January 7th, 2013, 03:42 PM
Compiled PHP(HipHop PHP)
I have used HipHop-PHP in the past which was actually developed and released by FaceBook. I would just really like to hear feedback from some other senior members here to their opinion on overall security, the ability to reverse engineer compiled code, and resource consumption.
Basically the first time i ran this i was trying to maximize use of limited processing power, and while i am trying to do the same thing this time around, the software i am working on will be installed with Apache and MySql on local machines of restaurants and i want to protect my source code from being accessed and stolen(about 3 years of work on this project) and dont want to rely on prety-print or obfuscated code for protection.
Basically HipHop PHP transforms PHP into C++ code then uses G++ to compile the code.
Any input is appreciated.
January 7th, 2013, 04:31 PM
Good. Rely on licensing instead. Grab yourself a lawyer and write up a contract which protects the code - perhaps you retain ownership and give an exclusive license for use to the restaurant.
Originally Posted by portcitysoftwar
January 7th, 2013, 04:45 PM
I am already using a EULA with all restaurants and Non disclosure agreements with resellers. Do you have any opinion on pre compiling php code?
Originally Posted by requinix
January 7th, 2013, 06:21 PM
For efficiency and practicality, sure. But I'm a purist: I wouldn't do it for the sole reason of enforcing a contract. I'm sure others here will disagree.
With that said compiling it down sounds quite reasonable in your case anyways.
January 8th, 2013, 12:36 AM
Well it appears most of the php compilers with apache support have been abandoned 3-5 years ago for further development and dont work on recent versions of linux.
And my biggest fear is not that people will steel the software or source as i realize that if people want to steel my software they will. My biggest fear is that people will get to the source and use this information to exploit any security vulnerabilities on similar systems running this software.
So i am considering using C and actually embedding the server side script into a simple HTTP server.
January 9th, 2013, 05:50 AM
Hi am not a senior forum dude yet, but it might be an idea to add some sort of variation to each distribution of your product in case someone abuses it. I don't mean in a forms of functionality, but in a syntactic way (naming, indentation, special strings etc). This uniqueness - when it's not obvious that it exists - can than become quite handy both in court and you can figure out who and what. (if you store this uniqueness somewhere). Its like a serial number, but less obvious and 'random'
Last edited by aeternus; January 9th, 2013 at 05:55 AM.
January 9th, 2013, 07:18 AM