PHP - protecting code [duplicate]_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-01-06 04:27 出处：网络

This question already has answers here: 开发者_Python百科 Closed 12 years ago. Possible Duplicates:

This question already has answers here: 开发者_Python百科 Closed 12 years ago.

Possible Duplicates:
How to protect your software code?
Protect my PHP App

Hi, I have a framework that I am wanting to be able to sell licenses for. I want people to be able to edit the code if they choose to (to a degree) but also I want to try and stop someone paying for the code and then just putting it up for download.

Is there a way that I can keep part of the code ( small piece of code that is ) on a server which each site using my framework will need to connect to use?

any help or ideas much appreciated.

You can... But do you want to?

PHP scripts are not Java servlets. They're not always running; they start when a request commences and they finish when the request stops.

So, which functionality would you put that requires calling home? It must not be in every page, because it would significantly slow down both the client application and your servers. If you have some page that is rarely used (e.g. some configuration page) you could defer some of its functionality to your server. But even then, consider that your client may not want to run code that depends on some server of yours – you may not be able to guarantee it's always online; the client may have its server behind a firewall that doesn't allow outgoing connections, etc.

Zend Guard seems to be the de facto standard. However, a quick google search revealed a couple others:

SourceGuardian
PHP LockIt
PHP Cipher

In the long run, though, all of these just end up pissing off the people who have to make modifications to their server to run a script. My advice, as someone who has both used and released scripts with this type of encryption, is that you not bother, because someone will (given enough time) decrypt it anyways.

That's the problem with script-languages. You can't protect the code in the way, that a user doesn't see it. However if you plan to provide a license and a customer has to buy it, that's the best way I think. If he would upload the code for others to download, you can go to your lawyer.

The way you mentioned, that everybody has to connect to your server is also a solution. But therefore I would not store the framework on your server, but give the framework to you customer and let him register this framework for one domain for example. Then the framework connects to your server and checks if it was called, from the correct domain.

Sorry, my english it not that good to express myself this good, but I hope you get the idea :)