无需加密即可保护 PHP 代码的最佳解决方案

发布于 2024-07-09 21:05:18 字数 405 浏览 11 评论 0原文

首先,我并不是在寻找奇迹......我知道 PHP 是如何工作的,并且没有真正的方法可以在不使用加密的情况下向客户端隐藏我的代码。 但这会带来在正在运行的服务器上安装扩展的成本。

我正在寻找不同的东西......我不想加密我的代码,甚至混淆它。 有许多 PHP 脚本没有加密/混淆代码,但它们是商业应用程序。 例如,vBulletin 和/或 IP.Board 论坛应用程序。

我只是想知道这些人在他们的应用程序中使用什么方法......

我也愿意接受任何其他建议。

请注意,我是单身人士,不为公司工作。 我的产品也很具体,卖不了那么多。 我只是想让你们知道,我无力咨询法律专业人士来起诉某人或准备商业许可证。 我只是在寻找一种简单的方法来保护我的简单产品,如果确实可能的话,不知何故......

First of all, I'm not looking for miracle... I know how PHP works and that there's not really way to hide my code from the clients without using encryption. But that comes with the cost of an extension to be installed on the running server.

I'm looking for something different though... I'm not looking to encrypt my code or even obfuscate it. There are many PHP scripts without encrypted/obfuscated code but they are commercial applications. For instance, vBulletin and/or IP.Board forum applications.

I just want to know what approach do these guys use for their applications...

I'm also open to any other suggestions.

Please note that I'm a single person and not working for a company. My product is also very specific, it won't sell that much. I just want you guys to know that I can't afford to consult a legal professional either to sue someone or prepare a commercial license. I'm just looking for a simple way to protect my simple product, if it's indeed possible, somehow...

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(11

七七 2024-07-16 21:05:18

混淆视听只会给你的合法守法客户带来不便,而那些会敲诈你的人无论如何都不是你的目标付费客户。 (删除了有关混淆的其他想法)

保护软件的另一个建议:创建一个业务模型,其中代码是您产品价值的不完整部分。 例如,出售产品许可证以及对您在站点上管理的某些数据的访问权限,或者通过订阅模式或通过客户支持来许可产品。

设计 EULA 是一个法律问题,而不是编码问题。 您可以首先阅读您使用的产品和网站的一些 EULA 文本。 您可能会发现一些有趣的细节!

创建专有许可证非常灵活,并且可能超出了 StackOverflow 的预期范围,因为它并不严格涉及编码。

我想到了 EULA 的某些部分:

  • 如果产品存在错误或造成损坏,则限制您的责任。
  • 详细说明客户如何使用其许可软件、使用时长、在多少台机器上、有或没有再分发权等。
  • 赋予您审核其网站的权利,以便您可以强制执行许可证。
  • 如果他们违反 EULA,会发生什么情况,例如,他们失去了使用您的软件的特权。

您应该咨询法律专业人士来准备商业 EULA。

编辑:如果该项目无法证明律师费用合理,请查看以下资源:

Obfuscating things can only inconvenience your legitimate, law-abiding customers, while the people who would would rip you off are not your target paying customers anyway. (edited out other thoughts about obfuscation)

Another suggestion for protecting your software: create a business model in which the code is an incomplete part of the value of your offering. For example, sell product licenses along with access to some data you manage on your site, or license the product on a subscription model or with customer support.

Designing a EULA is a legal matter, not a coding matter. You can start by reading some EULA text for products and websites you use. You might find some interesting details!

Creating a proprietary license is is highly flexible, and probably a subject beyond the intended scope of StackOverflow, since it's not strictly about coding.

Some parts of a EULA that come to mind:

  • Limiting your liability if the product has bugs or causes damage.
  • Spelling out how the customer can use their licensed software, for how long, on how many machines, with or without redistribution rights, etc.
  • Giving you rights to audit their site, so you can enforce the licenses.
  • What happens if they violate the EULA, e.g. they lose their privilege to use your software.

You should consult a legal professional to prepare a commercial EULA.

edit: If this project can't justify the expense of a lawyer, check out these resources:

指尖上的星空 2024-07-16 21:05:18

您需要考虑您的目标:

1)您是否试图阻止人们阅读/修改您的代码?如果是,您将需要一个混淆/加密工具。 我使用 Zend Guard 并取得了良好的成功。

2) 您是否试图阻止未经授权的代码重新分发? EULA/专有许可证将赋予您阻止这种情况的法律权力,但不会真正阻止它。 密钥/激活方案将允许您主动监控使用情况,但可以删除,除非您也加密您的代码。 Zend Guard 还具有将特定脚本锁定到特定客户计算机和/或创建代码的时间限制版本(如果您想要这样做)的功能。

我不熟悉 vBulletin 等,但他们要么需要加密/混淆,要么相信他们的用户会做正确的事情。 在后一种情况下,他们受到 EULA 的保护,该 EULA 禁止他们认为不良的行为,并且有法律体系支持违反 EULA 的行为。

如果您没有准备/无法采取法律行动来保护您的软件,并且您不想加密/混淆,您的选择是:a) 使用 EULA 发布它,这样您在需要时就有合法的选择并祝愿最好的结果,或者 b) 考虑开源许可证是否更合适并且只允许重新分发。

You need to consider your objectives:

1) Are you trying to prevent people from reading/modifying your code? If yes, you'll need an obfuscation/encryption tool. I've used Zend Guard with good success.

