how would you word that you will obsfucate file in a contract?

sde · 02-02-2005, 10:30 AM

i'm finding a need more and more to use zend safe guard studio or some other method of code security lately.

as i refine my function libraries, certain sites are becoming more like software that i'm just customizing and re-distributing.

since my design makes it very easy to make these sites into something else, i want encrypt files so as to make it so someone can not just open a file in a text editor and give / sell it to someone else.

so, how would i word this in a contract?

Select PHP Source files will be encrypted ?

Belisarius · 02-02-2005, 11:23 AM

Well, you can't really encrypt them, can you? You'll just be obfuscating?

technobard · 02-02-2005, 11:23 AM

Hmmm... I'm not exactly an expert in this, but I think the real question is what portion of the code belongs to the client and what part is library code that you license them to use? If they understand that they don't own the code libraries, how you protect those libraries really isn't something they need to hear about.

Just my 2 cents.

sde · 02-02-2005, 11:33 AM

i'm getting terms mixed up. yes, obsfucate is what i believe that zend encoder does.

and i think 'license' is the term i was looking for. thanks techno. that gives me something to work with.

Belisarius · 02-02-2005, 12:02 PM

You can obfuscate, but someone will develop something that will un-obfuscate them. But putting up that first hurdle will probably discourage 80%-90% of the people out there.

Also, put some sort of license in the code to make sure that they can't be legally redistributed. You want both practical and legal protection.

sde · 02-02-2005, 12:07 PM

i was just looking at zend safeguard studio . my god, waayy too expensive for my budget.

i need to re-think it. i have a customer who wants me to duplicate the work i've done on another domain so he can run someone else's site. i don't like that.

technobard · 02-02-2005, 08:19 PM

There are other less expensive obfuscators out there. I don't know how good they are, but like Belisarius, I agree that a little discouragement will go a long way. From what I found (in a quick search or two), they all seem to be removing comments, and replacing variable and function names. They also appear to be removing all indentations, etc. You could probably write something pretty quick to handle that level of functionality.

sde · 02-02-2005, 08:27 PM

Belisarius pointed out a few to me on instant messenger. I might just go with safeguard studio. It is $250 and seems like it does what Zend Studio does. I will try it out first.

There were others, but I would really prefer to go with a company that I think will be around for a while. Unfortunately, most of what I'm judging by is the professionalism of the website.

ender · 02-02-2005, 08:28 PM

This is what google basically does with all of their javascript code. However, it serves two purposes in this instance, as the 'compression' also lowers the amount of code that actually gets sent to the browser.

Obfuscated or not, it isn't really stopping someone from using the code. Obfuscated and correct code is still correct.

Maybe I'm missing the point.

-Ted

sde · 02-02-2005, 08:36 PM

the point is to make it more difficult for people to modify. when i deploy a site, i can set variables specific for the customer or domain that is using it. if i obsfucated it, it would make it very difficult for them to go in and modify that code so they can use it on another site.

safe guard studio supports licensing, and also locking scripts to a specific domain or ip. i think this is the max amount of control i would need to discourage my scripts from being re-used or re-sold.

of course nothing is hack proof, but you can certainly keep most people out. you have to consider that people i'm developing sites for don't know how to either .. otherwise they would be doing it themselves.