保护PHP代码 [英] Protecting PHP Code
问题描述
问候,
我有一个PHP / MySQL应用程序,我正在客户端部署。
我很公平确定他们会窃取我的源代码并转售给其他公司
。
我想以某种方式保护源代码。
以下是我想过的一些选项。
有人可以给我一些关于这些的想法和反馈 -
1.在我自己的主机服务器上托管最关键的.php文件,并且
其他所有文件。
我修改HTML表单将数据提交到我的网站的元素(使用
完整的URL,而不是相对的URL)。
php文件然后连接到他们的数据库服务器使用
完整的主机名或IP地址。
完成处理后,它会重定向回他们的网站。
这个解决方案很复杂,会对性能产生影响,所以cookies不会是b
rk跨站点,如果我的主机
服务器停机并因此而停止运营,那么我就有责任问题。
2.少一点复杂的解决方案是从.php文件中删除一些关键函数
并将它们作为包含文件托管在我的服务器上。
这样,cookie仍然会工作原样,并且有一个
性能影响略小。
但我们仍然有他们的网站依赖我的问题。
3.使用位于Web服务器和PHP
运行时之间的混淆器,并动态加密/解密.php文件。
我看过一些常见的混淆器,它们并不好。
他们所做的只是用一些乱码替换函数和变量名,
但是一个简单的查找/使用记事本替换可以打破混淆。
任何人都可以推荐一个真正的混淆器,它比那个窃取th的人不那么愚蠢e代码?
4.最后一个选项是删除重要的函数并将它们放在C ++ DLL中并从PHP代码调用DLL 。
这个解决方案对我最有吸引力,但对我来说意味着更多的工作。
我不太了解C ++,但我知道足以编写简单的函数。
但我不知道使用哪种C ++ - 比如哪些编译器等等,以便运行DLL的
他们的环境。
我认为他们的主机是基于UNIX / Linux的,但不确定哪种口味。
任何帮助表示感谢。
谢谢,
Harold。
Greetings,
I have a PHP/MySQL application that I am deploying at a client''s.
I am fairly certain that they will steal my source code and re-sell to
other companies.
I would like to somehow protect the source code.
Here are some of the options I have thought about.
Can someone give me some ideas and feedback about these --
1. Host the most critical .php file on my own host server, and
everything else on their''s.
I modify the HTML form elements to submit data to my site (using a
full URL, rather than a relative one).
The php file then connects to the database on their server using
the full host name or IP address.
After doing the processing, it redirects back to their site.
This solution is complex, there is a performance impact, cookies won''t
work across sites, and there is a liability issue for me if my host
server is down and their business stops because of that.
2. A less complex solution is to rip out some of the key functions
from the .php files and host them as an include file on my server.
This way, the cookies will still work as-is, and there is a
slightly less performance impact.
But we still have the issue of their site being dependent on mine.
3. Use an obfuscator that sits between the web server and the PHP
runtime and encrypts/decrypts the .php files on the fly.
I have looked at some common obfuscators and they are no good.
All they do is replace function and variable names with some gibberish,
but a simple Find/Replace using Notepad can break the obfuscation.
Can anyone recommend a real obfuscator that is less stupid than the
person stealing the code?
4. The last option is to rip out the important functions and put them
in a C++ DLL and call the DLL from the PHP code.
This solution appeals to me the most, but means a lot more work for me.
I don''t know much C++, but I know enough to write simple functions.
But I don''t know which C++ to use - like which compilers, etc. so that
the DLL runs on their environment.
I think their host is UNIX/Linux based, but not sure which flavour.
Any help appreciated.
Thanks,
Harold.
推荐答案
我认为很多开发人员都高估了源代码的风险盗窃。
但是,由于您确定您的客户将转售您的代码,
这里有一些选择:
1 。)法律:让一位有知识产权经验的律师创建一个许可证,确定
什么是clie你的来源可能会也可能不会。如果他们偷了您的b / b $ b来源,您有法律追索权。这是您的最佳选择。
2.)将您的许可证模型转换为应用程序服务提供商 - (即,您承担应用程序的
)确保您的客户理解这一点。如果你停业或服务器崩溃,他们会问你会发生什么。
3.)使用像Zend Encoder或Ioncube这样的编码器。这些的缺点是
并非所有托管环境都支持它们。
- Kevin
" Harold Crump的" <或********** @ yahoo.com>在消息中写道
news:11 ********************** @ f14g2000cwb.googlegr oups.com ...
I think a lot of developers overestimate the risk of source code theft.
However, since you sound certain that your client will resell your code,
here are some options:
1.) Legal: Have a lawyer experienced in IP create a license that identifies
what the client may and may not do with your source. If they "steal" your
source, you have a legal recourse. This is your best option.
2.) Turn your license model into an Application Service Provider-- (i.e.,
you host the application) Be sure your client understands this. They will
ask what happens if you go out of business or your server crashes.
3.) Use an encoder like Zend Encoder or Ioncube. The drawbacks of these are
that not all hosting environments support them.
