ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


 
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder

URL and View Source

Author Message
godisawesome
Guest





PostPosted: Tue May 10, 2005 8:41 pm    Post subject: URL and View Source Reply with quote

Using your PHP Encoder what does the user see when he selects View Source? Does he just see garbled data or does he see the page html?

Also, are the displayed URLs exactly the same as when our software was not compiled or are they somehow obfuscated?
Back to top
godisawesome



Joined: 10 May 2005
Posts: 5

PostPosted: Tue May 10, 2005 9:37 pm    Post subject: update Reply with quote

please update me when replied
Back to top
View user's profile Send private message
Alasdair



Joined: 11 Jan 2005
Posts: 30

PostPosted: Wed May 11, 2005 10:44 am    Post subject: Reply with quote

All the ionCube encoder does is encode the PHP. You can of course encode the HTML as well using another ionCube product.

With the normal encoder, the html will be just the same HTML as if the product wasn't encoded, and url's will still be exactly the same.
_________________
Alasdair Stewart - SolidPHP, Inc.
Home of the PHPAudit licensing system
Back to top
View user's profile Send private message Send e-mail
godisawesome



Joined: 10 May 2005
Posts: 5

PostPosted: Wed May 11, 2005 3:34 pm    Post subject: why encode when not distributed? Reply with quote

ok then.... just trying to understand...

If my php resides solely on a server I control 100% why would I need anything other than the free Obfuscating HTML Encoder?

This is a question my programmer keeps asking me but being paranoid with three years of coding in this project I was thinking it needed to be encoded.
Back to top
View user's profile Send private message
buggedcom



Joined: 12 Feb 2005
Posts: 14

PostPosted: Wed May 11, 2005 5:38 pm    Post subject: Reply with quote

even if you own the server or use a reseller the code itself is still viewable by thrid parties who have access to your server, ie the server admins. by encoding the php source you protect your product from everyone.

simple really.
Back to top
View user's profile Send private message
godisawesome



Joined: 10 May 2005
Posts: 5

PostPosted: Wed May 11, 2005 6:24 pm    Post subject: Reply with quote

thanks for the response!!

So if the server is a box in my secure computer room in my secure facility on my secure grounds I have nothing to worry about?

We will not distribute the code to anyone, it will reside only on our server.

My concern was if someone could take generated html available from the web to somehow figure out my code. My programmers all tell me this is simply not possible as the code resides outside of web assessable directories.

Therefore, in my case at least, I only need the encoder to protect the code from myself?
Back to top
View user's profile Send private message
buggedcom



Joined: 12 Feb 2005
Posts: 14

PostPosted: Wed May 11, 2005 6:27 pm    Post subject: Reply with quote

that is pretty much the case. remember it is always best to ur on the side of caution though.
Back to top
View user's profile Send private message
godisawesome



Joined: 10 May 2005
Posts: 5

PostPosted: Wed May 11, 2005 6:38 pm    Post subject: Reply with quote

buggedcom wrote:
it is always best to ur on the side of caution though.


yes... chance is my enemy

My gut says spend the money no matter what, which I will do as we have several hundred thousand dollars invested in this code not including process patents. However, trying not to look too green before my programmers I was hoping someone could offer up a rationale other than my gut.

OK.. new direction.

What are all of the options available to secure php code on a server? I only know of the encoder and obfuscator. Anything else I might need to look at?
Back to top
View user's profile Send private message
buggedcom



Joined: 12 Feb 2005
Posts: 14

PostPosted: Wed May 11, 2005 6:40 pm    Post subject: Reply with quote

keeping the os and security up-to-date is my only other advise, but by no means am i an expert.
Back to top
View user's profile Send private message
Alasdair



Joined: 11 Jan 2005
Posts: 30

PostPosted: Wed May 11, 2005 9:10 pm    Post subject: Reply with quote

If you were to encode the PHP on the server, then you might see a performance boost depending on what type of script and how you set everything up. (I'm sure Nick has some lovely statistics or something on this Wink)

If you were to encode the PHP, and then your server was hacked, the hacker wouldn't be able to get at your code - they'd see lots of random letters and numbers that mean nothing to them.

All in all, it won't hurt to encode your code Smile
_________________
Alasdair Stewart - SolidPHP, Inc.
Home of the PHPAudit licensing system
Back to top
View user's profile Send private message Send e-mail
godisawesome



Joined: 10 May 2005
Posts: 5

PostPosted: Wed May 11, 2005 9:31 pm    Post subject: Reply with quote

Alasdair wrote:
If .... your server was hacked


Hacked? The Lord forbid!

Yes... this was my primary argument.

Thanks for your help. You never know what one is likely to overlook, I have encryption on top of encryption in the office locked down by ip and password protection. They already snicker about my security precautions. These kids didn't grow up hacking into the phone system back in the good ole days. I figure that anything that can go wrong certainly will given enough time and a little bit of apathy.
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788

PostPosted: Thu May 12, 2005 1:52 pm    Post subject: Reply with quote

As has been said, one of the reasons for protecting your PHP code is from the possible effects of hackers. We're keen to promote awareness of this aspect, and have been seeing an increase in the number of customers purchasing to add an extra level of protection to their sites.

Risks of unprotected code include easy exposure of password and other static data to unauthorised third parties, theft of code itself, and modifying code to perform actions that it shouldn't. Some customers have also purchased as an aid to preventing their own staff from making unapproved changes.

Unauthorised persons and access can come from within as well as without. Developers, for example, whilst having access to source code and perhaps being granted access to live machines, (although larger organisations will quite correctly not give developer access to production machines), may not be authorised to have access to database passwords. In this case, code may be encoded to prevent discovery by developers of that information.

A thorough risk assessment will therefore take into account risks from not only hackers but also from employees, and ensure that adequate levels of protection are in place to cover all bases. Whilst one assumes that staff are trustworthy, a missed or lower than expected bonus, or any number of incidents may turn a formerly loyal employee into an unhappy one, and subsequently a potential business threat.
_________________
Community Admin
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum