Encrypt PHP Script

A

ajnnadeau

New member
May 21, 2007
42
1
0
I'm hoping more experienced programmers can help me with this question. I have a PHP script that I will be giving away, but I want to protect the source code in order to prevent people from stealing the code and selling it as their own.

My question is do you worry about people stealing your PHP scripts and if so, how do you protect yourself against people stealing your source code? Do you encrypt your PHP scripts? What is the best software to encrypt your PHP scripts and is there any free software out there to do that?

Thanks in advance for any help on this topic,
Andrew
 


you can encode it using software like ioncube, nusphere or sourceguardian but to tell you the truth, if someone wants your code, they'll most likely get it.. nothing will 'encode' your script to a point where someone cant break into it.. the only way you'll stop that from happening is to not give out the script at all.

nu-coder is opensource.. thats the closest you'll find (the rest all cost $...though you can find pirated copies all over the net... if you look you'll also find they come with decoders, which is what folks like us will be using).

Your best bet is to just be a man about it and release it open-source so the community can give you credit + even expand upon whatever you've done... notice you'll still get the credit in this scenario. Just my .02 cents
 
Brentdev,

Thanks for the reply. I've been struggling with the idea of releasing it open source. I keep flipping back and forth with the idea. I understand that if someone really wants my code they can get it, but figure that encrypting it will keep 99% of those who would even think about stealing my code from doing so.

Thanks again for the reply. I'll have to check out nu-coder.
 
If it's not a big application with some clever proprietary stuff in it, just open source it. If it's a few hundred lines, anyone could hire a guru to write it from scratch in a day. Sorry to be harsh, but if you don't know that PHP encrypters like ioncube exist, then you're probably over-estimating the coolness of your app.

But..

That doesn't mean you can't monetize it. Some ideas are paid customizations, support or installation, or if it's a script that needs hosting, you can host it for people and offer that as a service or put an API on it or something.
 
ajnnadeau said:
Brentdev,

Thanks for the reply. I've been struggling with the idea of releasing it open source. I keep flipping back and forth with the idea. I understand that if someone really wants my code they can get it, but figure that encrypting it will keep 99% of those who would even think about stealing my code from doing so.

Thanks again for the reply. I'll have to check out nu-coder.
Click to expand...
I really recommend Ioncube's online encoder if you're serious about this. Its the most secure by far.

If you can't control the distribution (by collecting names/contact information) you're probably screwed anyhow though. The best way in that case, would be to provide the "value" part of the code as SaaS. Some kind of web service or similar so that the "value" is never given to users, they have to request it from you - this could get expensive though in terms of bandwidth/processing.

I would NEVER EVER!!! use a script what use remote includes.
And if you're know what you're talking about, you should do the same.

A script what use remote includes is a red flag for me.
Click to expand...
That's not the ideal solution for sure, since any "hacker" could just save the resultant from the remote include to a PHP file and include locally. The ideal solution is to define a function as a web service: i.e., request yourserver.com/function/13,fred and that calls function(13, "fred") on the localhost and spits back the result. This would allow you to REQUIRE access to yourserver.com, which you can obviously control.

Joe.
 
I agree with the majority of posters. Like the Decaptcha site, make your offering a service and provide an API in a very simple PHP script to interface with it. Subscriptions are usually more profitable in the long run anyway.

I know some things don't lend themselves to a service implementation. In that case, the free encryption program is probably "good enough" code protection to prevent most cases of piracy. Determined pirates will decrypt it regardless, as previous stated by others.
 
If you're going to encrypt, use IonCube; it's the standard, and pretty hard to reverse.

This said, many people (myself included) will absolutely not buy an encrypted script -- it's an absolute deal killer. I seldom find a script that does exactly what I want, and as a programmer I've improved most every script I've bought, just for my own use. If I can't customize it, I don't want it, and I'm sure many others feel the same way.

On the other hand, if your script is targeted at non-programmers, maybe they don't care. But it still hurts sales some -- those non-programmers are the same people who will be emailing you saying they can't get the script to work and then you get to try to teach people to install zend extensions on a server they probably don't even have shell on and...

...and if you don't have some earthshaking trade secret in your script, just sell it in clear. Save you and your customers a lot of headaches.
 
Thanks everyone for the replies. It seems that the best thing to do is to release the script open source. I was leaning in that direction, but just wanted to generate some discussion to be sure I was on the right track. I had done some Google searches and searched here on the forum and couldn't find too much on the subject.

It seems like the added headaches of encrypting or encoding a script are not worth the hassle. It also seems that standard industry practice is to release a script open source.

Zorba, thanks for your feedback. I didn't think about people not buying a script if it is encrypted. You made a good point.
 
You must log in or register to reply here.
Top Bottom