Quote:
|
Originally Posted by DJMaze Why steal your code? You already said that when you buy something for $700 it is still crap, so what makes your code superior?
All code has bugs and issues, if you coded without any you would have been millionair.
In my opinion you shouldn't worry about your code, you should worry about the server. It is more harmfull that people steal your customer's creditcard numbers then your code. Why crack a server to steal PHP files if you can get email addresses and creditcards? |
You may not worry about your code but I worry about mine and many worry about theirs. Perhaps your code is not worth worrying about. I am not suggesting that you do not write well but the type of application you write may not be that sensitive after all. If you write an application and already 500 of that type already exist and 200 are distributed freely, you are right: why worry? This is why I do not obfuscate everything that I do.
However, when I write a major application, I re-use a framework that has taken me a long time to develop. This framework uses an architecture that is unique and I am not prepared to see it distributed freely around the web right now.
As to credit card numbers, you never store them straight on the server. It's that simple. And of course, if you need to store credit card numbers, you must apply a method of obfuscation or encryption on the credit card numbers and of course, you will need your PHP code obfuscated to hide the method used.
I don't really understand the argument of those who say "why obfuscate your PHP code?" ... The real question is: why wouldn't you? If it takes 30 seconds to create an obfuscated version of your code ready for upload, why would you upload the non-obfuscated version if your application is sensitive?
If you make your living from developing PHP applications, you are competing with others. You need to invest a lot of time and money in development. Why should you hand out the source to one of your competitors who is going to charge half the rate doing the same job?
Finally, those who say obfuscated code can be reverse-engineered have never tried it! My code is already hard to understand before it is obfuscated, nobody could understand it afterwards without comments and meaningful class, function and variable names. No chance! It is not because something can be theoretically done that it can also be practically done. Not in this case.
Obfuscation works by deterrence. The person who is capable of de-obfuscating your code has the skills to write the same code in half the time so it is not worth his time stealing it. This is why obfuscation is in my opinion very effective.