Re: encode php scripts with opcache compatibility

From:	Johannes Schlüter	Date:	Thu, 22 May 2014 15:17:18 +0000
Subject:	Re: encode php scripts with opcache compatibility
References:	1 2 3 4 5	Groups:	php.internals
Request:	Send a blank email to internals+get-74432@lists.php.net to get a copy of this message

On Thu, 2014-05-22 at 16:54 +0200, Bas van Beek wrote:
> > Mind that a user could simply do something like this in an
> > auto_append_file to get all scripts:
> >
> >     <?php
> >     foreach (get_included_files() as $filename) {
> >         $sourcecode[$filename] = file_get_contents($filename);
> >     }
> >     ?>
> >
> > So this ains little over using a phar file.
> Maybe I'm missing something but I don't see that happen if PHP is 
> embedded in the C++ application through its own SAPI handler which will 
> not pick up any ini directives from external php.ini files.

If you are not giving scripting access to the user so they can't execute
(well, they might attach a debugger and call zend_eval_string() etc.)
PHP code than this is ok. My response was mostly to Kevin, whom I
understood in a way as we was up to making this a general purpose
"source code hiding extension" for "normal" deployments.

johannes



   

Thread (32 messages)

• Nicolai ScheerWed, 21 May 2014 10:20:43 +0000
  • Andrea FauldsWed, 21 May 2014 13:28:54 +0000
    • Kevin IngwersenWed, 21 May 2014 13:47:05 +0000
      • Andrea FauldsWed, 21 May 2014 13:52:41 +0000
        • Nicolai ScheerWed, 21 May 2014 14:27:50 +0000
          • Rasmus LerdorfWed, 21 May 2014 14:51:19 +0000
            • Martin KeckeisWed, 21 May 2014 19:40:50 +0000
              • Nicolai ScheerWed, 21 May 2014 20:06:30 +0000
            • Nicolai ScheerWed, 21 May 2014 20:12:51 +0000
              • Andrea FauldsWed, 21 May 2014 20:19:56 +0000
                • Andrey AndreevWed, 21 May 2014 21:39:51 +0000
                  • Johannes SchlüterWed, 21 May 2014 22:25:08 +0000
                    • Matteo BeccatiThu, 22 May 2014 07:37:12 +0000
                      • Nicolai ScheerThu, 22 May 2014 08:18:54 +0000
                    • Nicolai ScheerFri, 23 May 2014 13:31:52 +0000
              • Derick RethansWed, 21 May 2014 22:53:04 +0000
                • Nicolai ScheerFri, 23 May 2014 13:52:55 +0000
                  • Nicolai ScheerTue, 27 May 2014 09:20:47 +0000
              • Rowan CollinsWed, 21 May 2014 23:08:24 +0000
  • Bas van BeekThu, 22 May 2014 07:08:24 +0000
    • Kevin IngwersenThu, 22 May 2014 13:47:37 +0000
      • Arvids GodjuksThu, 22 May 2014 14:01:04 +0000
        • Nicolai ScheerFri, 23 May 2014 13:25:55 +0000
          • Arvids GodjuksFri, 23 May 2014 13:39:30 +0000
            • Nicolai ScheerFri, 23 May 2014 13:55:43 +0000
      • Johannes SchlüterThu, 22 May 2014 14:29:08 +0000
        • Bas van BeekThu, 22 May 2014 14:54:15 +0000
          • Johannes SchlüterThu, 22 May 2014 15:17:18 +0000
  • LazyThu, 22 May 2014 19:18:52 +0000
    • Nicolai ScheerFri, 23 May 2014 13:23:18 +0000
• Pierre JoyeWed, 21 May 2014 14:49:01 +0000Re: encode php scripts with opcache compatibility
• Thomas BleyThu, 22 May 2014 01:54:27 +0000Re: encode php scripts with opcache compatibility