PDA

View Full Version : Get out of my source!



nickname_changed
01-21-2004, 05:59 AM
Is there any way to make it so that once a CGI application has been created in say PHP, its source can't be read by anyone? Sortof like a way of compiling it?

All I can think of is removing all the newlines....

What about JSP? Does that get compiled into some kind of bytecode? Or whatabout .NET languages like C#?

XSquared
01-21-2004, 06:28 AM
Not with PHP, you can't. But then again, the only way to see the source code would be to FTP/telnet into the server and download it that way.

nickname_changed
01-21-2004, 06:32 AM
Thing is, if I have some software in PHP I'm selling to customers, I don't want them to be able to rip off my PHP source...

ober
01-21-2004, 07:20 AM
There is no way to "compile" PHP code to make it unreadable.

About the best thing you can do is make it overly complicated and use single letters for variables. But they can still copy and use it.

But like XSquared said, they are going to be the only ones that can see it... anyone else will have to log into their server and steal it.

Another way to secure it would be to host the files on your own server and force them to pay you to access it from there.

anonytmouse
01-21-2004, 10:37 AM
Not cheap:
http://www.zend.com/store/products/zend-encoder.php

Somewhat Cheaper:
http://pobs.mywalhalla.net/
http://www.google.com/search?q=php+obfuscator

sean
01-21-2004, 04:53 PM
Oh contare (I think). Wouldn't the "View Source" button display all the PHP code? Or would something about it being run on the server side force it to show something else?

You asked about .NET. Once the .NET source code is "built" it is changed into "managed code" I believe that this is unreadable like source code, but I'm not sure. That could be your best bet. ASP.NET or something like that would be perfect for the job.

XSquared
01-21-2004, 04:56 PM
Look at the source of these pages? Do you see any PHP? It's all executed on the server, so you should never see any PHP code, just its output.

vasanth
01-21-2004, 07:29 PM
Originally posted by XSquared
Look at the source of these pages? Do you see any PHP? It's all executed on the server, so you should never see any PHP code, just its output.

what he wanst is even the people who own the server should not be able to read the code on the php files...

nickname_changed
01-21-2004, 07:46 PM
Originally posted by vasanth
what he wanst is even the people who own the server should not be able to read the code on the php files...

Exactly.... does .NET or JSP do this? And can either of these languages interface with MySQL?

XSquared
01-21-2004, 08:05 PM
>>what he wanst is even the people who own the server should not be able to read the code on the php files...
That was a reply to sean_mackrory's post, not the OP.

>>Exactly.... does .NET or JSP do this? And can either of these languages interface with MySQL?
AFAIK, JSP is similar to PHP and ASP, that the source code is available to look at. Not sure about .NET though.

vasanth
01-21-2004, 08:21 PM
I guess using .NET you can convert it into some object code which is not the source but the compiled version of the source...

nvoigt
01-22-2004, 07:55 AM
.NET compiles into MSIL intermediate code, which can be decompiled into sourcecode with simple tools. There are Obfuscators because of this :rolleyes:

Fordy
01-22-2004, 12:46 PM
You can use servlets as opposed to JSP as they sit on the server as compiled Java Classes, but as with what nvoigt said about MIDL - it can easily be decompiled