#16
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2003
    Posts
    68
    Rep Power
    14
    I am sorry that my post is making people angry, I was just trying to learn, not create fights...

    Unfortunately I cannot afford to have my own server (static ip costs too much) and I need safe_mode to be disabled because I have some image uploading scripts that want safe_mode off...

    Where does that leave me?
  2. #17
  3. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    I've already answered that. Go to www.ioncube.com

    You don't have to buy the encoder, but can have scripts encoded for pennies. If all your sensitive info is in one file, that's the only one you need to encode. It would probably only cost US$0.50 to have it encoded.
  4. #18
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2003
    Posts
    68
    Rep Power
    14
    That's great and cheap too but how do I know if my server has the necessary plugin/decoder needed? Do I ask them (if yes for what) or is there a way I can find out? Does it appear in the phpinfo() (if yes under what voice?)
  6. #19
  7. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    You can check phpinfo(). Your host can install it, or, as stated earlier, there is a loader that can be included in the script dynamically. Please read the FAQ on the ioncube site. It has all the answers.
  8. #20
  9. No Profile Picture
    Just a kid
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2002
    Location
    Canada
    Posts
    105
    Rep Power
    13
    I have a small server here on a Dynamic IP(Through DHCP), it runs fine... Just goes down for maybe a few mins every week. It's windows(XP Pro.) though... So it's slow and sometimes crashes. I was planning on switching it over to Linux but I would have to format it, And I don't have a burner on that Machine.

    But back to the point, All you need to use for a Dynamic IP is download a program called "Direct Update"(http://directupdate.net) it's a wonderful program, it runs as a system service. I believe there is a Linux(not 100% sure) version if you use Linux instead.


    And to rod k, Did I say it was 100% secure?, Nope!

    Although there is a way you can alter the script so it is.(Not 100% secure, but alot better then it is.)
    Last edited by LavaCube; March 5th, 2003 at 06:15 PM.
    [ lavacube ]

    My Personal Site[greyDistortion]

    PHP version: 4.3.8
    MySQL version: 4.0.21
    Operating System (OS): SuSE Linux 9.1
    Apache version: 2.0.50
  10. #21
  11. No Profile Picture
    Just a kid
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2002
    Location
    Canada
    Posts
    105
    Rep Power
    13
    And how did I "diss" you first? I simply said that It can be decoded, Whoopdy doo?

    The whole thing you've been trying to be smart, Although you're just "giving VERY bad advice" according to you. There are more then likely many ways to decode an encoded file, So why bother messing with something so supposedly "great". Although it costs money. The greatest things in the world are always free in my eyes(Examples:// Linux(O.S.), FreeBSD(O.S.), GIMP(Imaging), Apache(Web server), Mozilla(Web Browser) Etc. etc.)

    Why bother paying for something when there is most likely alot more things that do the same things, With some more advanced control, For free? I find that things that cost money are always not worth what you payed for. (Example: Windows(Anything Micro$oft for that matter.))
    Last edited by LavaCube; March 5th, 2003 at 06:41 PM.
    [ lavacube ]

    My Personal Site[greyDistortion]

    PHP version: 4.3.8
    MySQL version: 4.0.21
    Operating System (OS): SuSE Linux 9.1
    Apache version: 2.0.50
  12. #22
  13. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    Did I say it was 100% secure?, Nope!
    No, but it doesn't offer ANY security.

    Although there is a way you can alter the script so it is.(Not 100% secure, but alot better then it is.)
    It can or it cannot? There is no way to alter that script to provide security against another user reading it on a shared server without safe mode. End of story, get over it.

    There are more then likely many ways to decode an encoded file
    You still don't get it. I guess it's beyond you.

    BTW, your rant about free software is pointless. There isn't a free solution available so it's kind of pointless to debate the worth of ZE or Ioncube vs something that is non-existent.

    The whole point here is that you are disparaging things you KNOW ABSOLUTELY NOTHING ABOUT. Just because you don't know how it works doesn't mean it can't. Get over it.
  14. #23
  15. No Profile Picture
    Just a kid
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2002
    Location
    Canada
    Posts
    105
    Rep Power
    13
    Although there is more then likely an open source implimentation of the encoders.

    Like who the f*ck is going to pay like $300 for a ****ing useless program? You want a good Database use MySQL for f*ck sakes.

