[support] phc obfuscate / drupal 7

Jamie Holly hovercrafter at earthlink.net
Tue Dec 25 16:08:11 UTC 2012 

What stops people from stealing or killing? Easy - nothing, except the 
law (and morals).

I use to work in the hosting business. What you are basically describing 
amounts to "stealing trade secrets" and is prosecutable under the 
Economic Espionage Act. As mater of fact it's one of those acts that 
gives the U.S. Attorney General some huge, sweeping power. Fines can be 
up to $500,000 for an individual and $5,000,000 for a corporation. 
Having said that, when people are hired on at a reputable hosting 
provider, they are made very aware of it and even sign agreements.

So the penalties are in some cases worst than murder. That's a pretty 
good protection. Mainly just stick with a reputable host.

But you are using Drupal, which is open source, meaning the source code 
(minus any custom modules) is available.

There are always ways to reverse engineer code, so even obfuscating the 
code isn't a real protection.

Another consideration. Drupal does come out with security releases. 
Compiling the source code takes extra time and means it will take longer 
to update your site. I would rather be able to update my code quickly to 
protect my customers then worry about someone taking the source code.

As far as HipHop, some people have had success and some not. It depends 
on the modules and custom code you use. For research on this, I suggest 
Google.

Jamie Holly
http://www.intoxination.net
http://www.hollyit.net

On 12/25/2012 10:26 AM, Austin Einter wrote:
> Thanks all for your kind responses.
>
> I am new to web world.
>
> I am worried for few things.  Lets say I will be taking a dedicated 
> server say from rackspace or doster or godady and host my site as a 
> commercial one.
>
> I would not doubt the companies like rackspace or godady ..., but 
> difficult to believe admin engineers who may take the source code and 
> give it to somebody else for few dollars..,
>
> How do we protect such things.., please guide me..., thats the reason 
> I would like to obfuscate the code or build the exe by using hiphop or 
> phc.
>
> Again.., not sure if it is feasible to build drupal using hiphop or 
> phc.., has anybody tried and running as commercial site...
>
> Thanks
> Austin
>
>
>
> On Tue, Dec 25, 2012 at 6:53 PM, Jamie Holly 
> <hovercrafter at earthlink.net <mailto:hovercrafter at earthlink.net>> wrote:
>
>     Those aren't errors. They are notices.
>
>     Since the errors only occur when using PHC, then the problem lies
>     in PHC. I would ask on their mailing list.
>
>     I doubt you would find much help from the Drupal Community since
>     obfuscating is generally frowned upon (and even consider a
>     violation of terms by some) by the open source world and therefor
>     not really used.
>
>     Jamie Holly
>     http://www.intoxination.net  
>     http://www.hollyit.net
>
>     On 12/25/2012 5:26 AM, Austin Einter wrote:
>>     Dear All
>>     I compiled phc in ubuntu 10.04 lts.
>>     Next I am trying to obfusace some php code (which is part of a
>>     drupal based code). I just tried obfuscating a single file using
>>     phc. It did  work.
>>
>>     But when I am trying to access my site, I get bunch of below errors.
>>
>>     /Notice: Undefined variable: TSa200978216 in doc_search_my_form()
>>     (line 475 of
>>     /var/www/example.com/sites/all/modules/doc_search/doc_search.module
>>     <http://example.com/sites/all/modules/doc_search/doc_search.module>).
>>     Notice: Undefined variable: TSa1454652404 in doc_search_my_form()
>>     (line 482 of
>>     /var/www/example.com/sites/all/modules/doc_search/doc_search.module
>>     <http://example.com/sites/all/modules/doc_search/doc_search.module>).
>>     /
>>
>>     Mostly these are variable undefined errors. When the file is in
>>     normal mode (having normal php code), it does not throw any
>>     error. When the file is in obfuscated mode , when I access my
>>     site I get lots of variable undefined error. Any idea what's
>>     wrong here.
>>
>>     Thanks
>>
>>
>
>
>     --
>     [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20121225/7e09912a/attachment-0001.html

More information about the support mailing list