Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:74429
Return-Path: <arvids.godjuks@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76941 invoked from network); 22 May 2014 14:01:28 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 May 2014 14:01:28 -0000
Authentication-Results: pb1.pair.com smtp.mail=arvids.godjuks@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=arvids.godjuks@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.180 as permitted sender)
X-PHP-List-Original-Sender: arvids.godjuks@gmail.com
X-Host-Fingerprint: 209.85.216.180 mail-qc0-f180.google.com  
Received: from [209.85.216.180] ([209.85.216.180:57166] helo=mail-qc0-f180.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B4/F0-63132-6330E735 for <internals@lists.php.net>; Thu, 22 May 2014 10:01:27 -0400
Received: by mail-qc0-f180.google.com with SMTP id i17so5834416qcy.11
        for <internals@lists.php.net>; Thu, 22 May 2014 07:01:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-type;
        bh=KDuzgdYwLmQNQJdhSRbzEpSakErihty1DVoLhsFGxtc=;
        b=MFo0O4h5Px+kVqWvY6V0f4PYBVeFDyqDlXhHqw4W4VloUKIlKF2Fvnf5wTtfK2XRvX
         ofycZBbtSMQXWGi9b63ah7EhFhGfaLk0RQUFmg0XXZYcsWVPoweyoALBD/CDrAAmQDOs
         W5QLviLLQIP6Sjq7aXpYCht2so8U6H43I7E/BYoFuE+QBaELhrjBGzYV/cz2xmSPJrhu
         rV1re2KI92A3TIJDOS1cThrISEOLWilksl99YHZs2q7EopKJ5+zJWQ/aSGMCzpJE5alF
         060VX3Ii5GCEYvCIR+zajW8vQnAoBF2x+cv/gVoJIdPsmgVGOme0xlxbDdb2SWSaLEDa
         OV4g==
X-Received: by 10.224.162.210 with SMTP id w18mr48053934qax.21.1400767284084;
 Thu, 22 May 2014 07:01:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.97.246 with HTTP; Thu, 22 May 2014 07:01:04 -0700 (PDT)
In-Reply-To: <416063C7-D802-4AD1-938C-035F0EBC373D@googlemail.com>
References: <CAOg_pRQxKsJPgFaZ6_y7Rf1i4Bfkbx+FhCxuBtE9PWu58uOfOQ@mail.gmail.com>
 <537DA268.1000801@tobin.nl> <416063C7-D802-4AD1-938C-035F0EBC373D@googlemail.com>
Date: Thu, 22 May 2014 17:01:04 +0300
Message-ID: <CAL0xaBG9th1b_PpT57zp+Mh3xKZrzp47=vxnKCONg0sJp84p7w@mail.gmail.com>
To: Kevin Ingwersen <ingwie2000@googlemail.com>
Cc: Bas van Beek <bas@tobin.nl>, PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e014948fa6186c404f9fd8c59
Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility
From: arvids.godjuks@gmail.com (Arvids Godjuks)

--089e014948fa6186c404f9fd8c59
Content-Type: text/plain; charset=UTF-8

Maybe the Zephyr http://zephir-lang.com/ could give you an alternative to
messing with OPCache and encoders and give you some performance boost at
the same time. But only if your client can configure PHP to load an
extension of yours that Zephyr makes.


2014-05-22 16:47 GMT+03:00 Kevin Ingwersen <ingwie2000@googlemail.com>:

>
> Am 22.05.2014 um 09:08 schrieb Bas van Beek <bas@tobin.nl>:
>
> >
> > op 21-05-14 12:20, Nicolai Scheer schreef:
> >> Hi all,
> >>
> >> I'm currently facing the situation, that I need to protect my php
> sources
> >> and retain opcache compatibility.
> >>
> >> I know there are quite a few commercial tools for "encoding" and
> protecting
> >> php sources, but none of them seems to work in conjunction with php's
> >> opcache extension.
> >>
> >> Most products see this as part of their protection scheme.
> > As said in the conversation spawned by your question it is possible to
> reverse engineer the opcodes to php script and as you noted you're ok with
> at least a first line of defense against customers altering scripts. I
> might have a workable solution to your problem.
> >
> > I faced a similar problem where I didn't want the PHP source code for a
> client application (win32 service/*nix daemon with embedded webserver, PHP
> API layer and AngularJS front-end) to be easily viewed and/or modified. So
> I built an embedded filesystem that is encrypted. For this embedded
> filesystem I wrote a PHP stream extension so I can access the files in that
> filesystem as if they reside on a regular disk. In the C++ code of the main
> app I open the embedded filesystem with the decryption key and I make a
> filesystem handle available to the PHP stream extension. The embedded
> webserver can access the embedded filesystem directly with its API and
> within PHP the stream extension takes care of that. This solution is
> compatible with PHP 5.5 and opcache and has the added bonus of only needing
> to ship a single file for all PHP, JS, Image and other web resource files).
> Hope this solution points you in the right direction.
> This solution sounds very great! Creating a PHP extension to operate on an
> encrypted, virtual, filesystem mibht offer exactly what one is looking for.
> If the app is small, it could be loaded into memory, and be read by far
> faster from there.
>
> Definitively an aproach I am going to test out myself, to learn more about
> this.
> Kind regards, Ingwie.
>
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--089e014948fa6186c404f9fd8c59--