- Kevin
"Harold Crump" <or**********@yahoo.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
问候,
我有一个PHP / MySQL应用程序,我正在客户端部署。
我相当肯定他们会窃取我的来源代码并转售给
其他公司。
我想以某种方式保护源代码。
这里有一些我想过的选项。
有人可以给我一些关于这些的想法和反馈 -
1.在我自己的主机服务器上托管最关键的.php文件,以及其他一切我们修改HTML表单元素以将数据提交到我的网站(使用完整的URL,而不是相对的URL)。
php文件然后使用完整的主机名或IP地址连接到服务器上的数据库。
处理后,它会重定向回他们的网站。
这解决方案很复杂,有一个表现影响,cookies不会在网站上工作,如果我的主机服务器停机并且他们的业务因此而停止,那么我就有责任问题。
2.一个不太复杂的解决方案是从.php文件中删除一些关键功能,并将它们作为包含文件托管在我的服务器上。
这样,cookie仍然可以正常工作而且性能影响略小。
但我们仍然存在他们的网站依赖我的问题。
3.使用位于网络之间的混淆器服务器和PHP
运行时并动态加密/解密.php文件。
我看过一些常见的混淆器,它们并不好。
他们所做的只是用一些乱码来替换函数和变量名,
但是使用记事本进行简单的查找/替换可以打破混淆。
任何人都可以推荐一个比
更不笨的真正的混淆器。那个人偷了代码?
4.最后一个选项是删除重要的函数并将它们放在C ++ DLL中并从PHP代码中调用DLL。
这个解决方案最让我感兴趣,但对我来说意味着更多的工作。我不太了解C ++,但我知道编写简单的函数。
但我不知道使用哪种C ++ - 比如哪些编译器等因此,DLL在他们的环境中运行。
我认为他们的主机是基于UNIX / Linux的,但不确定哪种风格。
任何帮助都赞赏。
谢谢,哈罗德。
Greetings,
I have a PHP/MySQL application that I am deploying at a client''s.
I am fairly certain that they will steal my source code and re-sell to
other companies.
I would like to somehow protect the source code.
Here are some of the options I have thought about.
Can someone give me some ideas and feedback about these --
1. Host the most critical .php file on my own host server, and
everything else on their''s.
I modify the HTML form elements to submit data to my site (using a
full URL, rather than a relative one).
The php file then connects to the database on their server using
the full host name or IP address.
After doing the processing, it redirects back to their site.
This solution is complex, there is a performance impact, cookies won''t
work across sites, and there is a liability issue for me if my host
server is down and their business stops because of that.
2. A less complex solution is to rip out some of the key functions
from the .php files and host them as an include file on my server.
This way, the cookies will still work as-is, and there is a
slightly less performance impact.
But we still have the issue of their site being dependent on mine.
3. Use an obfuscator that sits between the web server and the PHP
runtime and encrypts/decrypts the .php files on the fly.
I have looked at some common obfuscators and they are no good.
All they do is replace function and variable names with some gibberish,
but a simple Find/Replace using Notepad can break the obfuscation.
Can anyone recommend a real obfuscator that is less stupid than the
person stealing the code?
4. The last option is to rip out the important functions and put them
in a C++ DLL and call the DLL from the PHP code.
This solution appeals to me the most, but means a lot more work for me.
I don''t know much C++, but I know enough to write simple functions.
But I don''t know which C++ to use - like which compilers, etc. so that
the DLL runs on their environment.
I think their host is UNIX/Linux based, but not sure which flavour.
Any help appreciated.
Thanks,
Harold.
亲爱的克伦普先生,
你有没有考虑过非技术解决方案?
我的意思是,与律师交谈并让你的b
客户签署一份艰难的非公开协议?
因为如果他们真的想偷你的
源代码,甚至逆向工程一个DLL
对他们来说不会有问题。
但是如果你坚持,参考编译器为
* nix平台是GCC,或者在这种情况下是G ++。
至于可移植性,应用程序逻辑代码
不应该依赖于平台 - 具体
功能。无论如何,其他
平台也存在GCC端口,例如适用于Windows的MinGW。
小心,它对标准非常挑剔!
希望这会有所帮助,
Felix
Dear Mr. Crump,
Have you considered a non-technical solution?
I mean, talking to a lawyer and getting your
clients sign a tough non-dislosure agreement?
Because if they really want to steal your
source code, even reverse engineering a DLL
will not be a problem for them.
But if you insist, the reference compiler for
*nix platforms is GCC or, in this case, G++.
As for portability, application logic code
should not need to rely on platform-specific
features. Anyway, GCC ports exist for other
platforms as well, such as MinGW for Windows.
Be careful, it''s very picky about the standard!
Hope this helps,
Felix
Harold Crump写道:
Harold Crump wrote:
问候,
我有一个PHP / MySQL应用程序,我正在客户端部署。
我相当肯定他们会窃取我的源代码并转售给
其他公司。
Greetings,
I have a PHP/MySQL application that I am deploying at a client''s.
I am fairly certain that they will steal my source code and re-sell to
other companies.
为什么你首先与他们做生意?
-
John MexIT: http:// johnbokma .com / mexit /
个人页面: http:// johnbokma .com /
经验丰富的程序员: http://castleamber.com/
快乐的客户: http://castleamber.com/testimonials.html
Why did you do business with them in the first place?
--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
这篇关于保护PHP代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
