简体繁体 English

PHP / Web脚本保护

[英]PHP/Web Script Protection

原文 2009-06-13 21:26:34 6 5 php/ javascript/ copy-protection

I want to write a script in PHP and javascript and somehow protect my source code so that I can sell my script. 我想用PHP和javascript编写脚本，并以某种方式保护我的源代码，以便出售我的脚本。

I am looking for ideas how to protect my script. 我正在寻找有关如何保护我的脚本的想法。 If I sell it to someone, how can I stop that person from redistributing it as their product? 如果我将其出售给某人，如何阻止该人将其重新分发为他们的产品？

I know there is ZEND and ionCube, but are there any other methods? 我知道有ZEND和ionCube，但是还有其他方法吗？ As I don't like to force a user to have zend optimizer installed on the server. 由于我不想强迫用户在服务器上安装zend优化器。

Is there any way of generating a "serial number" protection for these scripts that cannot be removed by editing the code? 有什么方法可以为无法通过编辑代码删除的脚本生成“序列号”保护吗？

5 个解决方案

There are ways to obfuscate and encrypt your code but if you rely on your profit coming from folks having a hard time cracking your code, not on the quality/usability of your code/programming then I think you're approaching your market from the wrong perspective. 有一些方法可以对代码进行混淆和加密，但是如果您依靠的是难以破解代码的人的利益，而不是代码/编程的质量/可用性，那么我认为您是从错误的市场进入市场。透视。

Make your code's accessibility a feature, which could make it easier for your customers to audit their security or get/make plugins to enhance your code's usability. 使代码的可访问性成为一项功能，可以使客户更轻松地审核其安全性或获取/制作插件以增强代码的可用性。

Sorry; 抱歉; this isn't really an answer to your question, is it? 这不是您问题的答案，不是吗？

There is no way. 不可能。 You can obfuscate it, but not make it impossible to steal. 您可以对其进行混淆，但不能使其无法被盗。

As with the answer from rice bowl, you should focus on the functionality and usability rather than the protection. 与饭碗的答案一样，您应该关注功能和可用性，而不是保护。 In my view torrent users who steal the script should be the least of your concerns, as the type of people who steal scripts probably wouldn't pay for it anyway. 在我看来，窃取脚本的洪流用户应该是您最不担心的问题，因为窃取脚本的人可能根本不会为此付费。 Offer services to help enhance the product that's not available for illegal downloads, such as installation and configuration, user forum for registered purchasers, new updates through automated downloads from your server, etc. This will make your code less valuable and the product as a whole worthwhile. 提供服务来帮助增强非法下载不可用的产品，例如安装和配置，注册购买者的用户论坛，通过从服务器自动下载进行的新更新等。这将使您的代码和整个产品价值降低值得。

As for protection, it is not really a problem of having Zend, Ioncube or Source Guardian on the users server. 至于保护，在用户服务器上安装Zend，Ioncube或Source Guardian并不是一个真正的问题。 Even a novice can decode zend, I have seen Ioncube be decoded, and I imagine Source Guardian will fall quickly if it hasn't already. 即使是新手也可以解码zend，我已经看到Ioncube可以被解码，而且我想如果Source Guardian还没有的话，它也会很快崩溃。 There is no safe way to prevent people stealing your code, so instead you need to make the user want to buy it. 没有安全的方法可以防止人们窃取您的代码，因此您需要使用户想要购买它。

Unless the code is hosted on your server, there is going to be a way to reproduce it. 除非代码托管在您的服务器上，否则将有一种方法来重现它。 If you store it in an encrypted string, at some point you will need to eval() it, and by changing the eval to a echo you get the full text of the program. 如果将其存储在加密的字符串中，则有时需要对它进行eval（），然后通过将eval更改为echo来获取程序的全文。 Thats why people hire programmers to work for them instead of just getting buying software. 这就是为什么人们雇用程序员来为他们工作而不是仅仅购买软件。

Just as a side note, this is the same sort of thing that the movie and music industry gets into. 顺便提一句，这与电影和音乐行业一样。 They try to restrict things, and end up having people go and crack the code. 他们试图限制事物，最终导致人们去破解代码。 The only difference is that PHP is much easier to change. 唯一的区别是PHP易于更改。

Don't sell scripts, sell maintenance and service. 不出售脚本，不出售维护和服务。 Give your scripts away- it is always the particular application that has value for the end user. 放弃您的脚本-始终是特定应用程序对最终用户有价值。