Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:74428
Return-Path: <ingwie2000@googlemail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 74690 invoked from network); 22 May 2014 13:47:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 May 2014 13:47:54 -0000
Authentication-Results: pb1.pair.com smtp.mail=ingwie2000@googlemail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ingwie2000@googlemail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 74.125.83.43 as permitted sender)
X-PHP-List-Original-Sender: ingwie2000@googlemail.com
X-Host-Fingerprint: 74.125.83.43 mail-ee0-f43.google.com  
Received: from [74.125.83.43] ([74.125.83.43:61091] helo=mail-ee0-f43.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7D/90-63132-8000E735 for <internals@lists.php.net>; Thu, 22 May 2014 09:47:54 -0400
Received: by mail-ee0-f43.google.com with SMTP id d17so2644089eek.16
        for <internals@lists.php.net>; Thu, 22 May 2014 06:47:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20120113;
        h=content-type:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=HZ4JcQDhqw8j8H1aytqrmmHssmk1XPtPDVi7OJAy4G0=;
        b=ryTRHr7nmAxMKJsmkf75spYcbMZV1i5XQQXi5vmBVa1b0Rw1ZTtcc+ngkKX6kPUaKS
         XHXi+lpBWSrcrqsdgePRrRJE5/mN7apeH0gn/ygQTgADcFGDKnF5Vzf+u3fZ8awCyi4Z
         TSqPVnRwGhvCcZXZ8ed6LP8yEqI0LbtoGzzTsJ2oiFz4AQ8zy+PgFGD9S+22vO00VP1B
         GvOpuYrqkfr/XnDz3ltNWqYQwjUgTLXCW+sOw46qXHJLow9gCEp76vFS0w2hNpLmuy9v
         kiINdVYkdDZSMlxRr38xXXOac1p+7av/1d0y02kNouDhbZNEd3ZgvUuaxwwxVQI/qeF2
         uHbw==
X-Received: by 10.14.212.9 with SMTP id x9mr14167004eeo.46.1400766469966;
        Thu, 22 May 2014 06:47:49 -0700 (PDT)
Received: from ingwies-air.speedport_w723_v_typ_a_1_01_001 (p5B1500B5.dip0.t-ipconnect.de. [91.21.0.181])
        by mx.google.com with ESMTPSA id f3sm607678eep.40.2014.05.22.06.47.48
        for <multiple recipients>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Thu, 22 May 2014 06:47:49 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
In-Reply-To: <537DA268.1000801@tobin.nl>
Date: Thu, 22 May 2014 15:47:37 +0200
Cc: PHP Internals <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <416063C7-D802-4AD1-938C-035F0EBC373D@googlemail.com>
References: <CAOg_pRQxKsJPgFaZ6_y7Rf1i4Bfkbx+FhCxuBtE9PWu58uOfOQ@mail.gmail.com> <537DA268.1000801@tobin.nl>
To: Bas van Beek <bas@tobin.nl>
X-Mailer: Apple Mail (2.1874)
Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility
From: ingwie2000@googlemail.com (Kevin Ingwersen)


Am 22.05.2014 um 09:08 schrieb Bas van Beek <bas@tobin.nl>:

>=20
> op 21-05-14 12:20, Nicolai Scheer schreef:
>> Hi all,
>>=20
>> I'm currently facing the situation, that I need to protect my php =
sources
>> and retain opcache compatibility.
>>=20
>> I know there are quite a few commercial tools for "encoding" and =
protecting
>> php sources, but none of them seems to work in conjunction with php's
>> opcache extension.
>>=20
>> Most products see this as part of their protection scheme.
> As said in the conversation spawned by your question it is possible to =
reverse engineer the opcodes to php script and as you noted you're ok =
with at least a first line of defense against customers altering =
scripts. I might have a workable solution to your problem.
>=20
> I faced a similar problem where I didn't want the PHP source code for =
a client application (win32 service/*nix daemon with embedded webserver, =
PHP API layer and AngularJS front-end) to be easily viewed and/or =
modified. So I built an embedded filesystem that is encrypted. For this =
embedded filesystem I wrote a PHP stream extension so I can access the =
files in that filesystem as if they reside on a regular disk. In the C++ =
code of the main app I open the embedded filesystem with the decryption =
key and I make a filesystem handle available to the PHP stream =
extension. The embedded webserver can access the embedded filesystem =
directly with its API and within PHP the stream extension takes care of =
that. This solution is compatible with PHP 5.5 and opcache and has the =
added bonus of only needing to ship a single file for all PHP, JS, Image =
and other web resource files). Hope this solution points you in the =
right direction.
This solution sounds very great! Creating a PHP extension to operate on =
an encrypted, virtual, filesystem mibht offer exactly what one is =
looking for. If the app is small, it could be loaded into memory, and be =
read by far faster from there.

Definitively an aproach I am going to test out myself, to learn more =
about this.
Kind regards, Ingwie.