#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18

    Compiled PHP(HipHop PHP)


    I have used HipHop-PHP in the past which was actually developed and released by FaceBook. I would just really like to hear feedback from some other senior members here to their opinion on overall security, the ability to reverse engineer compiled code, and resource consumption.

    Basically the first time i ran this i was trying to maximize use of limited processing power, and while i am trying to do the same thing this time around, the software i am working on will be installed with Apache and MySql on local machines of restaurants and i want to protect my source code from being accessed and stolen(about 3 years of work on this project) and dont want to rely on prety-print or obfuscated code for protection.

    Basically HipHop PHP transforms PHP into C++ code then uses G++ to compile the code.

    Any input is appreciated.
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,993
    Rep Power
    9397
    Originally Posted by portcitysoftwar
    dont want to rely on prety-print or obfuscated code for protection.
    Good. Rely on licensing instead. Grab yourself a lawyer and write up a contract which protects the code - perhaps you retain ownership and give an exclusive license for use to the restaurant.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18
    I am already using a EULA with all restaurants and Non disclosure agreements with resellers. Do you have any opinion on pre compiling php code?


    Originally Posted by requinix
    Good. Rely on licensing instead. Grab yourself a lawyer and write up a contract which protects the code - perhaps you retain ownership and give an exclusive license for use to the restaurant.
  6. #4
  7. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,993
    Rep Power
    9397
    For efficiency and practicality, sure. But I'm a purist: I wouldn't do it for the sole reason of enforcing a contract. I'm sure others here will disagree.

    With that said compiling it down sounds quite reasonable in your case anyways.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18
    Well it appears most of the php compilers with apache support have been abandoned 3-5 years ago for further development and dont work on recent versions of linux.

    And my biggest fear is not that people will steel the software or source as i realize that if people want to steel my software they will. My biggest fear is that people will get to the source and use this information to exploit any security vulnerabilities on similar systems running this software.

    So i am considering using C and actually embedding the server side script into a simple HTTP server.
  10. #6
  11. For POny!
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Location
    Amsterdam
    Posts
    416
    Rep Power
    115
    Hi am not a senior forum dude yet, but it might be an idea to add some sort of variation to each distribution of your product in case someone abuses it. I don't mean in a forms of functionality, but in a syntactic way (naming, indentation, special strings etc). This uniqueness - when it's not obvious that it exists - can than become quite handy both in court and you can figure out who and what. (if you store this uniqueness somewhere). Its like a serial number, but less obvious and 'random'
    Last edited by aeternus; January 9th, 2013 at 05:55 AM.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18
    That makes sense.

IMN logo majestic logo threadwatch logo seochat tools logo