Protecting PHP Code - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Protecting PHP Code

What kind of contract do you have with the company? If it's an
agreement where they are paying you $X an hour to develop the code then
they own the code just as if you were working on an assymbly line
making cars, they own the car and you get paied for your time. If they
said we need the ability to do X, Y, Z and you said alright, I'll
develop an application for that then you have a bit more flexability.
I'd use Zend because it's closly tied with the PHP group. As you made
it sound, you are in a Windows enviroment. I only work in a *nix
enviroment so I'm not sure how Zend works in Windows, but it's worth
the try. Now as far as the licencing fee, build the code and encode it.
Forwarn the client that in order to run the code they will be required
to purcease a licence of the Zend server and that it will be approx.

Re: Protecting PHP Code

TheLobster at Gmail dot Com wrote:
Quoted text here. Click to load it

The Zend Optimizer is a free application that runs the files encoded by
the Zend Encoder and Zend SafeGuard Suite, while enhancing the running
speed of PHP applications.


     * Enables users to run files encoded by the Zend Encoder
     * Increases runtime performance up to 40%.

Not sure why any production php application would not be using the free
optimizer? Just buy the encoder and forget the rest... Well worth the
cost if you write code people want to resell.

As far as who owns the code.. It depends on where you developed the code
and who was the majority manager of the effort. If they were independent
of the project other than developing requirements then it is most likely
your code. If they worked you like one of their own programmers then
your out of luck.


Re: Protecting PHP Code

Quoted text here. Click to load it


Quoted text here. Click to load it

(Warning: Biased observer ahead. We supply an PHP obfuscator).

 I feel compelled to observer that most thieves are stupider :-}
That's not the point of an obfuscator.

It is true that obfuscators most scramble identifier names.
(They also remove your carefully crafted comments
describing the how the code works, too.  You do
have such comments, right?)

What makes your program hard to understand is lot of structure
and complexity, and a complete absence of good cues for
deciding how it works.  Obfuscators succeed (to the extent they do)
by removing such cues.

Most useful programs are complex enough so that even with
good naming conventions and careful comments,
they are hard to understand.  Witness
the cost of conventional software maintenance.
Obfuscators push this to the extreme.
To recover a name, and "used Notepad to break
the obfuscation", the thief has to first figure
out what the code means.

Now, if your code is so simple (e.g., a few pages,
pure straight-line code, no algorithms) that a thief
can figure out the names of everything of interest
easily, an obfuscator won't help you.  But then,
if it is that simple, the thief (well, the smart ones,
er, contradiction?) can code the functionality

If you have dozens of pages with complex logic,
a thief will have a very hard time recovering all
the code.

Obfuscators also have the advantage (over
most of the other encrypting solutions) of not
making you force your customer to configure
his PHP server *your* way.

The other "encrypting" solutions aren't really different.
They don't stop a thief from stealing your code.
They simply raise the price.  The question
for you is, how to raise the price higher than
most thieves want to go?

Regarding other discussions: I agree that a legal
agreement is a good thing to have, also.  Having
said that, it assumes that your customer is willing
to play by the rules or at least be sued in a court with rules, and it
assumes that you have the courtroom staying power
to stick out the contest.  If your customer isn't
in your legal jurisdiction, you may find it hard
to enforce your rights.  (The Chinese don't
seem much concerned that Hollywood is unhappy
with bootleg movies).

If you *do* succeed in getting him to court,
then asking him to cough up his source code
to prove it is his is likely to occur.  If what
he has is clearly "obfuscated" code with a
few Notebook-restored variables, he'll have
a tough time explaining why.

-- IDB

Site Timeline