By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,953 Members | 1,505 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,953 IT Pros & Developers. It's quick & easy.

Encrypting PHP Code

P: n/a
Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible.
i.e. not viewable from the web.

Also, is there an html encryptor or will the php encryptor
encrypt that, too?

Thanks,
David
--
David Williams
Georgia Institute of Technology, Atlanta Georgia, 30332
Email: dw***@prism.gatech.edu
Jul 17 '05 #1
Share this Question
Share on Google+
14 Replies


P: n/a
David Williams wrote:
Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible.
i.e. not viewable from the web.

Also, is there an html encryptor or will the php encryptor
encrypt that, too?


Free: http://turck-mmcache.sourceforge.net/

More Portable (cost money):
http://www.zend.com/store/products/zend-encoder.php (start @ US$960)
http://www.sourceguardian.com/ (start @ US$250)
http://www.ioncube.com/sa_encoder.php (start @ US$199)
http://www.sourcecop.com/ (only US$10)

Most portable (not encoders - distributes source in a difficult-to-read
way):
http://www.gridinsoft.com/protect.php
http://www.semdesigns.com/Products/O...bfuscator.html

I evaluated a few of the different *encoders* above. I liked turck, but
found that the ISPs I worked with didn't want to build and install the
necessary module.

Zend encoder was simply out of my price range, so I didn't even download
that one.

SourceGuardian looked good, but I had seen some things online about the
possibility of decoding files. (The techs at SG assured me that the info
I found was only valid for previous versions with non-default settings
that users shouldn't have used any way.)

I hadn't seen SourceCop before I decided on an encoder, so I didn't try
that out either.

ionCube is the one I went with. I ended up getting the Pro encoder and
the Pro GUI to go with it (don't remember what it all cost in the end),
and I have been very happy with the results thus far. I have been using
it steadily for about 3 months now, but haven't had any server
compatibility problems yet.

As for HTML, there is no way to encrypt HTML in a way that a web visitor
can't retrieve it rather quickly (most cases in less than 10 minutes).
HTML is what the browser needs to display the content, so without that,
you're SOL. There are javascript tools that claim to encrypt, but if the
visitor doesn't have js enabled, they get nothing worthwhile (read
"can't read your page at all"). Also, in order encrypt, they have to
have a decrypt function since you can't use byte-code with JS (ASAIK).
Besides, if you do something that you think is spectacular in HTML,
chances are you aren't the first to do it (by a long shot).

--
Justin Koivisto - ju****@koivi.com
http://koivi.com
Jul 17 '05 #2

P: n/a
I noticed that Message-ID: <d3**********@news-int.gatech.edu> from David
Williams contained the following:
Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible.
i.e. not viewable from the web.


Your php code is not viewable via the web anyway.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #3

P: n/a

"David Williams" <dw***@prism.gatech.edu> wrote in message
news:d3**********@news-int.gatech.edu...
Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible.
i.e. not viewable from the web.
PHP code is never viewable from the web, only the output it produces.
Also, is there an html encryptor or will the php encryptor
encrypt that, too?


It is not possible to encrypt HTML otherwise browsers would not be able to
display it.

--
Tony Marston

http://www.tonymarston.net


Jul 17 '05 #4

P: n/a
Hi,
I am using php 4.3.3 and has complied
mmcache.dll and TurckLoader.dll and added
this line to php.ini
--------------------
;Turck MMCache
zend_extension_ts="C:\PHP\extensions\mmcache.dll"
mmcache.shm_size="16"
mmcache.cache_dir="c:\mmcache"
mmcache.enable="1"
mmcache.optimizer="1"
mmcache.check_mtime="1"
mmcache.debug="0"
mmcache.filter=""
mmcache.shm_max="0"
mmcache.shm_ttl="0"
mmcache.shm_prune_period="0"
mmcache.shm_only="0"
mmcache.compress="1"
----------------------
I want to know how I can encode &decode my php files .
Plz give the steps . Thanks .

Jul 17 '05 #5

P: n/a
try roadsend compiler.. it produces native machine code and not byte
code. so it's believed to be faster and more secure.. They have a free
21 day trial.

Mike

Jul 17 '05 #6

P: n/a
Actually, PHP code can be viewed from the web...if the PHP compilier
breaks down.
Of course, using an os technology, I would encourage you to give your
source away, but as others mentions, there are encoding technologies
avaliable.

As for HTML, there are javascript obfuscators, but nothing that is
highly secure.

Jul 17 '05 #7

P: n/a
>Actually, PHP code can be viewed from the web...if the PHP compilier
breaks down.
This can happen briefly while you are upgrading PHP versions (if
the web server is left up while doing it), or if you accidentally
turn off PHP (upgrades have been known to install sample config
files over live ones, and no, I'm not blaming the stock PHP or Apache
distributions for this, it tends to be ports, packages, or rpms that
do this), or the PHP plug-in happens to have a bad disk sector in
it and it won't load.
Of course, using an os technology, I would encourage you to give your
source away, but as others mentions, there are encoding technologies
avaliable.


I do not encourage "open-source" passwords to online databases, PGP
keys, cert secret keys, social security numbers, or credit card
numbers, especially if the owner doesn't realize this.

I generally prefer to put such sensitive data (database access info;
code generally isn't an issue) in include files OUTSIDE the document
tree but in the PHP include path. If PHP breaks, the web server
won't serve such files. If PHP is working, you won't see the PHP
code including the passwords.

Another advantage is that I can change the database being used
easily, knowing that info is kept in only one place, and I can give
away the PHP code with much less risk that I accidentally give away
sensitive passwords.
As for HTML, there are javascript obfuscators, but nothing that is

highly secure.


