php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #24507 Function for obfuscation/encryption
Submitted: 2003-07-05 14:40 UTC Modified: 2003-07-07 04:21 UTC
Votes:2
Avg. Score:2.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: ensophic at hotmail dot com Assigned:
Status: Wont fix Package: Feature/Change Request
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ensophic at hotmail dot com
New email:
PHP Version: OS:

 

 [2003-07-05 14:40 UTC] ensophic at hotmail dot com 
Description:
------------
I recommend that a code encryption function be added to PHP, similar to Zend Encoder or SourceGuardian Pro. 

For example:

source_encrypt(code string, key string) could encrypt PHP code using a key.

source_decrypt(encrypted_code string, key string) could decrypt PHP code and output the evaluated result of encrypted_code. This way, your PHP application could be a series of source_decrypt functions, and the end user wouldn't be able to access the PHP source code.

I know this goes against open source, but many companies would greatly benefit from these functions (if not for speed, to save the money that would be spent on SourceGuardian Pro).

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-07 04:21 UTC] derick@php.net 
A few things:
1. the way Zend Encoder (but also ionCube encoder) and SourceGuardian work are totally different. The first two products encrypt the compiled PHP code, which SourceGuardian only encrypts the script. The latter is very easy to reverse to a script (but maybe hard to read due to obfucsication).
2. The implementation suggest can only obfucsicate code, obfucsication is not a way to encrypt, or secure scripts. Security-by-obfucsication just doesn't buy you anything.
3. It's not up to PHP to provide these functions, as you say yourself it's against Open Source and it has little to do with the PHP language itself. Something like this should belong in an extension, for example source guardian. 

We're not going to add it -> Won't Fix
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 04 14:01:32 2024 UTC