Encrypting PHP Code

David Williams wrote:

Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible.
i.e. not viewable from the web.

Also, is there an html encryptor or will the php encryptor
encrypt that, too?

Free: http://turck-mmcache.sourceforge.net/

More Portable (cost money):
http://www.zend.com/store/products/zend-encoder.php (start @ US$960)
http://www.sourceguardian.com/ (start @ US$250)
http://www.ioncube.com/sa_encoder.php (start @ US$199)
http://www.sourcecop.com/ (only US$10)

Most portable (not encoders - distributes source in a difficult-to-read
way):
http://www.gridinsoft.com/protect.php
http://www.semdesigns.com/Products/O...bfuscator.html

I evaluated a few of the different *encoders* above. I liked turck, but
found that the ISPs I worked with didn't want to build and install the
necessary module.

Zend encoder was simply out of my price range, so I didn't even download
that one.

SourceGuardian looked good, but I had seen some things online about the
possibility of decoding files. (The techs at SG assured me that the info
I found was only valid for previous versions with non-default settings
that users shouldn't have used any way.)

I hadn't seen SourceCop before I decided on an encoder, so I didn't try
that out either.

ionCube is the one I went with. I ended up getting the Pro encoder and
the Pro GUI to go with it (don't remember what it all cost in the end),
and I have been very happy with the results thus far. I have been using
it steadily for about 3 months now, but haven't had any server
compatibility problems yet.

As for HTML, there is no way to encrypt HTML in a way that a web visitor
can't retrieve it rather quickly (most cases in less than 10 minutes).
HTML is what the browser needs to display the content, so without that,
you're SOL. There are javascript tools that claim to encrypt, but if the
visitor doesn't have js enabled, they get nothing worthwhile (read
"can't read your page at all"). Also, in order encrypt, they have to
have a decrypt function since you can't use byte-code with JS (ASAIK).
Besides, if you do something that you think is spectacular in HTML,
chances are you aren't the first to do it (by a long shot).

--
Justin Koivisto - ju****@koivi.com
http://koivi.com

I noticed that Message-ID: <d3**********@news-int.gatech.edu> from David
Williams contained the following:

Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible.
i.e. not viewable from the web.

Your php code is not viewable via the web anyway.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

"David Williams" <dw***@prism.gatech.edu> wrote in message
news:d3**********@news-int.gatech.edu...

Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible.
i.e. not viewable from the web.
PHP code is never viewable from the web, only the output it produces.
Also, is there an html encryptor or will the php encryptor
encrypt that, too?

It is not possible to encrypt HTML otherwise browsers would not be able to
display it.

--
Tony Marston

http://www.tonymarston.net

Hi,
I am using php 4.3.3 and has complied
mmcache.dll and TurckLoader.dll and added
this line to php.ini
--------------------
;Turck MMCache
zend_extension_ts="C:\PHP\extensions\mmcache.dll"
mmcache.shm_size="16"
mmcache.cache_dir="c:\mmcache"
mmcache.enable="1"
mmcache.optimizer="1"
mmcache.check_mtime="1"
mmcache.debug="0"
mmcache.filter=""
mmcache.shm_max="0"
mmcache.shm_ttl="0"
mmcache.shm_prune_period="0"
mmcache.shm_only="0"
mmcache.compress="1"
----------------------
I want to know how I can encode &decode my php files .
Plz give the steps . Thanks .

try roadsend compiler.. it produces native machine code and not byte
code. so it's believed to be faster and more secure.. They have a free
21 day trial.

Mike

Actually, PHP code can be viewed from the web...if the PHP compilier
breaks down.
Of course, using an os technology, I would encourage you to give your
source away, but as others mentions, there are encoding technologies
avaliable.

As for HTML, there are javascript obfuscators, but nothing that is
highly secure.

>Actually, PHP code can be viewed from the web...if the PHP compilier

breaks down.
This can happen briefly while you are upgrading PHP versions (if
the web server is left up while doing it), or if you accidentally
turn off PHP (upgrades have been known to install sample config
files over live ones, and no, I'm not blaming the stock PHP or Apache
distributions for this, it tends to be ports, packages, or rpms that
do this), or the PHP plug-in happens to have a bad disk sector in
it and it won't load.
Of course, using an os technology, I would encourage you to give your
source away, but as others mentions, there are encoding technologies
avaliable.

I do not encourage "open-source" passwords to online databases, PGP
keys, cert secret keys, social security numbers, or credit card
numbers, especially if the owner doesn't realize this.

I generally prefer to put such sensitive data (database access info;
code generally isn't an issue) in include files OUTSIDE the document
tree but in the PHP include path. If PHP breaks, the web server
won't serve such files. If PHP is working, you won't see the PHP
code including the passwords.

Another advantage is that I can change the database being used
easily, knowing that info is kept in only one place, and I can give
away the PHP code with much less risk that I accidentally give away
sensitive passwords.

As for HTML, there are javascript obfuscators, but nothing that is

highly secure.

Javascript is Turned Off(tm).

