 November 24th, 2008, 02:37 AM

Hi there,

just wondering, if I want to stop users of a site "stealing" the code, is there a way to achieve this? Is it automatic because any php is parsed before it reaches the browser? Am I better off putting basically everytthing inside php echos, even if it could be done using html? I guess I'm basically asking about security of the stuff I've done and whether there's a way to guarantee that someone won't be able to grab the code.

Thanks,

Dormilich · #2 November 24th, 2008, 04:14 AM

no one without server access is able to see your php code (as you already mentioned). but I don't recommend putting all your html code in echos, it will be visible either way.
so put in a one-liner: php code is safe from stealing, html code never.

regards

note: of course you can add a copyright comment to all your code, that's more reasonable.

Markus · #3 November 24th, 2008, 04:41 PM

Putting it in echo()s or not has exactly the same output. You could obfuscate you PHP code, just incase.

bilibytes · #4 November 24th, 2008, 07:02 PM

Quote:

Originally Posted by beary

Hi there,

just wondering, if I want to stop users of a site "stealing" the code, is there a way to achieve this? Is it automatic because any php is parsed before it reaches the browser? Am I better off putting basically everytthing inside php echos, even if it could be done using html? I guess I'm basically asking about security of the stuff I've done and whether there's a way to guarantee that someone won't be able to grab the code.

Thanks,

Hi,
i don't know the exact reason why you are wondering how to do that but,
i don't think you should care about it... if someone wants to copy your HTML code it can use Firebug and get all the code you wrote in one line-> indented.
don't protect your code, just improve your service and you will never fear someone stealing you clients...

regards

beary · #5 November 25th, 2008, 02:23 AM

Thanks all for your replies to this.

Bilibytes, I have to say I'm confused. The exact reason I'm wondering how to do it is because surely if you think something is not only good but also reasonably unique, and you made it, you'd want to protect it. Wouldn't you? Particularly if there was some potential return.

I guess it's at the stage where due to the nature of the product, there isn't a client base for this at all. It'll need to be built. So I need to make sure that if I provide a web address for something, and say there's a demo section, that a cluey person can't use that fact to grab the necesary code.

When you write that someone can use firbug to grab the html code, you did mean html didn't you, not php?

Thanks for your thoughts.

Quote:

Originally Posted by bilibytes

Hi,
i don't know the exact reason why you are wondering how to do that but,
i don't think you should care about it... if someone wants to copy your HTML code it can use Firebug and get all the code you wrote in one line-> indented.
don't protect your code, just improve your service and you will never fear someone stealing you clients...

regards

Markus · #6 November 25th, 2008, 11:04 AM

Yes, firebug will only grab the sourcecode (the html, javascript and css). However, you need not Firebug to view the source - most major browsers have a rightclick option to 'view source'.

You do not need to worry about users being able to view your PHP - as long as you use the correct file extensions, a server running php, etc., you'll be good.

Markus.

beary · #7 November 25th, 2008, 08:32 PM

Cool. Thanks Markus. Puts my mind at ease...

Quote:

Originally Posted by Markus

Yes, firebug will only grab the sourcecode (the html, javascript and css). However, you need not Firebug to view the source - most major browsers have a rightclick option to 'view source'.

You do not need to worry about users being able to view your PHP - as long as you use the correct file extensions, a server running php, etc., you'll be good.

Markus.

securing php scripts

Popular Articles

What is Bytes?