3

I'm developing a Prestashop module which I need to protect against

  • easy code modification (I'm completely aware there is no program that can't be decompiled in certain way or at least being opcode-exposed)

  • make sure each client pays for the module

after spending ~1 hour thinking on this, I came out with the following solution:

  1. Implement a serial key validation based on the value of PS_SHOP_DOMAIN
  2. Encrypt the source code with PHP's blenc_encrypt (http://php.net/manual/en/book.blenc.php)
  3. Make a configuration view in the module that would allow the user to paste the key that was previously purchased from my website.

My question is, what parts of Prestashop actually depend on PS_SHOP_DOMAIN? Is that value important enough* or should I use something else? And, if I should use something else, what would that be?

*important enough - being used by an important part of the code, thus making is impossible to change the value without breaking the entire Prestashop installation.

alexandernst
  • 14,352
  • 22
  • 97
  • 197
  • 1. as I see it is experimental extension, how you can be sure that it is installed on client side? 2. `PS_SHOP_DOMAIN` using in most parts of core and modules to get shop url – Serge P Oct 30 '15 at 14:13
  • @SergiiP Ok, so `PS_SHOP_DOMAIN` is important enough to be used. As to the first point, you're right. I'm open to suggestions. Is there any other way I can encrypt (not obfuscate) my code? – alexandernst Oct 30 '15 at 19:46
  • no ideas, I know only popular solutions like ioncube etc., but again there exists and revers engineering tools too. From other side, maybe I wrong and you have something really newest/important in code, but imho if you will create really helpful module people will buy it instead of stole it and again you can build sales model based on updates/new features/improvements etc. + e.g. send notice to shop owner about using illegal copy etc., just my 2 cents :) – Serge P Oct 30 '15 at 20:49

1 Answers1

0

The best way to protect module scripts is providing some of the functions in your own server. Create a small api for some functions and limit access by domain name and api key. This is the only way you will have your code "protected".

Prescol
  • 615
  • 5
  • 12