Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
For a new project of mine, I want to protect my code. I've already searched this and other forums, but most topics were a few years old and software can change.
I know that the "big three" are ZendGuard, ionCube and SourceGuardian. Now while Zend has a fairly good reputation for being secure, it is too expensive for my needs, so I'm left with ionCube and SourceGuardian. I did some research to determine how secure each product is and I came across freelancer.com, where people hire other people to decrypt and deobfuscate their source code. I've found relatively many ionCube adverts -- also some with the most recent version of the ionCube encoder. On the other hand, the SourceGuardian projects that I found were all encrypted using older versions of the software. Zend's product seems to be the safest, since I didn't really find anything.
Since I don't want to waste a few hundred dollars on a product that only makes my code harder to read, I wanted to know: what is your opinion on the security of PHP encoding software and which of the products do you deem the best?
Ioncube and dynamic keys. Protect as many functions as you can in all your PHP files with different keygen() functions. I know people that decode a single PHP file for 30$ if the file contains one or two keygen() functions. If your file contains more keygens the price changes.
My project contains 1000 PHP files with 8 protected functions on average in each file and the license check is present practically in every file. Only 15% drop in performance.
1000 files x $30 x 4 = $120,000
The cost for cracking/decoding is bigger than the cost of the software itself.
Plus, a skilled programmer may need 2 to 5 hours to figure out the logic of a single keygen.
If you want to "protect" your code, you have 3 options:
Don't make your code public. Simple enough, if your PHP code isn't public, no one can see it or mess with it.
Make your code public, and abandon "protecting" your code (What's called an "Open Source Project").
Don't use PHP. Use some sort of other compiled language, like Java or C.
Those are the options you get. Any obfocuser and be deobfocused when enough time, effort and persistence is given to it. Plus, one small mistake and you'll never be able to read your code again.
I think if you really want to protect your code, you need to find better ways than code obfuscator, Encoder of any type or whatever make your code more difficult to read. The best deal is to manage well who has the access to your code, and make a good contract with all parts envolved in the project.
Take a look at my question some time ago -> https://softwareengineering.stackexchange.com/questions/29496/open-source-php-encoder
and this another question
Can you "compile" PHP code?
I think it will head you in your decisions about buy some software that promisses the impossible.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I start this topic saying that I use PHP since 2014 and I'm experienced with it, but recently (yesterday) I started to give a look to NodeJS.
Node is growing fast and it's been used by a lot of web-services.
I started using it yesterday, but I found it less "beginner-user friendly" than PHP.
I'm not saying this as a beginner in computer programming, but as a Node-beginner.
What is your opinion?
Is it worth knowing both languages?
Is it worth knowing both languages ?
If you come from php development, learning node is a great idea.
It ll teach you in a soft way the concurrent programming pattern, and also event/stream programming,
it will lead you to face problems regarding the underlying OS in a soft way.
All sort of stuff that PHP greatly solves for you right out of the box and which you never think about.
Node will also give you the impression of a bigger playground to explore.
But, if you want to be productive when it s about building website, i believe PHP is better.
On the other hand, if you are looking for performance, node may be better, but true performance comes with compiled languages like GO, not scripted languages.
Finally, if php was not plumbed by all those damn heavy javaesque framework, it would be a really nice environment with a good trade off between speed and complexity.
Node gives you speed, but it comes with a price about the complexity which can be very costly.
As a beginner of both language i noted the following advantages of both languages
PHP
Mixing code with content
Deep code base
No client app needed
SQL
Speed of coding
NodeJs
Separating concerns
Newer code means more modern features
Service calls are thinner than HTML-fat PHP calls
JSON
Raw speed
You can read full article Here
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am fairly new to PHP (you just have to see some of my previous/recent posts!). I have done a lot of my learning by studying other people's frameworks and attempting to rewrite them for my own purpose.
Out of the examples of code I have seen, it seems about 50/50 Procedural to OOP. My question is not which is better, but when should I consider using OOP over Procedural?
By the way, I don't want to encourage an open discussion of personal opinions as to why one should be used above the other. I am fully aware, after researching, that some people just prefer to use one or the other. I am after a legitimate reason as to what would encourage me to use one over the other and in what situations.
I have also read through a few different (but similar) questions on the subject, but they seem to be flagged as not constructive because it starts a debate. I don't want this, I am on a Q&A site as I am looking for an answer, not an argument.
Even thou it is 2014, you are still allowed to wash your dishes by hand, communicate with all your friends only in person, landline phone calls or letters send by the local postal service.
And you might feel incredibly well doing so.
But if you try to host a lot of dinner parties for a lot of people and organise important projects with a lot of people from remote destinations, having hard deadlines, you might consider getting a modern dishwasching machine and a smartphone.
Same goes for OOP vs. procedual. If you are just adding a tiny piece of functionality (display the current date, echo a random hash string) on your wordpress weblog: Go procedual.
If you are writing a tiny tool that does something you need to get done, if you are writing a tiny cron job batch script in PHP or if you are just fooling arround - do as you like.
But if you plan to develop sustainable, maintainable, testable, reusable, quality software that has a lot of features you should at least use OOP. Because it is bloody 2014.
