Best solution to protect PHP code without encryption

Question

First of all  I m not looking for miracle    I know how PHP works and that there s not really way to hide my code from the clients without using encryption  But that comes with the cost of an extension to be installed on the running server   I m looking for something different though    I m not looking to encrypt my code or even obfuscate it  There are many PHP scripts without encrypted obfuscated code but they are commercial applications  For instance  vBulletin and or IP Board forum applications   I just want to know what approach do these guys use for their applications     I m also open to any other suggestions   Please note that I m a single person and not working for a company  My product is also very specific  it won t sell that much  I just want you guys to know that I can t afford to consult a legal professional either to sue someone or prepare a commercial license  I m just looking for a simple way to protect my simple product  if it s indeed possible  somehow

User · Answer

See our SD PHP Obfuscator    Handles huge systems of PHP files   No runtime requirements on PHP server   No extra runtime overhead    EDIT May 2016  A recent answer noted that Zend does not handle PHP5 5   The SD PHP Obfuscator does

User · Answer

You could use a php compiler   Roadsend  phc

User · Answer

Obfuscating things can only inconvenience your legitimate  law-abiding customers  while the people who would would rip you off are not your target paying customers anyway    edited out other thoughts about obfuscation   Another suggestion for protecting your software   create a business model in which the code is an incomplete part of the value of your offering   For example  sell product licenses along with access to some data you manage on your site  or license the product on a subscription model or with customer support   Designing a EULA is a legal matter  not a coding matter   You can start by reading some EULA text for products and websites you use   You might find some interesting details   Creating a proprietary license is is highly flexible  and probably a subject beyond the intended scope of StackOverflow  since it s not strictly about coding   Some parts of a EULA that come to mind    Limiting your liability if the product has bugs or causes damage  Spelling out how the customer can use their licensed software  for how long  on how many machines  with or without redistribution rights  etc  Giving you rights to audit their site  so you can enforce the licenses  What happens if they violate the EULA  e g  they lose their privilege to use your software    You should consult a legal professional to prepare a commercial EULA   edit  If this project can t justify the expense of a lawyer  check out these resources     EULA advice  on joelonsoftware  How to Write an End User License Agreement

User · Answer

They distribute their software under a proprietary license  The law protects their rights and prevents their customers from redistributing the source  though there is no actual difficulty doing so   But as you might be well aware  copyright infringement  piracy  of software products is a pretty common phenomenon

User · Answer

So let me see  we want to show adam and eve there s some forbidden fruit in a tree  adn we  d  like a way to prevent them from eating      How about having an angel with a flaming sword    Might sound naive  and I dunno what your application does actually  but what about the extensive use of includes  For the legitimate user  is all the software that should be visible or only parts of it  Because you could obfuscate and give a copy of source code to legitimate You could wrap the php in a container like Phalanger   NET  Perhaps your concerned with external theft  meaning your code freely visible over the web as customers uses it   This could be worth investing in a cheap web site hosting  for  50 a year  registering your legit customers with a serial in their code and have your app posting info to your web site regularly   At least  you d detect when code has been compromised   You could push it with a self destruct after n days  giving you enough time to contact your customer and change the serial   This could be the only obfuscated include   of the whole code

User · Answer

The only way to really protect your php-applications from other  is to not share the source code  If you post you code somewhere online  or send it to you customers by some medium  other people than you have access to the code   You could add an unique watermark to every single copy of your code  That way you can trace leaks back to a singe customer   But will that help you  since the code already are outside of your control    Most code I see comes with a licence and maybe a warranty  A line at the top of the script telling people not to alter the script  will maybe be enought  Self  when I find non-open source code  I won t use it in my projects  Maybe I m a bit dupe  but I expect ppl not to use my none-OSS code

User · Answer

Obfuscating things can only inconvenience your legitimate  law-abiding customers  while the people who would would rip you off are not your target paying customers anyway    edited out other thoughts about obfuscation   Another suggestion for protecting your software   create a business model in which the code is an incomplete part of the value of your offering   For example  sell product licenses along with access to some data you manage on your site  or license the product on a subscription model or with customer support   Designing a EULA is a legal matter  not a coding matter   You can start by reading some EULA text for products and websites you use   You might find some interesting details   Creating a proprietary license is is highly flexible  and probably a subject beyond the intended scope of StackOverflow  since it s not strictly about coding   Some parts of a EULA that come to mind    Limiting your liability if the product has bugs or causes damage  Spelling out how the customer can use their licensed software  for how long  on how many machines  with or without redistribution rights  etc  Giving you rights to audit their site  so you can enforce the licenses  What happens if they violate the EULA  e g  they lose their privilege to use your software    You should consult a legal professional to prepare a commercial EULA   edit  If this project can t justify the expense of a lawyer  check out these resources     EULA advice  on joelonsoftware  How to Write an End User License Agreement

