[support] phc obfuscate / drupal 7

Jamie Holly hovercrafter at earthlink.net
Thu Dec 27 04:27:48 UTC 2012 

The performance gain of HipHop over APC isn't that great for all the 
extra headaches:

http://php.webtutor.pl/en/2011/05/17/drupal-hiphop-for-php-vs-apc-benchmark/

You also aren't talking about re-engineering Drupal core just for 
HipHop, but the thousands of contrib modules. A lot of these modules are 
written by people who really don't care that much about HipHop or the 
headaches of having to compile and recompile code to get their modules 
working.

You are talking about a big red herring here. Obfuscation will not 
protect your source code. Even if you compile it to machine code, if 
someone wants it bad enough they will get it. The PERL community went 
through this for years then realized it just didn't work. As matter of 
fact they decided it was such a waste of time that they ended up putting 
it in their FAQ:

http://perldoc.perl.org/perlfaq3.html#How-can-I-hide-the-source-for-my-Perl-program%3f

Anything is just going to give you a false sense of security. But again, 
what you are describing is a federal crime. You really don't have to 
worry about this happening and if it does, file a criminal complaint.

Jamie Holly
http://www.intoxination.net
http://www.hollyit.net

On 12/26/2012 8:52 PM, Austin Einter wrote:
> Hi Lary
> Thanks for input.
>
> I am not going to distribute code to any customer. It is developed by 
> us (taking Drupal as base) and we will be hosting it. We will never 
> give it to any customer in future also.
>
> The only worry is, in hosting company, if any of their ADMIN guys 
> takes code and give to other competitors without our knowledge. 
> Ofcourse I will have root access and its going to be a dedicated 
> solution. But I feel thats not the solution. One can just take hard 
> disk, put to another machine, copy data and then again put back to 
> original machine.
>
> Otherwise absolutely no worry
>
> Probably Drupal community need to think in line of hiphop or develop 
> something similar.
>
> Thanks a lot.
> Austin
>
>
>
>
> On Wed, Dec 26, 2012 at 11:18 AM, Larry Garfield 
> <larry at garfieldtech.com <mailto:larry at garfieldtech.com>> wrote:
>
>     The last I heard, HipHop doesn't work with Drupal because Drupal
>     uses parts of PHP that HipHop doesn't support.  Really, HH is not
>     a general solution for PHP performance tuning.  You have to write
>     code with HH in mind for it to be effective, which Facebook did
>     when creating HH.
>
>     As far as "protecting" source code, the GPL license basically says
>     you can't do that; or rather, it's worthless to do so because
>     anyone you distribute the code to is legally entitled to the
>     un-obfuscated source code as well.  That includes any custom
>     modules you write.  Note that only triggers if you distribute the
>     code to someone else; putting code on a web server does not count
>     as distribution (AFAIK), so the host is not legally entitled to do
>     anything with your code other than host it.
>
>     That said, if your business model for your site relies on some
>     non-trivial set of modules remaining forever-secret, then your
>     business model is already buggered and you need to find a new
>     one.  Really, the investment in working with the community rather
>     than building a lot of custom code that you have to maintain is
>     worth far more than your custom code.  That will be especially
>     true then next time you decide to do a major version upgrade,
>     where you'll find yourself with a lot of custom code that only you
>     can possibly upgrade and no one willing to help you in the
>     slightest.  That is a bad bad place to be.
>
>     --Larry Garfield
>
>
>     On 12/25/2012 05:38 PM, Austin Einter wrote:
>>     Thanks a lot all.
>>
>>     I know Drupal is open source, I wanted to protect only the custom
>>     modules developed. I learnt from this discussion that -
>>
>>     1. Take a dedicated m/c, so root access is with me. That gives
>>     some protection.
>>     2. Will go for a trusted / reputed web hosting company.
>>
>>     On a side note, I read somewhere a separate branch is maintained
>>     for Drupal code base (probably 7.4) that is compatible with hihop
>>     use., Can somebody give more information in this regard such as
>>     is it maintained and available for latest Drupal 7 releases..
>>
>>     Thanks and Regards
>>     Austin
>>
>>
>>
>>     On Tue, Dec 25, 2012 at 10:12 PM, Richard Damon
>>     <Richard at damon-family.org <mailto:Richard at damon-family.org>> wrote:
>>
>>         On 12/25/12 10:49 AM, Jarry wrote:
>>         > On 25-Dec-12 16:26, Austin Einter wrote:
>>         >> I am worried for few things.  Lets say I will be taking a
>>         dedicated
>>         >> server say from rackspace or doster or godady and host my
>>         site as a
>>         >> commercial one.
>>         >>
>>         >> I would not doubt the companies like rackspace or godady
>>         ..., but
>>         >> difficult to believe admin engineers who may take the
>>         source code and
>>         >> give it to somebody else for few dollars..,
>>         > Source code of what? Drupal or some modules? Drupal is GPL-ed,
>>         > so anybody can have it. Or your own drupal-module? I'm not sure
>>         > but I think if you develop something for Drupal, you have to
>>         > distribute it under the same license at no charge. So which
>>         > php-code you want to obfuscate and why?
>>         >
>>         > Jarry
>>         > ---
>>         >
>>         The GPL means that *IF* you distribute the results, you need
>>         to provide
>>         the source, but there is no requirement to publish source if
>>         you do not
>>         distribute your "product" (i.e. for your own use). This is
>>         good, as it
>>         means you are not required to publish your settings.php file
>>         with your
>>         database passwords!
>>
>>         This does mean that if you produce as a product a Drupal
>>         module, (I
>>         believe) you can not just distribute it as a protected file,
>>         you need to
>>         provide the source for it, but this is only if you distribute it.
>>
>>         --
>>         Richard Damon
>>
>>         --
>>         [ Drupal support list | http://lists.drupal.org/ ]
>>
>>
>>
>>
>
>
>     --
>     [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20121226/7fddac54/attachment.html

More information about the support mailing list