-3

I'm developing a tool, however I'm looking for the best solution to encode the php source code so no one can decode it, is that even possible?

If not, is it a good practice to create an api, so almost the whole process part is on my server and if someone doesn't have the token, cannot use the tool. Is that a good practice?

Pierre
  • 643
  • 1
  • 7
  • 14
  • 3
    PHP runs entirely on the server, so people using your website never see any of it at all. If you are planning to sell your PHP code to other people you can search on "PHP obfuscator" but it might be better to focus on offering a license with support fees. If you want to offer an API service you'd better make it a scalable cloud service and it will be a tough sell since if your service stops, their business fails – Dave S Apr 10 '20 at 18:45
  • Does this answer your question? [Is there a code obfuscator for PHP?](https://stackoverflow.com/questions/232736/is-there-a-code-obfuscator-for-php) – Progman Apr 10 '20 at 21:27

2 Answers2

0

It is recommended to create backend apis with which your frontend interacts. That will keep your source logic secure. You can use token methods like JWT to send token from server and then whenever a request is generated from frontend, it comes with that token and your server can perform actions knowing that it is a legitimate request.

Also your php code is always on the server so I am not really sure what you mean by encoding the source code.

Hadi Pawar
  • 1,090
  • 1
  • 11
  • 23
0

If you're hosting a PHP application on a server, say a web server, your PHP code should never be provided to the client. "Encoding" your software is not necessary as long as you take proper steps to secure your web server so that there is no unintentional source code leak.

As far as using tokens for API access, this is a well-accepted practice as long as the tokens are securely generated and stored safely outside of the web directory.

Kaleb W
  • 122
  • 7