User · Answer

They distribute their software under a proprietary license  The law protects their rights and prevents their customers from redistributing the source  though there is no actual difficulty doing so   But as you might be well aware  copyright infringement  piracy  of software products is a pretty common phenomenon

User · Answer

So let me see  we want to show adam and eve there s some forbidden fruit in a tree  adn we  d  like a way to prevent them from eating      How about having an angel with a flaming sword    Might sound naive  and I dunno what your application does actually  but what about the extensive use of includes  For the legitimate user  is all the software that should be visible or only parts of it  Because you could obfuscate and give a copy of source code to legitimate You could wrap the php in a container like Phalanger   NET  Perhaps your concerned with external theft  meaning your code freely visible over the web as customers uses it   This could be worth investing in a cheap web site hosting  for  50 a year  registering your legit customers with a serial in their code and have your app posting info to your web site regularly   At least  you d detect when code has been compromised   You could push it with a self destruct after n days  giving you enough time to contact your customer and change the serial   This could be the only obfuscated include   of the whole code

User · Answer

in my opinion is  but just in case if your php code program is written for standalone model    best solutions is c  You could wrap the php in a container like Phalanger   NET   as everyone knows it s bind tightly to the system especially if your program is intended for windows users  you just can make your own protection algorithm in windows programming language like  NET VB C  or whatever you know in  NET prog lang family sets

User · Answer

Zend Guard does not support php 5 5 and is easy to reverse  go for http   www ioncube com for obfuscation  http   wwww phplicengine com can license the scripts remotely or locally

User · Answer

See our SD PHP Obfuscator    Handles huge systems of PHP files   No runtime requirements on PHP server   No extra runtime overhead    EDIT May 2016  A recent answer noted that Zend does not handle PHP5 5   The SD PHP Obfuscator does

User · Answer

If you can t create a  cloud app  that you host yourself and they access via the Web  then you could look into creating a virtual appliance using a virtual server  from VMWare  Parallels  Sun  etc  and install a  lite  version of Linux on that  Put your PHP code in the virtual environment and install the virtual machine on their server  Make sure to create a way to prevent loading into root  Of course  this would involve physically visiting the client yourself

User · Answer

I have not looked at the VBulletin source code in some time  but the way they used to do it around 2003 was to embed a call to their server inside the code  IIRC  it was on a really long code line  like 200-300  chars long  and was broken up over several string concatenations and such    It did nothing  bad  if you pirated it - the forum still worked 100   But your server s IP was logged along with other info and they used that to investigate and take legal action    Your license number was embedded in this call  so they could easily track how many IPs websites a given licensed copy was running on

User · Answer

You could use a php compiler   Roadsend  phc

User · Answer

They distribute their software under a proprietary license  The law protects their rights and prevents their customers from redistributing the source  though there is no actual difficulty doing so   But as you might be well aware  copyright infringement  piracy  of software products is a pretty common phenomenon

User · Answer

You could use a php compiler   Roadsend  phc

User · Answer

You need to consider your objectives   1  Are you trying to prevent people from reading modifying your code   If yes  you ll need an obfuscation encryption tool   I ve used Zend Guard with good success   2  Are you trying to prevent unauthorized redistribution of your code    A EULA proprietary license will give you the legal power to prevent that  but won t actually stop it   An key activation scheme will allow you to actively monitor usage  but can be removed unless you also encrypt your code   Zend Guard also has capabilities to lock a particular script to a particular customer machine and or create time limited versions of the code if that s what you want to do   I m not familiar with vBulletin and the like  but they d either need to encrypt obfuscate or trust their users to do the right thing   In the latter case they have the protection of having a EULA which prohibits the behaviors they find undesirable  and the legal system to back up breaches of the EULA     If you re not prepared able to take legal action to protect your software and you don t want to encrypt obfuscate  your options are a  Release it with a EULA so you re have a legal option if you ever need it and hope for the best  or b  consider whether an open source license might be more appropriate and just allow redistribution

