Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74425 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 52380 invoked from network); 22 May 2014 07:08:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 May 2014 07:08:31 -0000 Authentication-Results: pb1.pair.com smtp.mail=bas@tobin.nl; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=bas@tobin.nl; sender-id=pass Received-SPF: pass (pb1.pair.com: domain tobin.nl designates 208.97.132.208 as permitted sender) X-PHP-List-Original-Sender: bas@tobin.nl X-Host-Fingerprint: 208.97.132.208 homie.mail.dreamhost.com Linux 2.6 Received: from [208.97.132.208] ([208.97.132.208:47219] helo=homiemail-a7.g.dreamhost.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 47/C5-00924-D62AD735 for ; Thu, 22 May 2014 03:08:30 -0400 Received: from homiemail-a7.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a7.g.dreamhost.com (Postfix) with ESMTP id ED3DD25C06A for ; Thu, 22 May 2014 00:08:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=tobin.nl; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=tobin.nl; bh=fh8cUDZD 8AriRD2uu/fiJ3A9zA8=; b=gOYuiq/9wPOUceaoyAv1GInywt7HY0ZfxOQWhPvj K6AL09Yvst47qn1hBCfft5PZDJ6PAfNj6v2r3kpN25OE7aVfDlhUVAHN+jk125fY fyMbiSkA7QWrm4HMvWzWc5kjLaOEiqckAHjWvFJVNljKFRCcqFOerdDYk9pCDEhJ O8o= Received: from [192.168.1.20] (84-53-89-40.adsl.unet.nl [84.53.89.40]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: bas@tobin.nl) by homiemail-a7.g.dreamhost.com (Postfix) with ESMTPSA id 9BD3925C063 for ; Thu, 22 May 2014 00:08:26 -0700 (PDT) Message-ID: <537DA268.1000801@tobin.nl> Date: Thu, 22 May 2014 09:08:24 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: internals@lists.php.net References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility From: bas@tobin.nl (Bas van Beek) op 21-05-14 12:20, Nicolai Scheer schreef: > Hi all, > > I'm currently facing the situation, that I need to protect my php sources > and retain opcache compatibility. > > I know there are quite a few commercial tools for "encoding" and protecting > php sources, but none of them seems to work in conjunction with php's > opcache extension. > > Most products see this as part of their protection scheme. As said in the conversation spawned by your question it is possible to reverse engineer the opcodes to php script and as you noted you're ok with at least a first line of defense against customers altering scripts. I might have a workable solution to your problem. I faced a similar problem where I didn't want the PHP source code for a client application (win32 service/*nix daemon with embedded webserver, PHP API layer and AngularJS front-end) to be easily viewed and/or modified. So I built an embedded filesystem that is encrypted. For this embedded filesystem I wrote a PHP stream extension so I can access the files in that filesystem as if they reside on a regular disk. In the C++ code of the main app I open the embedded filesystem with the decryption key and I make a filesystem handle available to the PHP stream extension. The embedded webserver can access the embedded filesystem directly with its API and within PHP the stream extension takes care of that. This solution is compatible with PHP 5.5 and opcache and has the added bonus of only needing to ship a single file for all PHP, JS, Image and other web resource files). Hope this solution points you in the right direction. Bas van Beek