Jochem Maas wrote:
search for 'php encoder' and use one (some cost money).
I believe that the php encoder keeps the syntax but changes the variable
names to make it less readable. I am not sure if this is enough.
changing an file extension from 'php' to 'inc' does nothing to protect your
code in way what so ever - given that you think it does I am left wondering
what the value of your proprietary code could be? is it really so great
that
it is worth the time/hassle/cost of encoding? You might consider merely
signing an agreement with your customers that they are not entitled to
browse, copy, reuse on other domains, etc - and be happy if they pay the
bill ;-)
I only changed the file extension as an experiment. I understand that
the changing of the file extension does nothing for security, but it
does allow the functions residing on my site to be read and executed on
the client's server.
I'm not suggesting what you offer/make is rubbish but merely that
you may be making a mountain out of a practical molehill in terms of the
security
requirement you saeem to be setting yourself.
Some of the scripts involve some sophisticated encryption/decryption for
credit cards. One customer had similar code and the chose to manage the
site themselves. There were some security issues that arose from them
giving ftp access to to the site to just about anyone. I am looking to
prevent this sort of thing from occurring again. I will research the
encode further and see if I have misunderstood its function.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
