Re: encode php scripts with opcache compatibility
On Thu, 2014-05-22 at 15:47 +0200, Kevin Ingwersen wrote:
> Definitively an aproach I am going to test out myself, to learn more
> about this.
Mind that a user could simply do something like this in an
auto_append_file to get all scripts:
<?php
foreach (get_included_files() as $filename) {
$sourcecode[$filename] = file_get_contents($filename);
}
?>
So this ains little over using a phar file.
The question is from what kind of users one wants to hide this ...
>
The simple solutions provide ways to retrieve the source code easily (be
it by a simple printf() in the engine .. even that should be doable by
everybody who could understand the source and who has interest in it).
The a bit more advanced ways allow dumping opcodes which can be used to
Recreate the PHP code quite closely (our opcodes are quite high level
and we don't do notable optimisations, we even keep original names for
most things)
More advanced solutions use an extra executor and (more or less)
modified opcodes. This requires hacking this opcode ... has been done in
the past.
So maybe indeed go to system level (C / C++) languages.
What you also can do is rethink your business model, if you distrust the
users that much maybe you don't bring them the notable business value.
I've seen different companies which got rid of opcode encryption and the
customers loved the simpler deployment ...
(and yes, there are [more or less] valid business models around specific
algorithms, if the secrecy of the algorithm really is your value then
put it in C)
johannes
Thread (32 messages)