Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74432 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89586 invoked from network); 22 May 2014 15:17:33 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 May 2014 15:17:33 -0000 Authentication-Results: pb1.pair.com smtp.mail=johannes@schlueters.de; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=johannes@schlueters.de; sender-id=unknown Received-SPF: error (pb1.pair.com: domain schlueters.de from 217.114.215.10 cause and error) X-PHP-List-Original-Sender: johannes@schlueters.de X-Host-Fingerprint: 217.114.215.10 mail.experimentalworks.net Received: from [217.114.215.10] ([217.114.215.10:57375] helo=mail.experimentalworks.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B0/D2-63132-C051E735 for ; Thu, 22 May 2014 11:17:33 -0400 Received: from [192.168.2.31] (ppp-93-104-9-29.dynamic.mnet-online.de [93.104.9.29]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: johannes@schlueters.de) by mail.experimentalworks.net (Postfix) with ESMTPSA id B47ED4666D; Thu, 22 May 2014 17:18:29 +0200 (CEST) To: Bas van Beek Cc: internals@lists.php.net In-Reply-To: <537E0F97.40301@tobin.nl> References: <537DA268.1000801@tobin.nl> <416063C7-D802-4AD1-938C-035F0EBC373D@googlemail.com> <1400768948.2870.9057.camel@guybrush> <537E0F97.40301@tobin.nl> Content-Type: text/plain; charset="UTF-8" Date: Thu, 22 May 2014 17:17:18 +0200 Message-ID: <1400771839.2870.9200.camel@guybrush> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility From: johannes@schlueters.de (Johannes =?ISO-8859-1?Q?Schl=FCter?=) On Thu, 2014-05-22 at 16:54 +0200, Bas van Beek wrote: > > Mind that a user could simply do something like this in an > > auto_append_file to get all scripts: > > > > > foreach (get_included_files() as $filename) { > > $sourcecode[$filename] = file_get_contents($filename); > > } > > ?> > > > > So this ains little over using a phar file. > Maybe I'm missing something but I don't see that happen if PHP is > embedded in the C++ application through its own SAPI handler which will > not pick up any ini directives from external php.ini files. If you are not giving scripting access to the user so they can't execute (well, they might attach a debugger and call zend_eval_string() etc.) PHP code than this is ok. My response was mostly to Kevin, whom I understood in a way as we was up to making this a general purpose "source code hiding extension" for "normal" deployments. johannes