Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74424 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 40050 invoked from network); 22 May 2014 01:54:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 May 2014 01:54:31 -0000 Authentication-Results: pb1.pair.com header.from=mails@thomasbley.de; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=mails@thomasbley.de; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain thomasbley.de from 85.13.137.24 cause and error) X-PHP-List-Original-Sender: mails@thomasbley.de X-Host-Fingerprint: 85.13.137.24 dd15934.kasserver.com Linux 2.6 Received: from [85.13.137.24] ([85.13.137.24:48879] helo=dd15934.kasserver.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 98/A4-00924-6D85D735 for ; Wed, 21 May 2014 21:54:31 -0400 Received: from dd15934.kasserver.com (dd0802.kasserver.com [85.13.143.1]) by dd15934.kasserver.com (Postfix) with ESMTPSA id 5D65A26006A; Thu, 22 May 2014 03:54:27 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-SenderIP: 95.91.242.32 User-Agent: ALL-INKL Webmail 2.11 To: nicolai.scheer@gmail.com Cc: internals@lists.php.net Message-ID: <20140522015427.5D65A26006A@dd15934.kasserver.com> Date: Thu, 22 May 2014 03:54:27 +0200 (CEST) Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility From: mails@thomasbley.de ("Thomas Bley") Hi Nico, you can try to ship an encrypted virtual machine and run PHP inside it. Then point your web server to the fpm socket of the virtual machine. Maybe VMware Player suspend-to-disk works with full disk encryption without re-entering the password on wakeup, but I haven't tried it. This wouldn't be 100 percent secure, but it least compatible with all PHP versions. Regards Thomas Nicolai Scheer wrote on 21.05.2014 12:20: > Hi all, > > I'm currently facing the situation, that I need to protect my php sources > and retain opcache compatibility. > > I know there are quite a few commercial tools for "encoding" and protecting > php sources, but none of them seems to work in conjunction with php's > opcache extension. > > Most products see this as part of their protection scheme. > > Basically it would be ok to just dump the _zend_op_array struct (defined in > zend_compile.h) to a file and make the zend engine able to load it again. > Once it is loaded, it could be server from opcache. > > Unfortunately bcompiler is not (yet?) compatible with php 5.5.x, and > digging through the source it seems to be not an easy task to serialize the > opcode array (seems as if the code is borrowed from apc). > > I also had a look at blenc, which just overrides the compile_function to > read an encrypted source file and then compile the resulting string. This > might be a first solution, though I'd rather deliver opcodes to the > client's server than just an encrypted script. Sadly blenc just crashes php > when it tries to serve an encrypted script from opcache and I could not > figure out yet, what's wrong there (tested on windows and linux using php > 5.5.12). > > Is there any solution for my situation? > Are there any plans to add the "serialize opcode to string, dump string to > file and load it again"-functionality to php? > How easy would it be to add this functionality? > > Maybe there are already functions I don't know about to ease this process ? > > Any hint is greatly appreciated! > > Greetings > > Nico >