1

I'm trying to obfuscate and speed up my code using Zend OpCache, but OpCache doesn't seem to have the usual functions to store bytecode in a file like other older caching systems did. As OpCache is the native method of caching files in memory in opcode, I'd like to continue using it, but I need to be able to obscure my code in the case of a system breach. (Just another security precaution)

What options do I have available to me to store my PHP files as compiled code in opcode or bytecode?

EDIT: I think people misunderstood what I was looking for for the most part. Please read my comments on the posts. I'm a professional web developer of over 12 years, so I'm not new to this. I just wanted to change my tactics a bit and see if others knew of a way to pull this off that I didn't think of.

Rick Mac Gillis
  • 754
  • 8
  • 16
  • 1
    Securing against what? Obfuscating how? Why? In case of a security breach people will just look at the code instead. – PeeHaa Nov 12 '14 at 20:23
  • 1
    Please don't do this. For the poor developer(s) who will come after you and maintain said site, please don't. It's un-necessary and bad practice. – ircmaxell Nov 12 '14 at 21:32
  • I think both of you misunderstood my question or the situation.PeeHaa - If you save the file in an encoded format like Zend Guard, Source Guardian, Nu-Coder, or Ioncube, you're saving compiled code to the file. (Although it's not completely the same, think of what happens when you open an exe file in a text editor versus opening a source code file.) ircmaxell - It's actually great practice to do this as encoding engines actually speed up the code and you certainly don't pitch the original sources when you encode them, so you can always access that code easily and without obfuscation. – Rick Mac Gillis Nov 13 '14 at 00:35

1 Answers1

0

It's definitely not a good idea to start developing your own tools for obfuscating or protecting your PHP code.

For protected your code use SourceGuardian or Nu-Coder. Both tools, however, require installing special PHP extension on server, which is not an option for many webhosting companies. These tools provide possibility to lock your code to certain machine (hardware hash, IP binding, ..), control the number of licences, expiration etc.

If you are serious about protecting your code (not only obfuscation) use virtual server + one of the tools mentioned. In run-time, both extensions hold in-memory opcached decrypted low-level code, so besides protecting the code they provide also performance boost. I tested PHP 5.5.x with loaded both SourceGuardian and opcache and there were no conflicts.

lubosdz
  • 4,210
  • 2
  • 29
  • 43
  • I wasn't planning on developing my own. I just wanted to know what options were available to me and to find out what others were doing. I was looking quite heavily at Zend Guard as well as native methods or PECL available extensions, but it looks like I'm back to using paid methods like the ones you've mentioned. – Rick Mac Gillis Nov 13 '14 at 00:38