混淆 Magento 模块
我被要求通过混淆来保护 Magento 模块。我从未使用过 PHP 混淆包,但我知道它们是如何工作的,并且我预见到混淆非常依赖 string 和 xml 的模块时会出现一些问题:
- /etc/config.xml 寄存器编码类名和路径
- 自动加载被大量使用,路径很重要
- 我无法想象如何自动混淆稍后将由 Mage::getModel('my/module') 调用的类名。
- 我必须从混淆过程中排除 Magento 函数调用(例如 $order->getItems())。
有什么建议吗?
I've been asked to protect a Magento module through obfuscation. I never used PHP obfuscation packages but I know how they work and I forsee some issues in obfuscating a module that is very string and xml dependant:
- /etc/config.xml registers harcoded class names and paths
- auto-loading is heavily used and paths are important
- I cannot imagine how to automatically obfuscate a class name that will be called later by Mage::getModel('my/module').
- I'll have to exclude from the obfuscation process Magento function calls ( ex. $order->getItems()).
Any recommendations?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不知道 IonCube 编码器,但 Zend Encoder 能够对文件进行编码,以便它们本质上作为 PHP 字节码运行,并且不能轻易编辑。由于代码已编译,您的字符串、类名等将被编码,仍然可以访问。文件名将保持不变,以便任何包含内容都能正常运行。这具有加快执行速度的副作用,因为 PHP 编译器不必重新编译 PHP 文件。
确保指定您不想重命名类等,因为更强的编码类型将导致您列出的所有问题。这里的另一个警告是,任何不重命名类和函数的编码都更容易取消编码,但对于坚持不懈的人来说无论如何都是如此。
希望有帮助。
谢谢,
乔
I don't know about IonCube encoder, but Zend Encoder is able to encode the files so that they essentially operate as PHP bytecode and cannot be easily edited. Since the code is compiled, your strings, classnames, etc will be encoded still accessible. Filenames would remain the same so that any includes will function correctly. This has the side effect of speeding up execution as the PHP compiler doesn't have to recompile the PHP files.
Make sure to specify that you don't want to rename classes and such, as the stronger type of encoding will cause all the problems you list. The other caveat here is that any encoding that doesn't rename classes and functions is more easily un-encoded, but for a persistent person this is the case anyway.
Hope that helps.
Thanks,
Joe