commercial Web application PHP -

Question

I was thinking of making a commercial application to sell to customers to install on their servers but I wanted to do it with PHP & MySQL.

what should i do to ensure that the source code (& Database) will not be opened nor copied. The most important thing is the code will be hosted on the customer server. And also how to ensure that the customer will not resell the web application (like copying the code & Db to other people)

Thank you

Answer 1

There's a lot of question around PHP code obfuscation / encryption / compilation on SO. Check them out.

There is a number of products to protect PHP code like Zend Guard, ioncube encoder and others.

Related SO questions:

• Minify / obfuscate PHP code

• Best solution to protect PHP code without encryption

• PHP Source Encryption - Effectiveness and Disadvantages

• How can you make a PHP application require a key to work?

• Can I encrypt PHP source or compile it so others can’t see it? and how?

• How to prevent resale of PHP source?

Answer 2

As long as the software is distributed in source code form (versus binary), there are no way to prevent the customer opening / altering it. Even binaries can be more or less reverse-engineered by decompiling them.

One can obfuscate the code in order to make it difficult to read / understand how it works, but as every countermeasure, it won't stop piracy – sooner or later someone with enough motivation will bypass it.

You have few options:

1. Sell your software as a service (SAAS).

2. Just don't care about piracy, high-profile / most users will probably pay anyway if the price is reasonable.

3. Licence it as free (libre) and profit by selling support etc.

Answer 3

You can use Zend Guard and some controls inside your applications to try to mitigate piracy on your PHP WEB applications.

DataBase will probably remain open.

Answer 4

I think the most you could do is encode it but if they are savvy enough to notice they can just decode it... PHP is a scripting language that is interpreted at run time.

Your customers should be signing a contract saying they won't be handing it out, you could work some sort of licensing check into the software to verify that no one is using it illegally... vbulletin is an example of a commercial PHP web app, you may look into the way they go about business.

Answer 5

Not possible, IMO, without a fully hosted environment. Once on the customer's server, they have access, then it is a matter of determination and resources. I say this because even powerful, native code licensing protectionss are subverted all the time, just Google to see all of the cracked keys.

If you DO want to protect your code, use of native languages or obfuscated verions (at least) will only change the magnitude of difficulty, but not alleviate the risk.

Protecting the database is even tougher. Even engines that allow full DB encryption require the key to start / connect to the db. If that is part of your web app, or in the customer's hands, they have full access. DB Encryption is really for protection against hackers, not against your customers.

Piracy becomes a legal issue, not a technical issue.