Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74429 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 76941 invoked from network); 22 May 2014 14:01:28 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 May 2014 14:01:28 -0000 Authentication-Results: pb1.pair.com smtp.mail=arvids.godjuks@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=arvids.godjuks@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.180 as permitted sender) X-PHP-List-Original-Sender: arvids.godjuks@gmail.com X-Host-Fingerprint: 209.85.216.180 mail-qc0-f180.google.com Received: from [209.85.216.180] ([209.85.216.180:57166] helo=mail-qc0-f180.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B4/F0-63132-6330E735 for ; Thu, 22 May 2014 10:01:27 -0400 Received: by mail-qc0-f180.google.com with SMTP id i17so5834416qcy.11 for ; Thu, 22 May 2014 07:01:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=KDuzgdYwLmQNQJdhSRbzEpSakErihty1DVoLhsFGxtc=; b=MFo0O4h5Px+kVqWvY6V0f4PYBVeFDyqDlXhHqw4W4VloUKIlKF2Fvnf5wTtfK2XRvX ofycZBbtSMQXWGi9b63ah7EhFhGfaLk0RQUFmg0XXZYcsWVPoweyoALBD/CDrAAmQDOs W5QLviLLQIP6Sjq7aXpYCht2so8U6H43I7E/BYoFuE+QBaELhrjBGzYV/cz2xmSPJrhu rV1re2KI92A3TIJDOS1cThrISEOLWilksl99YHZs2q7EopKJ5+zJWQ/aSGMCzpJE5alF 060VX3Ii5GCEYvCIR+zajW8vQnAoBF2x+cv/gVoJIdPsmgVGOme0xlxbDdb2SWSaLEDa OV4g== X-Received: by 10.224.162.210 with SMTP id w18mr48053934qax.21.1400767284084; Thu, 22 May 2014 07:01:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.97.246 with HTTP; Thu, 22 May 2014 07:01:04 -0700 (PDT) In-Reply-To: <416063C7-D802-4AD1-938C-035F0EBC373D@googlemail.com> References: <537DA268.1000801@tobin.nl> <416063C7-D802-4AD1-938C-035F0EBC373D@googlemail.com> Date: Thu, 22 May 2014 17:01:04 +0300 Message-ID: To: Kevin Ingwersen Cc: Bas van Beek , PHP Internals Content-Type: multipart/alternative; boundary=089e014948fa6186c404f9fd8c59 Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility From: arvids.godjuks@gmail.com (Arvids Godjuks) --089e014948fa6186c404f9fd8c59 Content-Type: text/plain; charset=UTF-8 Maybe the Zephyr http://zephir-lang.com/ could give you an alternative to messing with OPCache and encoders and give you some performance boost at the same time. But only if your client can configure PHP to load an extension of yours that Zephyr makes. 2014-05-22 16:47 GMT+03:00 Kevin Ingwersen : > > Am 22.05.2014 um 09:08 schrieb Bas van Beek : > > > > > op 21-05-14 12:20, Nicolai Scheer schreef: > >> Hi all, > >> > >> I'm currently facing the situation, that I need to protect my php > sources > >> and retain opcache compatibility. > >> > >> I know there are quite a few commercial tools for "encoding" and > protecting > >> php sources, but none of them seems to work in conjunction with php's > >> opcache extension. > >> > >> Most products see this as part of their protection scheme. > > As said in the conversation spawned by your question it is possible to > reverse engineer the opcodes to php script and as you noted you're ok with > at least a first line of defense against customers altering scripts. I > might have a workable solution to your problem. > > > > I faced a similar problem where I didn't want the PHP source code for a > client application (win32 service/*nix daemon with embedded webserver, PHP > API layer and AngularJS front-end) to be easily viewed and/or modified. So > I built an embedded filesystem that is encrypted. For this embedded > filesystem I wrote a PHP stream extension so I can access the files in that > filesystem as if they reside on a regular disk. In the C++ code of the main > app I open the embedded filesystem with the decryption key and I make a > filesystem handle available to the PHP stream extension. The embedded > webserver can access the embedded filesystem directly with its API and > within PHP the stream extension takes care of that. This solution is > compatible with PHP 5.5 and opcache and has the added bonus of only needing > to ship a single file for all PHP, JS, Image and other web resource files). > Hope this solution points you in the right direction. > This solution sounds very great! Creating a PHP extension to operate on an > encrypted, virtual, filesystem mibht offer exactly what one is looking for. > If the app is small, it could be loaded into memory, and be read by far > faster from there. > > Definitively an aproach I am going to test out myself, to learn more about > this. > Kind regards, Ingwie. > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --089e014948fa6186c404f9fd8c59--