PHP Encoder - How Secure Is It?

**Jose Amaral Rego** · Thu 13 Oct '05, 5:41pm

Originally posted by Walim

I will check back in a month, because I just did a test and it seems that they are in the business to decode people's work.

**Scott MacVicar** · Fri 14 Oct '05, 8:50am

I believe you can drop your own version of the Zend API in and capture function calls and print out various bits of information as they are read and written from the hash table.

**Freddie Bingham** · Fri 14 Oct '05, 9:07am

Originally posted by Brad.loo

Well obviously anything that can be encoded can be decoded.

You can capture the opcode that PHP executes but you can never retrieve the original source code that was used to generate the opcode.

**JurgenD** · Mon 12 Dec '05, 10:02am

Originally posted by Scott MacVicar

I believe you can drop your own version of the Zend API in and capture function calls and print out various bits of information as they are read and written from the hash table.

Well. A challenge ?!

404 Not Found

http://blog.php-security.org/archives/14-PHP-Encoders-Protection-where-are-you.html

The IonCube Encoder and the Zend Encoder does not offer any protection against oparray_dumping or oparray disassembly.

And You can map the dumped result back to source.

**ChrisLM2001** · Mon 12 Dec '05, 11:01pm

Originally posted by LEAD_WEIGHT

I guess this is not worth my time and money? I will look for more info on this if it is true. :ermm:

It depends on what you want to encode. Encoders/decoders like Zend and Ioncube both cost a mint, so it's best reserved for paid programs -- and one that has a unique solution for an unique problem.

I'd find it would be neat to protect web pages as well (especially php designs using Smarty).

Chris

PHP Encoder - How Secure Is It?

Comment

Comment

Comment

Comment

Comment