Risk of stealing php code?

Re: Risk of stealing php code?

In article <1117828356.390 011.9130@g44g20 00cwa.googlegro ups.com>,
el_roachmeister @yahoo.com wrote:
[color=blue]
> I am an ASP, selling hosted software and am concerned that someone will
> steal my source code and resell it? I did a google search and it seems
> unlikely since it is typically easier to write one's own script from
> scratch then try and figure out what someone else has done (for code <
> 10,000 total lines). Plus there is so much open source scripts out
> there already for people to copy and modify for their own needs that
> they should not have to do something illegal. What do you think?
>
> I know there are php obfuscators but my code is under daily development
> . It would be a pain to constantly run the obfuscator each time I make
> a small change to it.[/color]

Well, don't put your development code on-line and in production. Only
put obfuscated code in production. If you following product cycle
methodology, this should be a problem.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Re: Risk of stealing php code?

el_roachmeister @yahoo.com wrote:[color=blue]
>
> I am an ASP, selling hosted software and am concerned that
> someone will steal my source code and resell it?[/color]

Unless they have access to your PHP files via FTP or Telnet,
this is a near-impossibility. There's always a chance that
one of your files allows a code injection, but those are
rare in well thought out applications.
[color=blue]
> I know there are php obfuscators[/color]

Yes; there are also PHP encoders and PHP compilers.
[color=blue]
> but my code is under daily development. It would be a pain
> to constantly run the obfuscator each time I make a small
> change to it.[/color]

Use source control and release new builds daily.

Cheers,
NC

Re: Risk of stealing php code?

"NC" <nc@iname.com > writes:
[color=blue]
> el_roachmeister @yahoo.com wrote:[color=green]
> >
> > I am an ASP, selling hosted software and am concerned that
> > someone will steal my source code and resell it?[/color]
>
> Unless they have access to your PHP files via FTP or Telnet,
> this is a near-impossibility. There's always a chance that
> one of your files allows a code injection, but those are
> rare in well thought out applications.[/color]

You are true.

One thing besides FTP and Telnet whaich can give sometimes
access to the PHP source code.

It is possible to have such HTTP server misconfiguratio n
that PHP files are not run thourhg PHP parser, but are
sent to the user as they are.
There is a small risk that this kind of thign happens when
you make major changes to your server configuration or
you upgade server to newer version that needs somewhat
different configuration.

I have seen it happen that user gets the source code
instead the PHP output..


--
Tomi Engdahl (http://www.iki.fi/then/)
Take a look at my electronics web links and documents at

Re: Risk of stealing php code?

"el_roachmeiste r" wrote:[color=blue]
> I am an ASP, selling hosted software and am concerned that
> someone will
> steal my source code and resell it? I did a google search and
> it seems
> unlikely since it is typically easier to write one's own
> script from
> scratch then try and figure out what someone else has done
> (for code <
> 10,000 total lines). Plus there is so much open source scripts
> out
> there already for people to copy and modify for their own
> needs that
> they should not have to do something illegal. What do you
> think?
>
> I know there are php obfuscators but my code is under daily
> development
> .. It would be a pain to constantly run the obfuscator each
> time I make
> a small change to it.[/color]

I would not use obfuscators, since you have to protect certain
variables (e.g. query string variables) against being obfuscated,
which is headache. Also as you correctly stated, you have to
obfuscate all the files.

Instead, use php encoders which encode files individually. That way,
if you make a change to one file, you can just upload it, knowing that
all your other files are encoded, and there is only a small risk.

Look into Zend small biz program, or mmcache (free), or ionsphere.

steve

--
Posted using the http://www.dbforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbforumz.com/PHP-Risk-ste...ict229495.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbforumz.com/eform.php?p=796275

Re: Risk of stealing php code?

Tomi Holger Engdahl wrote:[color=blue]
> "NC" <nc@iname.com > writes:
>
>[color=green]
>> el_roachmeister @yahoo.com wrote:
>>[color=darkred]
>>> I am an ASP, selling hosted software and am concerned that
>>> someone will steal my source code and resell it?[/color]
>>
>> Unless they have access to your PHP files via FTP or Telnet, this
>> is a near-impossibility. There's always a chance that one of your
>> files allows a code injection, but those are rare in well thought
>> out applications.[/color]
>
> You are true.
>
> One thing besides FTP and Telnet whaich can give sometimes access to
> the PHP source code.
>
> It is possible to have such HTTP server misconfiguratio n that PHP
> files are not run thourhg PHP parser, but are sent to the user as
> they are. There is a small risk that this kind of thign happens when
> you make major changes to your server configuration or you upgade
> server to newer version that needs somewhat different configuration.
>
> I have seen it happen that user gets the source code instead the PHP
> output..[/color]

That's why you should put all php files with interesting content outside
the docroot, and why hosting providers should give the possibility for
doing so.

Hans

--
"He who asks a question is a fool for five minutes;
he who does not ask a question remains a fool forever"