ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


 
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder

Encoding for command-line PHP scripts...

Author Message
Steve Webster



Joined: 18 Jan 2005
Posts: 3

PostPosted: Tue Jan 18, 2005 1:39 pm    Post subject: Encoding for command-line PHP scripts... Reply with quote

Hi,

I have a bunch of PHP class files that need to be accessed by scripts invoked from the web or from the command line. Obviously I'd like to be as secure as possible in locking down these class files, but locking to a specific domain name gives the 'script not permissioned' message when the classes are included by the command-line script, presumable because there's no SERVER_NAME variable to check.

Is there any way of restricting a script to a specific domain if its run through a http server request, but just to the IP address if not?

Many thanks,

Steve
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Fri Jan 21, 2005 3:54 pm    Post subject: Reply with quote

This isn't possible with the current Loader, and it might not be desirable to have lack of the server name being set to trigger an override of any server name restriction, but it's something that we can consider for the future though. Thanks for the suggestion!

Nick
Back to top
View user's profile Send private message
Steve Webster



Joined: 18 Jan 2005
Posts: 3

PostPosted: Fri Jan 21, 2005 9:54 pm    Post subject: Reply with quote

Hi Nick,

Thanks for replying here as well as the support ticket.

Things seem to have moved on a bit since your last reply to the latter. You were talking about easily integrating this into the current loader, but now you seem to be saying that it's something to consider. That's fine by me as I have found another way for cron to trigger my scripts so that they are executed as part of a HTTP request. For anyone in the same boat as me, check out the curl, fetch or wget command-line tools - any one of them should solve the problem. Heck, even lynx with the proper command line options will do the trick.

For what it's worth, though, I agree that it might not always be desirable to allow what I'm suggesting. If you were to allow me to specify when encoding my files whether or not I'd like the option of ignoring server name restrictions if no server name information was available, I think that would solve the problem.
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Sat Jan 22, 2005 4:36 pm    Post subject: Reply with quote

Your latter suggestion would be the idea I think. We can supply a custom Loader to you if still required, which is what we offered, but for the general case there something else would be more ideal - hence the two different answers btw. Smile

I like your solution of using CURL or Wget though. That's an ingenious way to tackle what you were trying.

Nick
Back to top
View user's profile Send private message
Steve Webster



Joined: 18 Jan 2005
Posts: 3

PostPosted: Sun Jan 23, 2005 10:34 am    Post subject: Reply with quote

Hi Nick,

No worries about the custom loader, though thanks for the offer. It's unusual to find a vendor these days who are willing to go to such lengths to help out their customers.

It would be great if you could build this feature into the next minor encoder/loader pair. Although I've found a way to get around the problem now, it does mean that I have to have the cron script in a web accessible directory, which isn't ideal from a security point of view.

Anyway, thanks again for all your help!

Cheers,

Steve
Back to top
View user's profile Send private message
hooter



Joined: 31 Jul 2005
Posts: 1

PostPosted: Sun Aug 21, 2005 3:32 pm    Post subject: Reply with quote

Hi Nick,

I have now run into this very same issue with a client who is automating some process via cron which requires one of my encoded files.

Is a custom loader available or possibly has this been added to the feature-set of 6.0? (I haven't upgraded from 5 yet)


Thanks.
Back to top
View user's profile Send private message
jon
Site Admin


Joined: 15 Dec 2004
Posts: 23

PostPosted: Sun Aug 21, 2005 5:35 pm    Post subject: Reply with quote

Hi,

You could do this using the new licensing system which has been added to version 6. You are asking for custom license validation, which is enabled by the new Loader API. You could proceed as follows:

1) Specify that the encoded files require a license (--with-license)

2) Stop the Loader performing the license validation automatically with the option: --license-check script

3) Create the license with server IP restrictions, but without the domain name. Add the domain name to the license as a license property (so you can retrieve the domain from license using the Loader API).

4) In all encoded scripts that need locking, call a 'validation' function implemented in PHP using the new Loader API as follows:

5) Call the Loader API function

ioncube_license_matches_server()

which returns a bool. This will validate the IP address of the machine.

6) Check whether there is a server, or the script is run from CLI, by checking $_SERVER (for example) If it is from an http request, look up the server name from the license properties using

ioncube_license_properties()

and compare with $_SERVER['SERVER_NAME']

That's it!

Our Loader API has been designed to allow a large amount of flexibility in designing custom license schemes such as the one you need. You can tweak the above steps in many ways to produce modified behaviour.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum