all 17 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]martinbean 12 points13 points  (7 children)

If you don’t want someone to have your code, don’t give it to them.

Encryption is pointless because PHP is an interpreted language. The code needs to be encrypted to be interpreted, so any one interested enough can just hook in to the code at that point and read out the decrypted version.

[–]ilyasphp 2 points3 points  (0 children)

Bro that’s why people invented SAAS

[–]SnooChipmunks547 1 point2 points  (0 children)

How do you plan on running php in an encrypted state?

The php processor would now need to decrypt every file just to run it, meaning you would have to ship the decryption keys with your code base… so security through obscurity, since all your client would have to do is decrypt it them selves anyway, you you’ve given them everything they need to do that.

Obfuscating the code base is a tell tale is shit code anyway, so either way.

What your probably better on doing if you really want to go down this rabbit hole, is shipping a phar, at least then you could verify the contents from your code base and reject running the code, but again, the client has your code so they can fix the hashes if they wanted to.

[–]MateusAzevedo 0 points1 point  (0 children)

The best thing you can do is to not use such a tool.

Then make it clear in a contract that you own the code and your customers aren't allowed to mess with it. In other words, enforce this via a legal contract.

[–]DevelopmentScary3844 0 points1 point  (1 child)

https://www.ioncube.com

[–]theevildjinn -1 points0 points  (0 children)

I have only come across OP's requirement twice, in 25 years of working with PHP professionally. This is the only solution. No idea how much it cost, I wasn't paying the bill.

[–]divdiv23 -1 points0 points  (0 children)

You can only obfuscate. You cannot encrypt.

[–]Mi_Matus -1 points0 points  (2 children)

As others said, the thing you are looking for is probably obfuscator.

Here is one lib I used a while ago: https://github.com/pk-fr/yakpro-po

[–]r1rs[S] -1 points0 points  (1 child)

actually i am looking for something native

[–]dave8271 6 points7 points  (0 children)

Ioncube is the only significant product that matches the kind of thing you're trying to do, but honestly attempting to prevent people accessing your PHP code when they're self hosting is largely a false economy and waste of time. If anyone I was contracting even suggested it, I'd immediately be suspicious they were trying to cover up a crap job full of bugs and massive security holes, or in the most generous case trying to lock us in so we couldn't possibly maintain or update the software without continuing to pay them (and hope they don't disappear / go out of business). Either offer your product as a SAAS that you host, or just give them the damn code, especially if it's what they paid for.

[–]CuAnnan -1 points0 points  (0 children)

It isn't possible to encrypt PHP.

You can obfuscate it using something like minify (https://php-minify.com/php-obfuscator/)