ionCube and Codeigniter |
Hello guys, currently i'm working on a project which requires alot of seciruty. I stumbled upon a problem with the source code being plain php and human readable. After googling for PHP obfuscators i found ionCube which claims to be the best. Like veryone else i aske the one million dollars question: what about the performance??
On their website they claim that ionCube doesn't effect the speed that much and it might actually speed up the code Quote:Q. Do encoded files or the loader affect performance? Since i have no experience with php encryption i wanna know your opinion. Is it a good practice to use ionCube for high security projects? Does it really good idea to use it?
I would exhaust all other methods of increasing security before considering encrypting the source code using something like ionCube.
PHP code should never be displayed when deployed to the end user if PHP is installed correctly and the file extension is .php. Hiding source code in case someone gains access to your server might add a small layer of security for the code used; however as most data is typically stored in a database (which is easy to access once the server is compromised), there is very little reason to encrypt the source code itself unless the code itself is vital to an organisation. From a security standpoint it may add a layer of protection, but it also adds extra development time ( any updates have to be made on the original source code and then encrypted before being pushed live ) and a small hit to performance.
Hi,
simple method is to remove php tags from your php file and display it on Google Chrome. Eveny if it's USELESS to reduce or obfuscate it, since Chrome Dev tools can reverse obfuscated code. As advoor said... php is not mean to be displayed to front end user, if it so, you're showcasing your app source-code and don't really need to obfuscate it... Obsucate Php Code is unusable even for more improvements.
NexoPOS 2.6.2 available on CodeCanyon.
@FlevasGR well... if they've managed to get to your PHPs, then your security is lost already...
Website: http://avenir.ro
(06-08-2015, 04:52 AM)FlevasGR Wrote: Hello guys, currently i'm working on a project which requires alot of seciruty. I stumbled upon a problem with the source code being plain php and human readable. After googling for PHP obfuscators i found ionCube which claims to be the best. Like veryone else i aske the one million dollars question: what about the performance?? I wouldn't worry about the performance. The rest of your questions however don't have a straightforward answer - you either need to do that or you don't; there's no "good idea" or "good practice" in that regard. (06-08-2015, 05:20 AM)advoor Wrote: I would exhaust all other methods of increasing security before considering encrypting the source code using something like ionCube. There are valid use cases for trying to encrypt PHP source code - you are not always the one deploying the code on your server(s); some companies sell software and they don't want their clients to be able to modify it. (06-08-2015, 06:29 AM)Blair2004 Wrote: Hi, ionCube does encryption, not obfuscation - it's not plain-text code that's just hard to read.
Thanks for your answers. I will clarify everything i can
@advoor The development time is not a problem. It's automated anyway so when i want to deploy on the server i just push a new verion on the production branch. What i could do is to make a ruby files which takes tare the compiling and pushed the new verion. @Blair2004 ionCube is not obfuscates code. It messes up everything and makes it trully unreadable. Here, take an example: Code: E¿¦gŠ³ùy}1Â~]lZ,nÍšm«Í)rÓ+øÅJ§õäJ©ÐðáA[þf1ˆOÜÑRÙŸ‹©s$|2÷9qB¤'Ú¿Ì„?…äõ÷pΉY\'ìÛš©)"ópò`›kâ!yõ_ÿ„ÛJí0¯CúÝ¢/àÂ玛Ëð7üèõÁýÏ}Zúš³A‰—Zù¸‡W"H$ëñÄžõ·v*…¶ÅP˜¼Y´ý`Å«e°2¥íÆ}‹½`”j&ÜgoEUIù“Ð @Avenirer well, it's not just the guy who will get access. It's that i dont want anyone from the team im working with to see what is going on. (06-08-2015, 09:37 AM)FlevasGR Wrote: well, it's not just the guy who will get access. It's that i dont want anyone from the team im working with to see what is going on.Does your team not have access to view the production branch itself? I assume you're talking about git. It will only be encoded on the server, so if they have access to the git branch they will still be able to see the raw code.
That's really amazing, it can be usefull for commercial soft.
NexoPOS 2.6.2 available on CodeCanyon.
|
Welcome Guest, Not a member yet? Register Sign In |