Gordon L. Burditt

Is there any free soft that can produce machine code for php ?
If I encode my script with turck-mmcache how one can decode it ?
Is it possible ?
Thanks .

"Justin Koivisto" <ju****@koivi.com> wrote in message
news:yY****************@news7.onvoy.net...

David Williams wrote:

Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible.
i.e. not viewable from the web.

Also, is there an html encryptor or will the php encryptor
encrypt that, too?

[Encoders:]
Free: http://turck-mmcache.sourceforge.net/
More Portable (cost money):
http://www.zend.com/store/products/zend-encoder.php (start @ US$960)
[others... snip]
Most portable (not encoders - distributes source in a difficult-to-read
way):
http://www.semdesigns.com/Products/O...bfuscator.html ($150)

I evaluated a few of the different *encoders* above. I liked turck, but
found that the ISPs I worked with didn't want to build and install the
necessary module.

This is the standard complaint about encoders; they require something
in the customer's PHP server to implement decoding,
which the customers very reasonably don't want want to configure and manage.

Source code obfuscators (such ours, the SD one listed above) require
*no* change to the customer's web server. Ours works with PHP4
and PHP5.

We offer another Obfuscator, to handle obfuscating the JavaScript code
in your pages, if you need that too.
--
Ira D. Baxter, Ph.D., CTO 512-250-1018
Semantic Designs, Inc. www.semdesigns.com

I want a free encoder .
Ira Baxter wrote:

"Justin Koivisto" <ju****@koivi.com> wrote in message
news:yY****************@news7.onvoy.net...

David Williams wrote:

Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible. i.e. not viewable from the web.

Also, is there an html encryptor or will the php encryptor
encrypt that, too?
[Encoders:]
Free: http://turck-mmcache.sourceforge.net/
More Portable (cost money):
http://www.zend.com/store/products/zend-encoder.php (start @ US$960) [others... snip]
Most portable (not encoders - distributes source in a difficult-to-read way):
http://www.semdesigns.com/Products/O...bfuscator.html ($150)
I evaluated a few of the different *encoders* above. I liked turck, but found that the ISPs I worked with didn't want to build and install the necessary module.

This is the standard complaint about encoders; they require something
in the customer's PHP server to implement decoding,
which the customers very reasonably don't want want to configure and

manage.
Source code obfuscators (such ours, the SD one listed above) require
*no* change to the customer's web server. Ours works with PHP4
and PHP5.

We offer another Obfuscator, to handle obfuscating the JavaScript code in your pages, if you need that too.
--
Ira D. Baxter, Ph.D., CTO 512-250-1018
Semantic Designs, Inc. www.semdesigns.com

In article <11*********************@o13g2000cwo.googlegroups. com>,
m0********@yahoo.com wrote:

I want a free encoder.
And I want world peace. Dream on honey.
"I'll have what she's having..."

Ira Baxter wrote:

"Justin Koivisto" <ju****@koivi.com> wrote in message
news:yY****************@news7.onvoy.net...

David Williams wrote:

> Hello all. Anyone know of a free program I can use
> to encrypt my php code? I would like it to be secure as possible. > i.e. not viewable from the web.
>
> Also, is there an html encryptor or will the php encryptor
> encrypt that, too?

[Encoders:]
Free: http://turck-mmcache.sourceforge.net/
More Portable (cost money):
http://www.zend.com/store/products/zend-encoder.php (start @ US$960) [others... snip]
Most portable (not encoders - distributes source in a difficult-to-read way):
http://www.semdesigns.com/Products/O...bfuscator.html ($150)
I evaluated a few of the different *encoders* above. I liked turck, but found that the ISPs I worked with didn't want to build and install the necessary module.

This is the standard complaint about encoders; they require something
in the customer's PHP server to implement decoding,
which the customers very reasonably don't want want to configure and

manage.

Source code obfuscators (such ours, the SD one listed above) require
*no* change to the customer's web server. Ours works with PHP4
and PHP5.

We offer another Obfuscator, to handle obfuscating the JavaScript

code

in your pages, if you need that too.
--
Ira D. Baxter, Ph.D., CTO 512-250-1018
Semantic Designs, Inc. www.semdesigns.com

--
DeeDee, don't press that button! DeeDee! NO! Dee...

One quick glance of an experienced eye allowed to understand the blurred
and almost unreadable m0********@yahoo.com's handwriting:

I want a free encoder .

Well, then why don't you write one and place it, say, on SourceForge?
I think I could make use of it too, so don't hesitate.

Cheers
Mike

Thanks Michal Wozniak for your great idea .
Michal Wozniak wrote:

One quick glance of an experienced eye allowed to understand the blurred and almost unreadable m0********@yahoo.com's handwriting:

I want a free encoder .

Well, then why don't you write one and place it, say, on SourceForge?
I think I could make use of it too, so don't hesitate.

Cheers
Mike

One quick glance of an experienced eye allowed to understand the blurred
and almost unreadable m0********@yahoo.com's handwriting:

Thanks Michal Wozniak for your great idea .

Sure, anytime. :)

Cheers
Mike