Releasing commerical PHP code. Do you obfuscate or compile it? Or just deliver as-is?

Possible reasons:

1) so the user can't figure out the code and "issue himself more licenses" or other stuff that is commercially sensitive to you

2) so the user can't "just make a tiny change" and break what he doesn't understand, then tell you he didn't change anything and expect you to 开发者_如何学运维fix it (sure, you can make him pay, but it's easier to avoid the hassle in the first place)

3) so the customer can't take some of your software and use it do develop new products

4) you are embarrassed to let your uncommented spaghetti code be seen ;-)

5) any more?

What do you generally do? And how do you do it?

If hosting the php code on your servers is not an option, the best thing is to simply deliver the source code with a restrictive license and accept the risks you outlined above. If the user "issues more licenses" and it violates your terms, you can pursue legal actions.

On the receiving end, I have purchased PHP software that was ofsucated/encoded with ionCube PHP Encoder (http://www.ioncube.com/). It required adding an additional server component and including effectively closed-source code no our servers, neither of which our IT team was happy about. But it prevented us from fiddling with the source as you are attempting.

I deliver it as is. End-users expect to be able to edit the code whether it's free or commercial. Most of them aren't pirates, so getting in their way will just hurt your business (less happy customers = less positive mentions and referrals). The pirates will steal your software whether you obfuscate/encode it or not, anyway.

If a client breaks my code and try to pin it on me I offer to restore the code to the last known working configuration. This usually ends the conversation because they know it was a modification they made.

Seems like an unnecessary precaution to me. Even if you obfuscate it it can still be redistributed. As a developer, piracy is a known risk and the best way to avoid it is to release software that is open source. :)

I would seriously think twice about doing business with a developer in the future if I purchased a script that was obfuscated (making it difficult for me to make changes). I mean.. what PHP script needs ZERO modification to get it to do exactly what you want it to?

Concerning point #2:

You can always generate a hash of your deliverables. Very simple method: generate an md5 hash using the source files as input. If you suspect tampering when receiving a support call, simply hash the deployed files to figure out if your client has tampered with the code and tries to get you to fix their mess.

This is non-intrusive (you just hash before you deliver, and keep the hashes in your files) and a quite safe way to check the contents of your files.

No one has addressed that delivering the licensing source allows customers to switch it off and have unlimited licences. That is my main concern