Javascript is Turned Off(tm).

Gordon L. Burditt

Jul 17 '05 #8

P: n/a
Is there any free soft that can produce machine code for php ?
If I encode my script with turck-mmcache how one can decode it ?
Is it possible ?
Thanks .

Jul 17 '05 #9

P: n/a

"Justin Koivisto" <ju****@koivi.com> wrote in message
news:yY****************@news7.onvoy.net...
David Williams wrote:
Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible.
i.e. not viewable from the web.

Also, is there an html encryptor or will the php encryptor
encrypt that, too?


[Encoders:]
Free: http://turck-mmcache.sourceforge.net/
More Portable (cost money):
http://www.zend.com/store/products/zend-encoder.php (start @ US$960)
[others... snip]
Most portable (not encoders - distributes source in a difficult-to-read
way):
http://www.semdesigns.com/Products/O...bfuscator.html ($150)

I evaluated a few of the different *encoders* above. I liked turck, but
found that the ISPs I worked with didn't want to build and install the
necessary module.


This is the standard complaint about encoders; they require something
in the customer's PHP server to implement decoding,
which the customers very reasonably don't want want to configure and manage.

Source code obfuscators (such ours, the SD one listed above) require
*no* change to the customer's web server. Ours works with PHP4
and PHP5.

We offer another Obfuscator, to handle obfuscating the JavaScript code
in your pages, if you need that too.
--
Ira D. Baxter, Ph.D., CTO 512-250-1018
Semantic Designs, Inc. www.semdesigns.com
Jul 17 '05 #10

P: n/a
I want a free encoder .
Ira Baxter wrote:
"Justin Koivisto" <ju****@koivi.com> wrote in message
news:yY****************@news7.onvoy.net...
David Williams wrote:
Hello all. Anyone know of a free program I can use
to encrypt my php code? I would like it to be secure as possible. i.e. not viewable from the web.

Also, is there an html encryptor or will the php encryptor
encrypt that, too?
[Encoders:]
Free: http://turck-mmcache.sourceforge.net/
More Portable (cost money):
http://www.zend.com/store/products/zend-encoder.php (start @ US$960) [others... snip]
Most portable (not encoders - distributes source in a difficult-to-read way):
http://www.semdesigns.com/Products/O...bfuscator.html ($150)
I evaluated a few of the different *encoders* above. I liked turck, but found that the ISPs I worked with didn't want to build and install the necessary module.


This is the standard complaint about encoders; they require something
in the customer's PHP server to implement decoding,
which the customers very reasonably don't want want to configure and

manage.
Source code obfuscators (such ours, the SD one listed above) require
*no* change to the customer's web server. Ours works with PHP4
and PHP5.

We offer another Obfuscator, to handle obfuscating the JavaScript code in your pages, if you need that too.
--
Ira D. Baxter, Ph.D., CTO 512-250-1018
Semantic Designs, Inc. www.semdesigns.com


Jul 17 '05 #11

P: n/a
In article <11*********************@o13g2000cwo.googlegroups. com>,
m0********@yahoo.com wrote:
I want a free encoder.
And I want world peace. Dream on honey.
"I'll have what she's having..."

Ira Baxter wrote:
"Justin Koivisto" <ju****@koivi.com> wrote in message
news:yY****************@news7.onvoy.net...
David Williams wrote:

> Hello all. Anyone know of a free program I can use
> to encrypt my php code? I would like it to be secure as possible. > i.e. not viewable from the web.
>
> Also, is there an html encryptor or will the php encryptor
> encrypt that, too?

[Encoders:]
Free: http://turck-mmcache.sourceforge.net/
More Portable (cost money):
http://www.zend.com/store/products/zend-encoder.php (start @ US$960) [others... snip]
Most portable (not encoders - distributes source in a difficult-to-read way):
http://www.semdesigns.com/Products/O...bfuscator.html ($150)
I evaluated a few of the different *encoders* above. I liked turck, but found that the ISPs I worked with didn't want to build and install the necessary module.


This is the standard complaint about encoders; they require something
in the customer's PHP server to implement decoding,
which the customers very reasonably don't want want to configure and

manage.

Source code obfuscators (such ours, the SD one listed above) require
*no* change to the customer's web server. Ours works with PHP4
and PHP5.

We offer another Obfuscator, to handle obfuscating the JavaScript

code
in your pages, if you need that too.
--
Ira D. Baxter, Ph.D., CTO 512-250-1018
Semantic Designs, Inc. www.semdesigns.com


--
DeeDee, don't press that button! DeeDee! NO! Dee...

Jul 17 '05 #12

P: n/a
One quick glance of an experienced eye allowed to understand the blurred
and almost unreadable m0********@yahoo.com's handwriting:
I want a free encoder .


Well, then why don't you write one and place it, say, on SourceForge?
I think I could make use of it too, so don't hesitate.

Cheers
Mike
Jul 17 '05 #13

P: n/a
Thanks Michal Wozniak for your great idea .
Michal Wozniak wrote:
One quick glance of an experienced eye allowed to understand the blurred and almost unreadable m0********@yahoo.com's handwriting:
I want a free encoder .


Well, then why don't you write one and place it, say, on SourceForge?
I think I could make use of it too, so don't hesitate.

Cheers
Mike


Jul 17 '05 #14

P: n/a
One quick glance of an experienced eye allowed to understand the blurred
and almost unreadable m0********@yahoo.com's handwriting:
Thanks Michal Wozniak for your great idea .


Sure, anytime. :)

Cheers
Mike
Jul 17 '05 #15

This discussion thread is closed

Replies have been disabled for this discussion.