Hi Nico,
you can try to ship an encrypted virtual machine and run PHP inside it. Then point your web server to the fpm socket of the virtual machine.
Maybe VMware Player suspend-to-disk works with full disk encryption without re-entering the password on wakeup, but I haven't tried it. This wouldn't be 100 percent secure, but it least compatible with all PHP versions.
Regards
Thomas
Nicolai Scheer wrote on 21.05.2014 12:20:
Hi all,
I'm currently facing the situation, that I need to protect my php sources
and retain opcache compatibility.I know there are quite a few commercial tools for "encoding" and protecting
php sources, but none of them seems to work in conjunction with php's
opcache extension.Most products see this as part of their protection scheme.
Basically it would be ok to just dump the _zend_op_array struct (defined in
zend_compile.h) to a file and make the zend engine able to load it again.
Once it is loaded, it could be server from opcache.Unfortunately bcompiler is not (yet?) compatible with php 5.5.x, and
digging through the source it seems to be not an easy task to serialize the
opcode array (seems as if the code is borrowed from apc).I also had a look at blenc, which just overrides the compile_function to
read an encrypted source file and then compile the resulting string. This
might be a first solution, though I'd rather deliver opcodes to the
client's server than just an encrypted script. Sadly blenc just crashes php
when it tries to serve an encrypted script from opcache and I could not
figure out yet, what's wrong there (tested on windows and linux using php
5.5.12).Is there any solution for my situation?
Are there any plans to add the "serialize opcode to string, dump string to
file and load it again"-functionality to php?
How easy would it be to add this functionality?Maybe there are already functions I don't know about to ease this process ?
Any hint is greatly appreciated!
Greetings
Nico