Hi!
On 21 May 2014 21:40, Martin Keckeis <martin.keckeis1@gmail.com> wrote:
> Am 21.05.2014 16:51 schrieb "Rasmus Lerdorf" <rasmus@lerdorf.com>:
> >
> > On 5/21/14, 7:27 AM, Nicolai Scheer wrote:
> > > Hi,
> > >
> > > yes, we are shipping code to customers and they should not read the
> source.
> > > The level of protection gained from obfuscated code is not enough, but
> just
> > > delivering the opcodes would be ok.
> > >
> > > I know that the opcode array might be dumped, this is just to raise the
> > > bar. If I just obfuscate the code there's still the possibilty left to
> edit
> > > the code directly.
> > >
> >
> > It is completely trivial to turn opcodes back into PHP code. Sure, it
> > won't look exactly like the original, but it will run exactly the same
> > and can easily be modified. There are tools out there that let even a
> > complete neophyte do it.
> >
> > If you truly want to protect your code, ship a signed compiled C/C++
> > extension and put key components of your application in it. That is much
> > harder to reverse (anything can be reversed, of course) and it has the
> > added advantage of likely making your application faster.
> >
> > -Rasmus
> >
>
> Wasnt there zend guard sometime ago for this?
>
Zen guard is not an option, since it currently does not work with php 5.5.
It did not check if the encoded scripts for php 5.4 are usable with
opcache, though. Might be, because opcache was made out of ZendOptimizer+
if I remember correctly.
Greetings
Nico