2) Are you trying to prevent unauthorized redistribution of your code?? A EULA/proprietary license will give you the legal power to prevent that, but won't actually stop it. An key/activation scheme will allow you to actively monitor usage, but can be removed unless you also encrypt your code. Zend Guard also has capabilities to lock a particular script to a particular customer machine and/or create time limited versions of the code if that's what you want to do.

I'm not familiar with vBulletin and the like, but they'd either need to encrypt/obfuscate or trust their users to do the right thing. In the latter case they have the protection of having a EULA which prohibits the behaviors they find undesirable, and the legal system to back up breaches of the EULA.

If you're not prepared/able to take legal action to protect your software and you don't want to encrypt/obfuscate, your options are a) Release it with a EULA so you're have a legal option if you ever need it and hope for the best, or b) consider whether an open source license might be more appropriate and just allow redistribution.

带上头具痛哭 2024-07-16 21:05:18

我已经有一段时间没有查看 VBulletin 源代码了,但他们在 2003 年左右使用的方法是在代码中嵌入对其服务器的调用。 IIRC,它位于一个非常长的代码行上(比如 200-300+ 个字符长),并且被多个字符串连接等分解。

如果你盗版的话,它并没有什么“坏处”——论坛仍然 100% 工作。 但你的服务器的 IP 与其他信息一起被记录下来,他们用它来调查并采取法律行动。

您的许可证号已嵌入此调用中,因此他们可以轻松跟踪给定许可副本正在运行的 IP/网站数量。

I have not looked at the VBulletin source code in some time, but the way they used to do it around 2003 was to embed a call to their server inside the code. IIRC, it was on a really long code line (like 200-300+ chars long) and was broken up over several string concatenations and such.

It did nothing "bad" if you pirated it - the forum still worked 100%. But your server's IP was logged along with other info and they used that to investigate and take legal action.

Your license number was embedded in this call, so they could easily track how many IPs/websites a given licensed copy was running on.

丘比特射中我 2024-07-16 21:05:18

如果您无法创建自己托管并通过 Web 访问的“云应用程序”,那么您可以考虑使用虚拟服务器(来自 VMWare、Parallels、Sun 等)创建虚拟设备并安装“lite” ” 的 Linux 版本。 将您的 PHP 代码放入虚拟环境中,并在他们的服务器上安装虚拟机。 确保创建一种方法来防止加载到根目录中。 当然,这需要亲自拜访客户。

If you can't create a "cloud app" that you host yourself and they access via the Web, then you could look into creating a virtual appliance using a virtual server (from VMWare, Parallels, Sun, etc) and install a "lite" version of Linux on that. Put your PHP code in the virtual environment and install the virtual machine on their server. Make sure to create a way to prevent loading into root. Of course, this would involve physically visiting the client yourself.

初雪 2024-07-16 21:05:18

他们根据专有许可证分发软件。 法律保护他们的权利并阻止他们的客户重新分发源代码,尽管这样做实际上没有困难。

但您可能很清楚,软件产品的版权侵权(盗版)是

They distribute their software under a proprietary license. The law protects their rights and prevents their customers from redistributing the source, though there is no actual difficulty doing so.

But as you might be well aware, copyright infringement (piracy) of software products is a pretty common phenomenon.

痕至 2024-07-16 21:05:18

真正保护您的 php 应用程序免受其他应用程序侵害的唯一方法是不共享源代码。 如果您将代码发布到网上的某个地方,或者通过某种媒介将其发送给您的客户,则除您之外的其他人都可以访问该代码。

您可以为代码的每个副本添加唯一的水印。 这样您就可以将泄漏追溯到单个客户。 (但这对您有帮助吗,因为代码已经超出了您的控制范围?)

我看到的大多数代码都带有许可证,也许还有保修。 脚本顶部的一行告诉人们不要更改脚本,也许就足够了。 自己; 当我发现非开源代码时,我不会在我的项目中使用它。 也许我有点受骗,但我希望人们不要使用我的非 OSS 代码!

The only way to really protect your php-applications from other, is to not share the source code. If you post you code somewhere online, or send it to you customers by some medium, other people than you have access to the code.

