Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74416 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 13460 invoked from network); 21 May 2014 19:40:53 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 May 2014 19:40:53 -0000 Authentication-Results: pb1.pair.com smtp.mail=martin.keckeis1@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=martin.keckeis1@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.219.42 as permitted sender) X-PHP-List-Original-Sender: martin.keckeis1@gmail.com X-Host-Fingerprint: 209.85.219.42 mail-oa0-f42.google.com Received: from [209.85.219.42] ([209.85.219.42:47240] helo=mail-oa0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4A/11-00924-4410D735 for ; Wed, 21 May 2014 15:40:53 -0400 Received: by mail-oa0-f42.google.com with SMTP id j17so2808076oag.15 for ; Wed, 21 May 2014 12:40:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=A8TrdNUEuQB2qW79mIljX/srTtRBd3GnNXCdgdv3ZUI=; b=oacqEzc3ptL0briUIwv6w6UiZyWFgEAEWSSPyEf5v2ak6WTCxxIeCyGSi9AD7azv/A jkRlE2k1lzf3fMQ9WuVD+NNoPjamiJ1UtEaGC2QSTt0E74V1mGdALpp1+Cs6hUBNjyXk vYLI6b+uMyBeOc5RkkjD7m7PQe6lezAZ4fFW4gtyI/ZNLcRpNyL8baeT5v+/SKJ44qjf +KmP9xe+BbfBIH2UyuKr0jYASmqFW+Tr3aPYwRdqX2fXUx470PjAKQNOWSYzHUXP8dfx 2nnFHZrwzoPjeNUUxhYIEzrxVSOmWrgvMjIcudHkLtp9wwtmvDngeZ9pZdRQWimzH2GX DUVw== MIME-Version: 1.0 X-Received: by 10.182.115.199 with SMTP id jq7mr21505230obb.70.1400701250357; Wed, 21 May 2014 12:40:50 -0700 (PDT) Received: by 10.182.173.11 with HTTP; Wed, 21 May 2014 12:40:50 -0700 (PDT) Received: by 10.182.173.11 with HTTP; Wed, 21 May 2014 12:40:50 -0700 (PDT) In-Reply-To: <537CBD67.4000008@lerdorf.com> References: <6048BA05-CC13-46DD-8439-9CB4EE29078B@ajf.me> <9EBA95A7-B9F7-41F0-AE2B-283260753E5A@googlemail.com> <537CBD67.4000008@lerdorf.com> Date: Wed, 21 May 2014 21:40:50 +0200 Message-ID: To: Rasmus Lerdorf Cc: PHP internals , Kevin Ingwersen , Nicolai Scheer , Andrea Faulds Content-Type: multipart/alternative; boundary=047d7b67812076e28b04f9ee2cc9 Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility From: martin.keckeis1@gmail.com (Martin Keckeis) --047d7b67812076e28b04f9ee2cc9 Content-Type: text/plain; charset=UTF-8 Am 21.05.2014 16:51 schrieb "Rasmus Lerdorf" : > > On 5/21/14, 7:27 AM, Nicolai Scheer wrote: > > Hi, > > > > yes, we are shipping code to customers and they should not read the source. > > The level of protection gained from obfuscated code is not enough, but just > > delivering the opcodes would be ok. > > > > I know that the opcode array might be dumped, this is just to raise the > > bar. If I just obfuscate the code there's still the possibilty left to edit > > the code directly. > > > > It is completely trivial to turn opcodes back into PHP code. Sure, it > won't look exactly like the original, but it will run exactly the same > and can easily be modified. There are tools out there that let even a > complete neophyte do it. > > If you truly want to protect your code, ship a signed compiled C/C++ > extension and put key components of your application in it. That is much > harder to reverse (anything can be reversed, of course) and it has the > added advantage of likely making your application faster. > > -Rasmus > Wasnt there zend guard sometime ago for this? --047d7b67812076e28b04f9ee2cc9--