1

Intro

I am trying to protect PHP source code from being "easily" read by others, as part of a client requirement.

The thing is, I have tried lot of alternatives:

1) bcompiler: with the intention to transform php source to bytecodes, but no success.

2)phc: imposible to make/install.

3)BLENC extension: I have problems integrating it with a Yii Framework App.

The Idea

I was thinking that "maybe" I can "stay" between ApacheServer and PHP, in order to do something like this ...

1) HTTP request comes to APACHE SERVER

2) APACHE checks its a php file

3) According to the URL I know those php files are zipped/encoded, so before APACHE parses them, I unzip/decode the files

4) APACHE parses and process PHP.

5) zip/encode the files again (for protection).

6) Return a result.

Performance is not a concern

Is this posible?

Any suggestion?

EDITED:

1) FYI: The server where my php web app runs, is not a hosting, its my client server, so people has access to it.

2) FYI: Right now I found a temporary solution, called, SourceGuardian (http://www.sourceguardian.com/)

After trying BCompiler (imposible to use with PHP 5.4+) , PHC (imposible to compile),Monas (OLD deprecated), BLENC (not thinked for web applications with tons of files different than php files), etc. etc. etc., trying to "HIDE" my PHP Source code, SourceGuardian was the only think that worked for me, its commercial, but costs 199 dollards, its very affordable. I recommend everybody to try it.

--> (I will keep looking foward to Apache Modules) <--

Tunaki
  • 132,869
  • 46
  • 340
  • 423
  • 1
    What you want is [pre-compiled PHP](http://stackoverflow.com/questions/1408417/can-you-compile-php-code) – Machavity Jun 01 '15 at 14:14

2 Answers2

1

You can use Apache Modules to make any change while processing your request on server. You can tap the request in almost any level.

You can find about apache modules here : https://modules.apache.org/

But my concern is , what ever you do output from server should be HTML + java scripts + etc readable by your browser.

Chand Priyankara
  • 6,739
  • 2
  • 40
  • 63
  • PHP comments are not visible if you do view-source in browser. But the output is viewable as in answer above – Adam T Jun 01 '15 at 14:15
  • Right now I am reading about Apache Modules and Filters. I will clarify more my question in order tu understand better what I want –  Jun 01 '15 at 14:49
1

Are you sure that you don't mean Javascript instead? PHP-Code can only read who has file-access to the server. There is no way to read it with a web browser.

If you really want to "protect" your php source use a simple minifier. It makes the code unreadable.

Norkos
  • 171
  • 1
  • 13
  • I will clarify in my original question –  Jun 01 '15 at 14:49
  • But when the client has access to the server - he can just read the file without use apache at all. So as i said, use a minifier. – Norkos Jun 02 '15 at 07:19
  • supose I have my php files encoded somehow, and they can only be decoded by something ... then the php files would be unreadable by anyone. The Apache modules are a good idea, because I can have my encoding/decoding algo inside the module, and I can filter what to decode depending on the request. –  Jun 03 '15 at 15:40
  • Now i get it :) Yes than you have to write an Apache Module - the only question is: is it the expense worth? I would prefer the minifier: less work for you, but still unprofitable effort for the "thief". – Norkos Jun 05 '15 at 07:39
  • Its necesary. because sometimes you sell a software product to someone, than you do another contract in order to maintain and give support, some modifications, etc. Thats why I wanted to be CLSED SOURCE, in order to protect the maintanance contract. Thats my case. –  Jun 05 '15 at 20:57