shaydez — 2010-11-18T09:20:18-05:00 — #1
I finally finished my application now i need to secure the code. does anyone recommend any methods?
I was thinking of having a license and engine code on a separate server; and have majority of the database design on a separate server. I'm wondering if passing MySQL query over 2 different server over the internet would impact the performance / loading time of the website.
mrwooster — 2010-11-18T09:47:03-05:00 — #2
If you are trying to hide your source code, I would suggest using a php comiler.
Compiler used by facebook https://github.com/facebook/hiphop-php/wiki/
Open source compiler http://www.phpcompiler.org/
anthonysterling — 2010-11-18T10:17:02-05:00 — #3
Take a look at [Zend Guard or [URL="http://www.ioncube.com/"]IonCube](http://www.zend.com/en/products/guard/).
shaydez — 2010-11-18T11:50:02-05:00 — #4
what about handling licenses. is that monitor via mysql?
id | client name | website | join | expire
1 | waka waka | waka.com | 12/21/2010 | 12/21/2012
and i can have a script that runs and checks the offsite database every day for validation?
Volution and other major eCommerce stores keep their sites on their own servers. so its easier for them to lock up their stuff.
shaydez — 2010-12-06T07:54:27-05:00 — #5
I used Zend Encoder and everything worked like a charm. So I gave the application to someone with confidence.. and they used some type of decoder or something and read me parts of my code that they didn't understand, that was encrypted.
Is code safe these days :/
jay_p — 2010-12-06T08:37:33-05:00 — #6
It'll always be possible to reproduce source code; even compiled code must follow rules (otherwise how would a processor understand it!) and so it can be reverse engineered.
In this case you're using an interpreted scripting language and merely obfuscating it... even easier to break
This is why, as you mentioned, many people provide hosted services. This allows the provider to have full control of licensing and ensures nobody gets to see the source.