[support] phc obfuscate / drupal 7

Richard Damon Richard at Damon-Family.org
Tue Dec 25 16:33:32 UTC 2012 

On 12/25/12 10:26 AM, Austin Einter wrote:
> Thanks all for your kind responses.
>
> I am new to web world.
>
> I am worried for few things.  Lets say I will be taking a dedicated
> server say from rackspace or doster or godady and host my site as a
> commercial one.
>
> I would not doubt the companies like rackspace or godady ..., but
> difficult to believe admin engineers who may take the source code and
> give it to somebody else for few dollars..,
>
> How do we protect such things.., please guide me..., thats the reason
> I would like to obfuscate the code or build the exe by using hiphop or
> phc.
>
> Again.., not sure if it is feasible to build drupal using hiphop or
> phc.., has anybody tried and running as commercial site...
>
> Thanks
> Austin
>
>
If you are using a root server (where you have root access and admin the
server yourself), you just need to change the root password and you are
about as safe as possible.

If you are using a managed or shared server (where the hosting company
manages root), you just need to use a reputable company and trust them.
They could do much worse to you than steal a bit of source code, they
can get access to your whole customer database if they really wanted to
(which is why it is important to use a reputable company).

As to the feasibility, I suspect the only method that has a hope of
working would be a PHP compiler that turns your files into byte-code
that is run through the PHP interpreter. PHP generally works by first
reading your file and then "just in time" compiles the file to
byte-code, then starts interpreting the byte code (until it hits and
include, which reads the file and compiles that one). There are programs
that will do the first step, of compiling all your code first, leaving
byte code that would be a bit harder to analyze than raw source code.
Not sure if it is worth it, unless you have something REALLY unique that
would prompt some major corporate espionage, since as I said, there are
bigger things on your site than the source code.

-- 
Richard Damon

More information about the support mailing list