473,246 Members | 1,583 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,246 software developers and data experts.

Risk of stealing php code?

I am an ASP, selling hosted software and am concerned that someone will
steal my source code and resell it? I did a google search and it seems
unlikely since it is typically easier to write one's own script from
scratch then try and figure out what someone else has done (for code <
10,000 total lines). Plus there is so much open source scripts out
there already for people to copy and modify for their own needs that
they should not have to do something illegal. What do you think?

I know there are php obfuscators but my code is under daily development
.. It would be a pain to constantly run the obfuscator each time I make
a small change to it.

Jul 17 '05 #1
5 4704
In article <11********************@g44g2000cwa.googlegroups.c om>,
el*************@yahoo.com wrote:
I am an ASP, selling hosted software and am concerned that someone will
steal my source code and resell it? I did a google search and it seems
unlikely since it is typically easier to write one's own script from
scratch then try and figure out what someone else has done (for code <
10,000 total lines). Plus there is so much open source scripts out
there already for people to copy and modify for their own needs that
they should not have to do something illegal. What do you think?

I know there are php obfuscators but my code is under daily development
. It would be a pain to constantly run the obfuscator each time I make
a small change to it.


Well, don't put your development code on-line and in production. Only
put obfuscated code in production. If you following product cycle
methodology, this should be a problem.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Jul 17 '05 #2
NC
el*************@yahoo.com wrote:

I am an ASP, selling hosted software and am concerned that
someone will steal my source code and resell it?
Unless they have access to your PHP files via FTP or Telnet,
this is a near-impossibility. There's always a chance that
one of your files allows a code injection, but those are
rare in well thought out applications.
I know there are php obfuscators
Yes; there are also PHP encoders and PHP compilers.
but my code is under daily development. It would be a pain
to constantly run the obfuscator each time I make a small
change to it.


Use source control and release new builds daily.

Cheers,
NC

Jul 17 '05 #3
"NC" <nc@iname.com> writes:
el*************@yahoo.com wrote:

I am an ASP, selling hosted software and am concerned that
someone will steal my source code and resell it?


Unless they have access to your PHP files via FTP or Telnet,
this is a near-impossibility. There's always a chance that
one of your files allows a code injection, but those are
rare in well thought out applications.


You are true.

One thing besides FTP and Telnet whaich can give sometimes
access to the PHP source code.

It is possible to have such HTTP server misconfiguration
that PHP files are not run thourhg PHP parser, but are
sent to the user as they are.
There is a small risk that this kind of thign happens when
you make major changes to your server configuration or
you upgade server to newer version that needs somewhat
different configuration.

I have seen it happen that user gets the source code
instead the PHP output..
--
Tomi Engdahl (http://www.iki.fi/then/)
Take a look at my electronics web links and documents at
http://www.epanorama.net/
Jul 17 '05 #4
"el_roachmeister" wrote:
I am an ASP, selling hosted software and am concerned that
someone will
steal my source code and resell it? I did a google search and
it seems
unlikely since it is typically easier to write one's own
script from
scratch then try and figure out what someone else has done
(for code <
10,000 total lines). Plus there is so much open source scripts
out
there already for people to copy and modify for their own
needs that
they should not have to do something illegal. What do you
think?

I know there are php obfuscators but my code is under daily
development
.. It would be a pain to constantly run the obfuscator each
time I make
a small change to it.


I would not use obfuscators, since you have to protect certain
variables (e.g. query string variables) against being obfuscated,
which is headache. Also as you correctly stated, you have to
obfuscate all the files.

Instead, use php encoders which encode files individually. That way,
if you make a change to one file, you can just upload it, knowing that
all your other files are encoded, and there is only a small risk.

Look into Zend small biz program, or mmcache (free), or ionsphere.

steve

--
Posted using the http://www.dbforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbforumz.com/PHP-Risk-ste...ict229495.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbforumz.com/eform.php?p=796275
Jul 17 '05 #5
Tomi Holger Engdahl wrote:
"NC" <nc@iname.com> writes:

el*************@yahoo.com wrote:
I am an ASP, selling hosted software and am concerned that
someone will steal my source code and resell it?


Unless they have access to your PHP files via FTP or Telnet, this
is a near-impossibility. There's always a chance that one of your
files allows a code injection, but those are rare in well thought
out applications.


You are true.

One thing besides FTP and Telnet whaich can give sometimes access to
the PHP source code.

It is possible to have such HTTP server misconfiguration that PHP
files are not run thourhg PHP parser, but are sent to the user as
they are. There is a small risk that this kind of thign happens when
you make major changes to your server configuration or you upgade
server to newer version that needs somewhat different configuration.

I have seen it happen that user gets the source code instead the PHP
output..


That's why you should put all php files with interesting content outside
the docroot, and why hosting providers should give the possibility for
doing so.

Hans

--
"He who asks a question is a fool for five minutes;
he who does not ask a question remains a fool forever"
Jul 17 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: mthlv12 | last post by:
If you are a minority at IBM check your credit cards carefully, IBM human resources may be stealing from you. I found $370 of charges on my card, it was done by human resources and it took me 5...
2
by: Robert Misiak | last post by:
Is it possible to display a window on top without it stealing focus? (and I'm not talking about stealing focus from my application - I'm talking about it stealing focus from any application.) ...
0
by: gkelly | last post by:
I have an AppBar that works fine, except for one problem. It's stealing focus -The AppBar is written in C# -Access to it is via a COM object -Main app is a C++ app. -Button on app will use...
2
by: BluDog | last post by:
Hi I have a borderless form that i am using as a popup, i want to display this form without it stealing focus from the form it pops up over. I do not want to display the form modally, as when...
21
by: Sharon | last post by:
I have added an auto scroll feature to my DataGrid control like this: private void DoAutoScroll() { DataView dv = m_DataGrid.DataSource as DataView; DataGridCell cell = m_DataGrid.CurrentCell;...
4
by: Ham Pastrami | last post by:
My hosting provider has register_globals on. How big of a security risk is this, and is there a workaround for it if I can't convince them to turn it off? At the moment I am running phpbb and...
1
by: Ibrahim. | last post by:
Hello, I need to know how to protect cookies from tampering or stealing. I want to ensure the cookie is binded to a particular client only. Only the requested client should have access to the...
7
by: Dave Booker | last post by:
I am using a WebBrowser object in my .NET 2.0 application, but it is not shown to the user. Every time a timer event triggers it to perform a m_WebBrowser.Navigate() I get that classic IE 'click'...
8
by: gw7rib | last post by:
I've been bitten twice now by the same bug, and so I thought I would draw it to people's attention to try to save others the problems I've had. The bug arises when you copy code from a destructor...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.