Quote:
|
Originally Posted by DJMaze
1. PHP is serverside
2. If they have the source they also have your database
3. so why bother?
|
Thanks. I was already skeptical about that doing anything since shared hosting setups can't seem to prevent other clients on the server from snooping around.
Quote:
|
Originally Posted by sde
are you talking about distributing your php software, or are you worried about people hacking into your server and stealing your code?
|
Mainly something like the latter.
Quote:
|
Originally Posted by teknomage1
Considering most people never even use ready made libraries since it takes a while to figure out how to use them, I doubt anyone actually steals code. Quicker and cheaper (and less of a bleeping headache) to just write something new for sure.
|
I definitely agree with that last part, better to do it yourself. A lot of php scripts are poorly written because they weren't made with security in mind. And when they are, the techniques are dated never updated.
I had to clean up some classified app I purchased ($700 USD) months ago that used poor session handling, allowed same logins from different machines at the same time, stored plain text passwords and had a ton of SQL injection and XSS vulnerabilities to boot. If I wasn't paranoid I would've used it as is, but still unsettled I saught security, googled and read a lot (****, I'm still reading). If I had known beforehand... I've since scrapped using this app altogether and am writing something I can live with that's more efficient, uses current security practices, and that I can use with a merchant account. Even when I'm done, I'll probably get it audited just in case I missed some things.
There are thieves out there..
Don't know if you guys know this, but there are entire forum communities revolved around acquiring and then reverse engineering (to redistribute freely) commercial php apps. Many who benefit from this practice are noobs and even they get well versed in removing all of the script author's fingerprints by the providers. Terrible. They then use it out of the box. Once they completely change the appearance and the filenames you're almost in no man's land. I imagine even if you write something that isn't for sale, but would like to keep it to yourself and profit from, and it's a nice piece of code that gets attention - that you're likely to become a target for theft too.
And it's not like I really care about copycat scripts, as long as the copycat's efforts are their own...no harm, no foul.
Anywho, my curiosity has been satisfied here.
I'll use pobs and then the ioncube encoder to wrap things up when I'm finished. I wanted to read others comments on this instead of just entertaining the cheap thoughts in my head.