ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


 
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder

Can I Execute Encoded Files From A PHP Variable

Author Message
gator



Joined: 05 Oct 2005
Posts: 8

PostPosted: Wed Oct 05, 2005 8:21 pm    Post subject: Can I Execute Encoded Files From A PHP Variable Reply with quote

I used a feature of mmcache and am wondering how to do the same thing with ioncube. I could encode a file into a variable and execute it later.

One reason this would be useful is I am looking at a feature where I want to store encoded scripts in a database and execute on demand. This opens up the possibility of downloading and installing updates to a web application since I just need to update a table.

I suppose I could insert the encoded file into a table. But I wouldn't want to save it back out to a file just to execute it. What I'm looking for is something like:

$my_php_code = file_get_contents($file);
$encoded_php_code = ioncube_encode($my_php_code);

// Store in DB table

// Retrieve later and run
ioncube_execute($encoded_php_code);

Is this possible? Thanks!
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Wed Oct 05, 2005 10:15 pm    Post subject: Reply with quote

Hi

You can't encode data via the Loader API yet, however I'm not sure that's really the best way for your sceanario. For installing updates, I'd suggest URL fopen, downloading a regular ionCube encoded file, and storing it on the file system. The file system is afterall a natural database for files (obviously!), and rather better than kludging something via a database.
_________________
Community Admin
Back to top
View user's profile Send private message
gator



Joined: 05 Oct 2005
Posts: 8

PostPosted: Thu Oct 06, 2005 2:04 pm    Post subject: Reply with quote

Thanks for the reply Nick. My reluctance to use files is around security. I don't like giving the web server process write access to the filesystem. Allowing apache to write to my web root would concern me.

That said, my concern around the database is performance; a filesystem should be faster. But in a web environment I am more concerned about security. Especially since this is for a financial system.

I hope this will be considered for a feature request Smile

Tks!
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Thu Oct 06, 2005 7:42 pm    Post subject: Reply with quote

Hi

Thanks for the reply, and your thoughts are appreciated and noted.

In thie case though, I would consider the risks to be a) limited, and b) controllable. Together, there need be no risk, and only upside over the PHP variable route. The risks are limited as provided that your server is setup correctly, it shouldn't be possible for unauthorised apache requests to write to the area concerned. Add to that the fact that unless someone had access to the server, they would not know where to try and write, this alone should protect you. However, by building in the ability to determine whether or not a file is a genuine file, and perhaps by using the Loaders own include protection mechanisms, you would be able to not only guarantee that the files were the genuine article, but have the added bonus of intrusion detection if the files were found to be bogus. You will also need to consider whether or not storing data in the database really is more secure than storing it in a file.
_________________
Community Admin
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum