[nycphp-talk] PHP License Management
David Sklar
sklar at sklar.com
Thu May 20 13:09:31 EDT 2004
> The actual software would then be encoded to protect the source from
> (casual) prying eyes (I was thinking of using the Turck MMCache encoder
> for this) and include code to check the license validity and take
> appropriate action.
>
> The most obvious (to me) attack on the system is to reverse-engineer the
> code and remove the license check, which could be mitigated somewhat be
> encoding the entire app and 'hiding' the check within the code.
There's no perfect solution here, you just want to be sufficiently ahead
of likely attackers in the arms race. One thing that might help (but
will cost you more $) is to use a closed-source encoder like Zend
Encoder or the ionCube Encoder. Reversing the encoded code is much
easier when you have the source code to the encoder.
The ionCube encoder offers some protections similar to your licensing
scheme (but users can't change things), so that might be helpful, too.
David
More information about the talk
mailing list