You could add an unique watermark to every single copy of your code. That way you can trace leaks back to a singe customer. (But will that help you, since the code already are outside of your control?)

Most code I see comes with a licence and maybe a warranty. A line at the top of the script telling people not to alter the script, will maybe be enought. Self; when I find non-open source code, I won't use it in my projects. Maybe I'm a bit dupe, but I expect ppl not to use my none-OSS code!

揪着可爱 2024-07-16 21:05:18

在我看来,但以防万一,如果您的 php 代码程序是为独立模型编写的……最好的解决方案是 c) 您可以将 php 包装在像 Phalanger (.NET) 这样的容器中。 众所周知,它与系统紧密结合,特别是如果您的程序是针对 Windows 用户的。 您可以使用 Windows 编程语言(如 .NET/VB/C# 或 .NET prog.lang.family 集中的任何语言)创建自己的保护算法。

in my opinion is, but just in case if your php code program is written for standalone model... best solutions is c) You could wrap the php in a container like Phalanger (.NET). as everyone knows it's bind tightly to the system especially if your program is intended for windows users. you just can make your own protection algorithm in windows programming language like .NET/VB/C# or whatever you know in .NET prog.lang.family sets.

掩饰不了的爱 2024-07-16 21:05:18

我为此目的创建了一个库。 它仅使用 OPCache,以便将 php 转换为操作码。 该库将您的 PHP 代码编译为操作码,并从项目中包含的所有 php 文件中删除代码。 所有生成的操作码文件都保存在服务器的文件系统上并由 OPcache 使用!

https://github.com/notihnio/php-cactus

I have created a library for this purpose. It uses OPCache only, in order to covert php to op codes. The library compiles your PHP code to opcodes and removes code from all php files included in your project. All produced opcode files are saved on the server's filesystem and used by OPcache!

https://github.com/notihnio/php-cactus

伏妖词 2024-07-16 21:05:18

Zend Guard 不支持 php 5.5 并且很容易逆向,请访问 http://www.ioncube.com混淆。 http://wwww.phplicengine.com 可以远程或本地许可脚本。

Zend Guard does not support php 5.5 and is easy to reverse, go for http://www.ioncube.com for obfuscation. http://wwww.phplicengine.com can license the scripts remotely or locally.

萌能量女王 2024-07-16 21:05:18

请参阅我们的 SD PHP 混淆器。 处理庞大的 PHP 文件系统。 PHP 服务器上没有运行时要求。 没有额外的运行时开销。

[编辑 2016 年 5 月] 最近的回答指出 Zend 不处理 PHP5.5。 SD PHP 混淆器可以做到这一点。

See our SD PHP Obfuscator. Handles huge systems of PHP files. No runtime requirements on PHP server. No extra runtime overhead.

[EDIT May 2016] A recent answer noted that Zend does not handle PHP5.5. The SD PHP Obfuscator does.

仅一夜美梦 2024-07-16 21:05:18

让我想想,我们想要向亚当和夏娃展示树上有一些禁果,我们想要一种方法来阻止他们吃……

有一个拿着火焰剑的天使怎么样?

  1. 听起来可能很天真,我不知道你的应用程序实际上做了什么,但是 include 的广泛使用怎么样?

    听起来可能很天真,

  2. 对于合法用户来说,是所有软件都应该可见还是只是其中的一部分?
    因为您可以混淆并将源代码的副本提供给合法的

  3. 您可以将 php 包装在像 Phalanger (.NET) 这样的容器中

  4. 也许您担心外部盗窃,这意味着您的代码在客户使用时可以在网络上自由可见。 这可能值得投资一个便宜的网站托管,每年 50 美元,使用代码中的序列号注册您的合法客户,并让您的应用程序定期向您的网站发布信息。 至少,您可以检测到代码何时被泄露。 您可以在 n 天后通过自毁来推动它,从而给您足够的时间联系客户并更改序列。 这可能是整个代码中唯一混淆的 include()

So let me see, we want to show adam and eve there's some forbidden fruit in a tree, adn we 'd like a way to prevent them from eating...

How about having an angel with a flaming sword?

  1. Might sound naive, and I dunno what your application does actually, but what about the extensive use of includes?

  2. For the legitimate user, is all the software that should be visible or only parts of it?
    Because you could obfuscate and give a copy of source code to legitimate

  3. You could wrap the php in a container like Phalanger (.NET)

  4. Perhaps your concerned with external theft, meaning your code freely visible over the web as customers uses it. This could be worth investing in a cheap web site hosting, for $50 a year, registering your legit customers with a serial in their code and have your app posting info to your web site regularly. At least, you'd detect when code has been compromised. You could push it with a self destruct after n days, giving you enough time to contact your customer and change the serial. This could be the only obfuscated include() of the whole code

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文