User · Answer

You need to consider your objectives   1  Are you trying to prevent people from reading modifying your code   If yes  you ll need an obfuscation encryption tool   I ve used Zend Guard with good success   2  Are you trying to prevent unauthorized redistribution of your code    A EULA proprietary license will give you the legal power to prevent that  but won t actually stop it   An key activation scheme will allow you to actively monitor usage  but can be removed unless you also encrypt your code   Zend Guard also has capabilities to lock a particular script to a particular customer machine and or create time limited versions of the code if that s what you want to do   I m not familiar with vBulletin and the like  but they d either need to encrypt obfuscate or trust their users to do the right thing   In the latter case they have the protection of having a EULA which prohibits the behaviors they find undesirable  and the legal system to back up breaches of the EULA     If you re not prepared able to take legal action to protect your software and you don t want to encrypt obfuscate  your options are a  Release it with a EULA so you re have a legal option if you ever need it and hope for the best  or b  consider whether an open source license might be more appropriate and just allow redistribution

User · Answer

The only way to really protect your php-applications from other  is to not share the source code  If you post you code somewhere online  or send it to you customers by some medium  other people than you have access to the code   You could add an unique watermark to every single copy of your code  That way you can trace leaks back to a singe customer   But will that help you  since the code already are outside of your control    Most code I see comes with a licence and maybe a warranty  A line at the top of the script telling people not to alter the script  will maybe be enought  Self  when I find non-open source code  I won t use it in my projects  Maybe I m a bit dupe  but I expect ppl not to use my none-OSS code

User · Answer

Zend Guard does not support php 5 5 and is easy to reverse  go for http   www ioncube com for obfuscation  http   wwww phplicengine com can license the scripts remotely or locally

User · Answer

You could use a php compiler   Roadsend  phc

User · Answer

Obfuscating things can only inconvenience your legitimate  law-abiding customers  while the people who would would rip you off are not your target paying customers anyway    edited out other thoughts about obfuscation   Another suggestion for protecting your software   create a business model in which the code is an incomplete part of the value of your offering   For example  sell product licenses along with access to some data you manage on your site  or license the product on a subscription model or with customer support   Designing a EULA is a legal matter  not a coding matter   You can start by reading some EULA text for products and websites you use   You might find some interesting details   Creating a proprietary license is is highly flexible  and probably a subject beyond the intended scope of StackOverflow  since it s not strictly about coding   Some parts of a EULA that come to mind    Limiting your liability if the product has bugs or causes damage  Spelling out how the customer can use their licensed software  for how long  on how many machines  with or without redistribution rights  etc  Giving you rights to audit their site  so you can enforce the licenses  What happens if they violate the EULA  e g  they lose their privilege to use your software    You should consult a legal professional to prepare a commercial EULA   edit  If this project can t justify the expense of a lawyer  check out these resources     EULA advice  on joelonsoftware  How to Write an End User License Agreement

User · Answer

They distribute their software under a proprietary license  The law protects their rights and prevents their customers from redistributing the source  though there is no actual difficulty doing so   But as you might be well aware  copyright infringement  piracy  of software products is a pretty common phenomenon

User · Answer

You need to consider your objectives   1  Are you trying to prevent people from reading modifying your code   If yes  you ll need an obfuscation encryption tool   I ve used Zend Guard with good success   2  Are you trying to prevent unauthorized redistribution of your code    A EULA proprietary license will give you the legal power to prevent that  but won t actually stop it   An key activation scheme will allow you to actively monitor usage  but can be removed unless you also encrypt your code   Zend Guard also has capabilities to lock a particular script to a particular customer machine and or create time limited versions of the code if that s what you want to do   I m not familiar with vBulletin and the like  but they d either need to encrypt obfuscate or trust their users to do the right thing   In the latter case they have the protection of having a EULA which prohibits the behaviors they find undesirable  and the legal system to back up breaches of the EULA     If you re not prepared able to take legal action to protect your software and you don t want to encrypt obfuscate  your options are a  Release it with a EULA so you re have a legal option if you ever need it and hope for the best  or b  consider whether an open source license might be more appropriate and just allow redistribution

User · Answer

The only way to really protect your php-applications from other  is to not share the source code  If you post you code somewhere online  or send it to you customers by some medium  other people than you have access to the code   You could add an unique watermark to every single copy of your code  That way you can trace leaks back to a singe customer   But will that help you  since the code already are outside of your control    Most code I see comes with a licence and maybe a warranty  A line at the top of the script telling people not to alter the script  will maybe be enought  Self  when I find non-open source code  I won t use it in my projects  Maybe I m a bit dupe  but I expect ppl not to use my none-OSS code

User · Answer

I have not looked at the VBulletin source code in some time  but the way they used to do it around 2003 was to embed a call to their server inside the code  IIRC  it was on a really long code line  like 200-300  chars long  and was broken up over several string concatenations and such    It did nothing  bad  if you pirated it - the forum still worked 100   But your server s IP was logged along with other info and they used that to investigate and take legal action    Your license number was embedded in this call  so they could easily track how many IPs websites a given licensed copy was running on

