Menu
Has anybody used a good obfuscator for PHP? I've tried some but they don't work for very big projects. They can't handle variables that are included in one file and used in another, for instance.
Or do you have any other tricks for stopping the spread of your code?
240
With PHP Obfuscator, no complete illegibility of the source code can be achieved, since the PHP server must be still able to process the script - even without additional software installed on the server. For proper processing of the script, the full source code or the entire file (including HTML tags) should be pasted.
If you'd really want to make it unreadable and inaccessible use APC or OPcache. Set the TTL to 0 and delete all files. Your website is delivered only from the cached files.
The only way to really protect your php-applications from other, is to not share the source code. If you post you code somewhere online, or send it to you customers by some medium, other people than you have access to the code. You could add an unique watermark to every single copy of your code.
Obfuscating your code will raise the bar for who can decompile your code and reduce the likelihood of an attacker being able to quickly and easily Trojan your binaries. However, like most things, as a single line of defense it is far from sufficient.
You can try PHP protect which is a free PHP obfuscator to obfuscate your PHP code. EDIT: This service is not live anymore.
It is very nice, easy to use and also free.
As for what others have written here about not using obfuscation because it can be broken etc:
I have only one thing to answer them - don't lock your house door because anyone can pick your lock.
This is exactly the case, obfuscation is not meant to prevent 100% code theft. It only needs to make it a time-consuming task so it will be cheaper to pay the original coder. Hope this helps.
252
People will offer you obfuscators, but no amount of obfuscation can prevent someone from getting at your code. None. If your computer can run it, or in the case of movies and music if it can play it, the user can get at it. Even compiling it to machine code just makes the job a little more difficult. If you use an obfuscator, you are just fooling yourself. Worse, you're also disallowing your users from fixing bugs or making modifications.
Music and movie companies haven't quite come to terms with this yet, they still spend millions on DRM.
In interpreted languages like PHP and Perl it's trivial. Perl used to have lots of code obfuscators, then we realized you can trivially decompile them.
perl -MO=Deparse some_program
PHP has things like DeZender and Show My Code.
My advice? Write a license and get a lawyer. The only other option is to not give out the code and instead run a hosted service.
See also the perlfaq entry on the subject.
114
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
