Best way to protect your PHP software ?
 

I'm about to deploy a php software onto a client server. What is my best way to make sure he doesn't alter/read/modify or make a copy of my software ?

Zend Guard seems the best approach but is it really ? What are my other options ?

thanks

you cant its all crackable even ion cube

Everything's crackable ... but what's the best option ?
the legal dept will ensure strict usage policy and hold businesses accountable for leaks. But we still need some level of technical protection.

There's a deZender thing floating about that any idiot (no brains needed) could use on it.

php shield then

hummm that's not good. Not good at all...

any other options !?

http://www.phpshield.com/ is one of the two i remember that isnt being cracked i cant think of the other one.

According to their website PHPShield is the same as sourceguardian which is cracked by deZender !

Why do you want to keep him from reading it or modifying it? Don't encode your software!

because I need to put the files on their server ...

Chances are that he really has no interest in cracking it.
If he does, he'll find a way around it, no matter how you encode it.
So to make it ever more difficult for him, why don't you obfuscate the h*ll out of it? And apply plenty of evals where possible, as well. That would at least give you the satisfaction of knowing that it'll be a pain in the *ss for whomever's going to crack it.

A word of advice on that: remember to keep an unobfuscated copy for yourself ;) hehe

contact me at scriptdude333 -at- yahoo and ill give u the details

i agree, the best way to protect your software is a shift of your thinking about it.

why not let them read and modify, probalby not going to harm you that much, if anything they will see how good of a coder you are hire you more.

i've always been against software encoding. if you are worried about them copying it, attatch a license in there and put it public on a website or something.

if they have the code ... won't they just have to disable liscence validation !?

<--- never buys encoded scripts.

its not about disabling anything, its about having it there.
or just encode the license part of it. use ioncube
personally i dont sell software, so maybe i have a skewed view, but hte only way you can protect your source is by selling it as a servivce and hosting it yourself.

when i come across small softwares that are encoded, my initial reaction is always that its encoded so that people cannot see how poorly it is coded and all the security holes.
of course thats not true in most cases, but a lot of people get that feeling.

i prefer to be open about everything.

use flash

What difference would that make?

What he said :)

Except I would argue that software being fucking nasty, full of security holes, and full of bugs is probably true for about 95% of what's out there...

I would never buy a web "application" that was closed source... ever...

And what do you care if they modify it? That just means you no longer have to support it...

I can understand wanting to prevent it from being copied... but honestly... the only real way is to host it yourself and sell it as a service; or charge monthly for support or something. That model works for MySQL, various Linux distros, and everyone else open source; I think it should be able to work for your app.

same here.

As mentioned several times, ZendGuard is a dumb idea. It won't even work with PHP>5.2, and it's very hackish, and easy to decrypt. ionCube takes a bit more work, but if you're trying to keep it your own intellectual property, your best bet, as mentioned, is to encode the licensing bit, and ensure it uses an external call to your own servers every so often for an update.

Sure, if it's as simple as a 'return true/false', it's not gonna be hard to mess with, but if you make it a bit more inline for functionality, it'll likely be worth their time to just buy it rather than steal it.

Agree with others above; if you want to secure it, offer it as a service from your own servers or through an API.

If you want people to install it on their side, don't encrypt it - it's not worth the hassle.

Will some people spread your software around for free or run it across multiple sites, losing you potential revenue? Of course. Will you still be able to make a profit on a solid product? You sure can.

We have a winner! :thumbsup

Zend or Ioncube

no we don't ... my clients are banks and mainstream corp. that won't let their data pass through an other server than the one they give me access.

It's a 200k $ software that deal with test (which is oftenly confidential) data.
(It's more than 80 000 lines of code)

I need something really strong and professional ...

ask those who are knowledgeable 'bout it

You are worried that people paying $200k for your software are going to hack it, copy it or resell it?

I think you need to step out from that dark programming room, breathe some air and study the basic principles of business for a while.