NYCPHP Meetup

[Dan Cech]

David Sklar wrote:

>> The actual software would then be encoded to protect the source from 
>> (casual) prying eyes (I was thinking of using the Turck MMCache 
>> encoder for this) and include code to check the license validity and 
>> take appropriate action.
>>
>> The most obvious (to me) attack on the system is to reverse-engineer 
>> the code and remove the license check, which could be mitigated 
>> somewhat be encoding the entire app and 'hiding' the check within the 
>> code.
> 
> There's no perfect solution here, you just want to be sufficiently ahead 
> of likely attackers in the arms race. One thing that might help (but 
> will cost you more $) is to use a closed-source encoder like Zend 
> Encoder or the ionCube Encoder. Reversing the encoded code is much 
> easier when you have the source code to the encoder.
> 
> The ionCube encoder offers some protections similar to your licensing 
> scheme (but users can't change things), so that might be helpful, too.

You are right, the closed source nature of ionCube may make it more 
resistant to reverse engineering...in fact I think the company may 
already have a license for it...

ionCube seems to be a lot cheaper than the Zend solutions...and they 
claim it's faster too.

Dan