Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74428 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 74690 invoked from network); 22 May 2014 13:47:54 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 May 2014 13:47:54 -0000 Authentication-Results: pb1.pair.com smtp.mail=ingwie2000@googlemail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=ingwie2000@googlemail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 74.125.83.43 as permitted sender) X-PHP-List-Original-Sender: ingwie2000@googlemail.com X-Host-Fingerprint: 74.125.83.43 mail-ee0-f43.google.com Received: from [74.125.83.43] ([74.125.83.43:61091] helo=mail-ee0-f43.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7D/90-63132-8000E735 for ; Thu, 22 May 2014 09:47:54 -0400 Received: by mail-ee0-f43.google.com with SMTP id d17so2644089eek.16 for ; Thu, 22 May 2014 06:47:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=HZ4JcQDhqw8j8H1aytqrmmHssmk1XPtPDVi7OJAy4G0=; b=ryTRHr7nmAxMKJsmkf75spYcbMZV1i5XQQXi5vmBVa1b0Rw1ZTtcc+ngkKX6kPUaKS XHXi+lpBWSrcrqsdgePRrRJE5/mN7apeH0gn/ygQTgADcFGDKnF5Vzf+u3fZ8awCyi4Z TSqPVnRwGhvCcZXZ8ed6LP8yEqI0LbtoGzzTsJ2oiFz4AQ8zy+PgFGD9S+22vO00VP1B GvOpuYrqkfr/XnDz3ltNWqYQwjUgTLXCW+sOw46qXHJLow9gCEp76vFS0w2hNpLmuy9v kiINdVYkdDZSMlxRr38xXXOac1p+7av/1d0y02kNouDhbZNEd3ZgvUuaxwwxVQI/qeF2 uHbw== X-Received: by 10.14.212.9 with SMTP id x9mr14167004eeo.46.1400766469966; Thu, 22 May 2014 06:47:49 -0700 (PDT) Received: from ingwies-air.speedport_w723_v_typ_a_1_01_001 (p5B1500B5.dip0.t-ipconnect.de. [91.21.0.181]) by mx.google.com with ESMTPSA id f3sm607678eep.40.2014.05.22.06.47.48 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 22 May 2014 06:47:49 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) In-Reply-To: <537DA268.1000801@tobin.nl> Date: Thu, 22 May 2014 15:47:37 +0200 Cc: PHP Internals Content-Transfer-Encoding: quoted-printable Message-ID: <416063C7-D802-4AD1-938C-035F0EBC373D@googlemail.com> References: <537DA268.1000801@tobin.nl> To: Bas van Beek X-Mailer: Apple Mail (2.1874) Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility From: ingwie2000@googlemail.com (Kevin Ingwersen) Am 22.05.2014 um 09:08 schrieb Bas van Beek : >=20 > op 21-05-14 12:20, Nicolai Scheer schreef: >> Hi all, >>=20 >> I'm currently facing the situation, that I need to protect my php = sources >> and retain opcache compatibility. >>=20 >> I know there are quite a few commercial tools for "encoding" and = protecting >> php sources, but none of them seems to work in conjunction with php's >> opcache extension. >>=20 >> Most products see this as part of their protection scheme. > As said in the conversation spawned by your question it is possible to = reverse engineer the opcodes to php script and as you noted you're ok = with at least a first line of defense against customers altering = scripts. I might have a workable solution to your problem. >=20 > I faced a similar problem where I didn't want the PHP source code for = a client application (win32 service/*nix daemon with embedded webserver, = PHP API layer and AngularJS front-end) to be easily viewed and/or = modified. So I built an embedded filesystem that is encrypted. For this = embedded filesystem I wrote a PHP stream extension so I can access the = files in that filesystem as if they reside on a regular disk. In the C++ = code of the main app I open the embedded filesystem with the decryption = key and I make a filesystem handle available to the PHP stream = extension. The embedded webserver can access the embedded filesystem = directly with its API and within PHP the stream extension takes care of = that. This solution is compatible with PHP 5.5 and opcache and has the = added bonus of only needing to ship a single file for all PHP, JS, Image = and other web resource files). Hope this solution points you in the = right direction. This solution sounds very great! Creating a PHP extension to operate on = an encrypted, virtual, filesystem mibht offer exactly what one is = looking for. If the app is small, it could be loaded into memory, and be = read by far faster from there. Definitively an aproach I am going to test out myself, to learn more = about this. Kind regards, Ingwie.