Am 21.05.2014 16:51 schrieb "Rasmus Lerdorf" <rasmus@lerdorf.com>:
>
> On 5/21/14, 7:27 AM, Nicolai Scheer wrote:
> > Hi,
> >
> > yes, we are shipping code to customers and they should not read the
source.
> > The level of protection gained from obfuscated code is not enough, but
just
> > delivering the opcodes would be ok.
> >
> > I know that the opcode array might be dumped, this is just to raise the
> > bar. If I just obfuscate the code there's still the possibilty left to
edit
> > the code directly.
> >
>
> It is completely trivial to turn opcodes back into PHP code. Sure, it
> won't look exactly like the original, but it will run exactly the same
> and can easily be modified. There are tools out there that let even a
> complete neophyte do it.
>
> If you truly want to protect your code, ship a signed compiled C/C++
> extension and put key components of your application in it. That is much
> harder to reverse (anything can be reversed, of course) and it has the
> added advantage of likely making your application faster.
>
> -Rasmus
>
Wasnt there zend guard sometime ago for this?