User · Answer

You need to consider your objectives   1  Are you trying to prevent people from reading modifying your code   If yes  you ll need an obfuscation encryption tool   I ve used Zend Guard with good success   2  Are you trying to prevent unauthorized redistribution of your code    A EULA proprietary license will give you the legal power to prevent that  but won t actually stop it   An key activation scheme will allow you to actively monitor usage  but can be removed unless you also encrypt your code   Zend Guard also has capabilities to lock a particular script to a particular customer machine and or create time limited versions of the code if that s what you want to do   I m not familiar with vBulletin and the like  but they d either need to encrypt obfuscate or trust their users to do the right thing   In the latter case they have the protection of having a EULA which prohibits the behaviors they find undesirable  and the legal system to back up breaches of the EULA     If you re not prepared able to take legal action to protect your software and you don t want to encrypt obfuscate  your options are a  Release it with a EULA so you re have a legal option if you ever need it and hope for the best  or b  consider whether an open source license might be more appropriate and just allow redistribution

User · Answer

I have not looked at the VBulletin source code in some time  but the way they used to do it around 2003 was to embed a call to their server inside the code  IIRC  it was on a really long code line  like 200-300  chars long  and was broken up over several string concatenations and such    It did nothing  bad  if you pirated it - the forum still worked 100   But your server s IP was logged along with other info and they used that to investigate and take legal action    Your license number was embedded in this call  so they could easily track how many IPs websites a given licensed copy was running on

User · Answer

If you can t create a  cloud app  that you host yourself and they access via the Web  then you could look into creating a virtual appliance using a virtual server  from VMWare  Parallels  Sun  etc  and install a  lite  version of Linux on that  Put your PHP code in the virtual environment and install the virtual machine on their server  Make sure to create a way to prevent loading into root  Of course  this would involve physically visiting the client yourself

User · Answer

I have not looked at the VBulletin source code in some time  but the way they used to do it around 2003 was to embed a call to their server inside the code  IIRC  it was on a really long code line  like 200-300  chars long  and was broken up over several string concatenations and such    It did nothing  bad  if you pirated it - the forum still worked 100   But your server s IP was logged along with other info and they used that to investigate and take legal action    Your license number was embedded in this call  so they could easily track how many IPs websites a given licensed copy was running on

User · Answer

The only way to really protect your php-applications from other  is to not share the source code  If you post you code somewhere online  or send it to you customers by some medium  other people than you have access to the code   You could add an unique watermark to every single copy of your code  That way you can trace leaks back to a singe customer   But will that help you  since the code already are outside of your control    Most code I see comes with a licence and maybe a warranty  A line at the top of the script telling people not to alter the script  will maybe be enought  Self  when I find non-open source code  I won t use it in my projects  Maybe I m a bit dupe  but I expect ppl not to use my none-OSS code

User · Answer

Obfuscating things can only inconvenience your legitimate  law-abiding customers  while the people who would would rip you off are not your target paying customers anyway    edited out other thoughts about obfuscation   Another suggestion for protecting your software   create a business model in which the code is an incomplete part of the value of your offering   For example  sell product licenses along with access to some data you manage on your site  or license the product on a subscription model or with customer support   Designing a EULA is a legal matter  not a coding matter   You can start by reading some EULA text for products and websites you use   You might find some interesting details   Creating a proprietary license is is highly flexible  and probably a subject beyond the intended scope of StackOverflow  since it s not strictly about coding   Some parts of a EULA that come to mind    Limiting your liability if the product has bugs or causes damage  Spelling out how the customer can use their licensed software  for how long  on how many machines  with or without redistribution rights  etc  Giving you rights to audit their site  so you can enforce the licenses  What happens if they violate the EULA  e g  they lose their privilege to use your software    You should consult a legal professional to prepare a commercial EULA   edit  If this project can t justify the expense of a lawyer  check out these resources     EULA advice  on joelonsoftware  How to Write an End User License Agreement

User · Answer

in my opinion is  but just in case if your php code program is written for standalone model    best solutions is c  You could wrap the php in a container like Phalanger   NET   as everyone knows it s bind tightly to the system especially if your program is intended for windows users  you just can make your own protection algorithm in windows programming language like  NET VB C  or whatever you know in  NET prog lang family sets

[php] Best solution to protect PHP code without encryption

Examples related to php

Examples related to encryption

Examples related to obfuscation