    And yes, By the way it does offer security you stupid ****, #1. It stops people from executing your code. #2. Stops dumbasses from trying to open it in a web browser. #3. Almost all of the big(*FREE*) scripts run that on pretty much all files.(Examples: PHP-Nuke, phpBB.) Maybe you should think before you say something.
    [ lavacube ]

    My Personal Site[greyDistortion]

    PHP version: 4.3.8
    MySQL version: 4.0.21
    Operating System (OS): SuSE Linux 9.1
    Apache version: 2.0.50
  16. #24
  17. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    Although there is more then likely an open source implimentation of the encoders.
    Really? Remember, we're talking about a compiled code encoder, NOT a source encoder. Care to give a link? Besides which, I wouldn't use an open source implementation. That WOULD be useless since it makes it orders of magnitude easier to decompile.

    pay like $300
    Visit www.ioncube.com again. You DON'T have to pay $300.

    useless program
    Ah, I see. You say your script isn't useless, but things you know nothing about are? Gotcha.

    want a good Database use MySQL
    ROFLMAO MySQL has it's place, but I wouldn't characterize it as a good RDBMS. If you want good try Postgres.

    You seem to think I'm against free software. I don't know how you came to that conclusion.

    #1. It stops people from executing your code.
    Yes, it does do that, but that's not the problem we're addressing. We're talking about other users READING the script. Try to keep up.

    #2. Stops dumbasses from trying to open it in a web browser.
    ??? No, it doesn't. Simply being a PHP executable does that. And if they find a way around that, how the hell is your little line of code going to execute?


    #3. Almost all of the big(*FREE*) scripts run that on pretty much all files.
    Good for them. I wouldn't hold phpBB up as some paragon of security if I were you.

    Maybe you should think before you say something.
    Maybe you should try to gain some knowledge before offering advice about security. You're worried someone else on your server is going to include your script in their's? So you stop them, big deal. Now all they have to do is write a php script to read your directory, then read in the files. BAM! Got your freakin' source and don't need to include the file at all.

    Now, do you want to reconsider what is useless? No, compiled encoding is NOT 100% safe. Just as any compiled code can be decompiled and reverse engineered. However, doing so is far beyond the means of 99.999% of the people out there and requires far more time and resources than it is probably worth. If your data is so sensitive as to be worth that effort, it shouldn't be on a shared host, should it?

    Your "solution" anyone with half a brain and a couple weeks of experience can get around in a script of less than 20 lines.
  18. #25
  19. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    33
    People only loose their cool when they know they're in deep**** they can't get out of So this is LavaCube's way of saying 'my bad, I should rtfm first'.

    Dude, just drop it will ya? I think rod crashed every single statement of yours and has explained things in quite appropriate manner. By the way, I agree with every single word he said, so there - now you got me backing up rod's ideas. Anyone else is in for a ride?
    And you know I mean that.
  20. #26
  21. An Ominous Coward
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jan 2002
    Posts
    4,425
    Rep Power
    0
    Lavacube - face it, you're line of code doesn't address the fundamental problem and it's very simple to see why (even for Non-PHPers). If people are playing by the rules, then the script will be executed on the web server and the client will only ever see what it RETURNS - that is, the HTML and text that come back from it MINUS the executed code.

    However, if people AREN'T playing by the rules, they're going to try and get the code to spill it's guts without executing. If the code burps everything up instead of executing, all that the extra eregi() line is going to do is get burped up with it. At that point, the line becomes 100% useless and it's too late to do anything about it. Not only for others' benefits, but yourself as well, you might want to read up on the available security mechanisms and implement them. It doesn't do anyone, including yourself, any good to continue arguing a point that's clearly mistaken.

    On top of that, Rod pointed that out to you. Instead of either accepting the mistake and CORRECTING it, or, presenting evidence that you're solution is indeed good, you've started throwing a tantrum. That's just hurting future credibility.

    Yell at me all you want, but leave Rod alone. He's right, you're wrong, face it - you're not perfect just like the rest of us.

    Come on man, show some pride and humility and just accept the mistake and learn from it. That's what being a programmer is all about!
  22. #27
  23. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    33
    Originally posted by Ctb

    Come on man, show some pride and humility and just accept the mistake and learn from it. That's what being a programmer is all about!
    Amen! Well, that and free coffee
    And you know I mean that.
  24. #28
  25. No Profile Picture
    Just a kid
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2002
    Location
    Canada
    Posts
    105
    Rep Power
    13
    Whatever... You just continue whacking off to your Microsoft software..
    [ lavacube ]

    My Personal Site[greyDistortion]

    PHP version: 4.3.8
    MySQL version: 4.0.21
    Operating System (OS): SuSE Linux 9.1
    Apache version: 2.0.50
  26. #29
  27. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    33
    You've heard the man guys! We are all Microsoft fanatics here and worship Big Billy! Now back on your knees and start saying the prayer
    And you know I mean that.
  28. #30
  29. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    191
    LavaCube, why donīt you just shut up?

    rodk knows what heīs talking about. you obviously donīt. not even what you are talking about. You are just trolling around.
    Klick the "search" button below his posts if you donīt believe me, you can read his other posts there.

    [sarcasm]
    "Linux is better because it is free" - yeah man. good argumentation. you canīt make something cheaper than free....
    [/sarcasm]
    you know whatīs even better than free software? free advice!

IMN logo majestic logo threadwatch logo seochat tools logo