OOP will enable you to blackbox and whitebox test units of your code seperately. It will enable you to not only efficiently reuse libraries and modules written by others but alos enable you to produce modules and libraris that can be reused by others.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
So I signed on with a startup web development company as a subcontractor. They are putting together a large, complex user/product management system for a company that needs to support multiple levels of hierarchial localization. I signed a 3 month contract, and upon looking at their code, wish I hadn't.
They opted to write their own MVC framework (I guess the client company didn't want to use a prewritten one) and it's extremely poorly written. There's SQL scattered throughout almost every model view and controller (and there's no parameter-based find methods, it's all SQL) and they haven't even THOUGHT about localization yet-- something that will have an affect on nearly EVERY query.
The due date is 4 months away, and I honestly think we'd make good progress by scrapping the whole thing and going with CakePHP. Have any of you been in a similar situation, and what did you do?
PS: This is written in PHP/MySQL.
Rewriting from scratch is almost always the wrong idea (Read Joel's article Things You Should Never Do -- Part 1). But you have to start implementing small changes (big in your case). The sooner you get the code cleaned up the better it is for developing in... Get a sane data access layer and try to sort out the ad-hoc MVC first.
Also, while you are fighting battles, start planning out what needs to happen and get the upper brass used to the idea that some features might not make it in. I don't know your code base, or big or how messy it is... but if it is really bad then they should be prepared to ship a product minus some features rather than a half-baked solution.
Take charge on these issues, you (like the rest of us) get the pleasure of inheriting the sins of a codebase's previous owners. Is there any chance they would extend the contract or pay overtime for extra work you put in?
When you work for someone, you play by their rules. I've worked on a couple of sites using Expression Engine. I hated every minute of it, and I strongly recommend against it every time it comes up with my client, but what can you do, other than grind through the work until you're done?
Feel free to offer the suggestion about CakePHP, but I would drop it if nobody wants to hear it. Be happy you're only on for 3 months.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm writing a little website (webapp) in php+codeigniter, I'd really like to make it open source (to attract collaborators and to have a free VCS hosting).
Is that a good practice?
This mine security?
Which are the best tools to change important data before uploading? (like config files with db names and passwords used for testing etc..)
Is that a good practice? Will this mine security?
Yes, it can be a good practice. If your project is interesting and you think that is has potential for attracting contributors, and you are comfortable with your source code not being "your ownership", then this is a good move.
It has benefits, but of course it has its drawbacks. You'll get new ideas, you can learn much, you will have someone to talk to about the project and ideas, and with a bit of luck you can create a great team. You won't be alone doing the work. Your project may grow, and become important.
Any drawbacks? Well, the fact, as I mentioned, that your code is not your own property anymore. Then the fact that you will be forced to confrontation, and sometimes to arguments among the contributors: you will start a community, with all the related challenges. I think it is worth it, anyway. Then, for example, security. In the medium term, if you have contributors, your security will increase for sure, because more people will be looking at the code and can spot problems, and fix them. In the short term however, someone malicious may look into it and find a weak spot and use it. So you should have your code reviewed by some contributors first, with a private disclosure, before going fully open source.
Which are the best tools to change important data before uploading?
You should put all the important data into a single configuration file, which is client-dependent, and distribute a template for it. If this file is called "config.php", then EXCLUDE this file from the distribution, and distribute a "config-dist.php" file, with example values: at first installation, the user will fill the data, and they will stay there even if you update.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
When you get a description of some project that should be made with Drupal, and requires some extra-functionality (beyond core and most popular modules), how do you decide how're going to do it?
Do you spend a day or two (or week?) searching for all possible modules, narrowing down the list?
What is the cricial point to start writing own module?
What is the cricial point to start altering some more or less suitable module?
To be more precise, lets imagine I am going to do a time Booking system in Drupal 5, but there are no modules that do exactly what I want.
What are the most important pros and cons when it comes to selecting the ground to build the Drupal project upon?
I will use a pre-built module only if:
it is for UI purposes. For example, an image gallery.
it is really, really well consolideted (like the views module for example, or imagecache), is specialized in one task and does it well, and if it serves my purpose whithout any modification (because it just fits, because I can adapt the requirements to make them fit, or because it offers extension points like an api or such)
what I need to achieve is peripheral to the system, and there exists a module which will do something similar, and it is easy to modify it and then maintain it
I will make my own if:
the functionality is "core" to my system and there is not a module which fits
the modules I found are new, not actively maintained, messy coded, etc...
In fact I usually prefer coding my own modules, which I have total control over, than adopt foreing ones, with the risk of having more troubles with them than advantages...
I'd say it really depends on what it is you want to do. If what you want to do is not to complicated, and you can't find a module for it. Chances are that even if you do find one or one that is close, that you end up spending more time searching that would have spent making your own. Where that line is, depends on how skilled you are and how intimate you are with Drupal. After doing lots of small custom modules you end up with a lot of snippets you can reuse making writing new modules quite fast.
Sometimes you can even take a module and make your own to modify it, to make the origin fit your needs. For me, I usually never spend more than a few houres trying to find a module. If I can't find it by then, it's usually
Not maintained and way old.
Still in development
Even if you can get a bit of a head start you might end up struggling in the end, with bad database designs and the like. But it's hard to say where the breaking point of using others halfway there code is. It depends on how hard or how much time YOU have to spend, to make it, vs the struggles you get using it.