Risk of stealing php code?

In article <11********************@g44g2000cwa.googlegroups.c om>,
el*************@yahoo.com wrote:

I am an ASP, selling hosted software and am concerned that someone will
steal my source code and resell it? I did a google search and it seems
unlikely since it is typically easier to write one's own script from
scratch then try and figure out what someone else has done (for code <
10,000 total lines). Plus there is so much open source scripts out
there already for people to copy and modify for their own needs that
they should not have to do something illegal. What do you think?

I know there are php obfuscators but my code is under daily development
. It would be a pain to constantly run the obfuscator each time I make
a small change to it.

Well, don't put your development code on-line and in production. Only
put obfuscated code in production. If you following product cycle
methodology, this should be a problem.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

el*************@yahoo.com wrote:

I am an ASP, selling hosted software and am concerned that
someone will steal my source code and resell it?
Unless they have access to your PHP files via FTP or Telnet,
this is a near-impossibility. There's always a chance that
one of your files allows a code injection, but those are
rare in well thought out applications.
I know there are php obfuscators
Yes; there are also PHP encoders and PHP compilers.
but my code is under daily development. It would be a pain
to constantly run the obfuscator each time I make a small
change to it.

Use source control and release new builds daily.

Cheers,
NC

"NC" <nc@iname.com> writes:

el*************@yahoo.com wrote:

I am an ASP, selling hosted software and am concerned that
someone will steal my source code and resell it?

Unless they have access to your PHP files via FTP or Telnet,
this is a near-impossibility. There's always a chance that
one of your files allows a code injection, but those are
rare in well thought out applications.

You are true.

One thing besides FTP and Telnet whaich can give sometimes
access to the PHP source code.

It is possible to have such HTTP server misconfiguration
that PHP files are not run thourhg PHP parser, but are
sent to the user as they are.
There is a small risk that this kind of thign happens when
you make major changes to your server configuration or
you upgade server to newer version that needs somewhat
different configuration.

I have seen it happen that user gets the source code
instead the PHP output..
--
Tomi Engdahl (http://www.iki.fi/then/)
Take a look at my electronics web links and documents at
http://www.epanorama.net/

"el_roachmeister" wrote:

I am an ASP, selling hosted software and am concerned that
someone will
steal my source code and resell it? I did a google search and
it seems
unlikely since it is typically easier to write one's own
script from
scratch then try and figure out what someone else has done
(for code <
10,000 total lines). Plus there is so much open source scripts
out
there already for people to copy and modify for their own
needs that
they should not have to do something illegal. What do you
think?

I know there are php obfuscators but my code is under daily
development
.. It would be a pain to constantly run the obfuscator each
time I make
a small change to it.

I would not use obfuscators, since you have to protect certain
variables (e.g. query string variables) against being obfuscated,
which is headache. Also as you correctly stated, you have to
obfuscate all the files.

Instead, use php encoders which encode files individually. That way,
if you make a change to one file, you can just upload it, knowing that
all your other files are encoded, and there is only a small risk.

Look into Zend small biz program, or mmcache (free), or ionsphere.

steve

--
Posted using the http://www.dbforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbforumz.com/PHP-Risk-ste...ict229495.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbforumz.com/eform.php?p=796275

Tomi Holger Engdahl wrote:

"NC" <nc@iname.com> writes:

el*************@yahoo.com wrote:

I am an ASP, selling hosted software and am concerned that
someone will steal my source code and resell it?

Unless they have access to your PHP files via FTP or Telnet, this
is a near-impossibility. There's always a chance that one of your
files allows a code injection, but those are rare in well thought
out applications.

You are true.

One thing besides FTP and Telnet whaich can give sometimes access to
the PHP source code.

It is possible to have such HTTP server misconfiguration that PHP
files are not run thourhg PHP parser, but are sent to the user as
they are. There is a small risk that this kind of thign happens when
you make major changes to your server configuration or you upgade
server to newer version that needs somewhat different configuration.

I have seen it happen that user gets the source code instead the PHP
output..

That's why you should put all php files with interesting content outside
the docroot, and why hosting providers should give the possibility for
doing so.

Hans

--
"He who asks a question is a fool for five minutes;
he who does not ask a question remains a fool forever"