PHP Encoding with a Remote Key?
I have coded a pretty nice class and I'd like to install it on the clients server without risking them taking the code and not paying me.
If possible, a method where I have the "key" on my server, and encrypt the source code on the clients server with that key and some how code the method for retrieving the key from my server into it, so in the event they don't pay I can change the key on my end thus disabling the code from working on their end.
An开发者_如何转开发y ideas?
EDIT: I'm aware of zend and ioncube, I'm trying to see if there is a different, less expensive "free", way of doing this.
You could run your own webserver, strip some of the key methods out of your code and refactor them into webservices that you would host on your server. So if they dont pay, you just shut off your server and boom... the app breaks.
Unless you reverse engineer the bytecode encryption that IONCube or Zend Guard does, your code is going to have some form of an "if ($authorized == "mysekritcode")
" line somewhere. You can obfuscate that, but a malicious user could just change it to "if (1==1)
" and bypass any obfuscation.
Instead, if your code can be separated into Model/View/Controller, and the client can be handed over only the "View" component (and maybe the Model), and have the "Controller" component act as a web service on your server, that gives them the functionality, but needed security.
You need PHP encoding software to do this. There are downsides to doing this of course, the main one being that in order to run your code, the target environment needs the proper decoder set up.
IonCube is one product that accomplishes this. Zend Guard is another. Before you go this route, I'd suggest you learn more about the products and decide if it's worth it for you. There are several threads on SO about using PHP encoders that are full of good information.
Look into something like IONCube encoder. Works like your asking - and its not spinning your own solution (its got support, a good track record, documentation, etc).
IONcube isn't your only choice - google around. Zend offer's something also.
You could do something like this in a file included by all the others:
if (file_get_contents('http://your.domain.com/getKey.php') != 'verySecretCode')
{
die('pay me');
}
And then you'd have to encode the file with Zend Guard or similar.
Your server needs to be online 24/7 otherwise you'll have problems (or you could code a more robust system). Either way, for every request the server of your client will make a HTTP request to your server.
Zend Guard is the best, but if you don't have any money to spend you could try bcompiler.
精彩评论