March 5th, 2003, 12:01 PM
I am sorry that my post is making people angry, I was just trying to learn, not create fights...
Unfortunately I cannot afford to have my own server (static ip costs too much) and I need safe_mode to be disabled because I have some image uploading scripts that want safe_mode off...
Where does that leave me?
March 5th, 2003, 12:59 PM
I've already answered that. Go to www.ioncube.com
You don't have to buy the encoder, but can have scripts encoded for pennies. If all your sensitive info is in one file, that's the only one you need to encode. It would probably only cost US$0.50 to have it encoded.
March 5th, 2003, 02:16 PM
That's great and cheap too but how do I know if my server has the necessary plugin/decoder needed? Do I ask them (if yes for what) or is there a way I can find out? Does it appear in the phpinfo() (if yes under what voice?)
March 5th, 2003, 02:21 PM
You can check phpinfo(). Your host can install it, or, as stated earlier, there is a loader that can be included in the script dynamically. Please read the FAQ on the ioncube site. It has all the answers.
March 5th, 2003, 06:12 PM
I have a small server here on a Dynamic IP(Through DHCP), it runs fine... Just goes down for maybe a few mins every week. It's windows(XP Pro.) though... So it's slow and sometimes crashes. I was planning on switching it over to Linux but I would have to format it, And I don't have a burner on that Machine.
But back to the point, All you need to use for a Dynamic IP is download a program called "Direct Update"(http://directupdate.net) it's a wonderful program, it runs as a system service. I believe there is a Linux(not 100% sure) version if you use Linux instead.
And to rod k, Did I say it was 100% secure?, Nope!
Although there is a way you can alter the script so it is.(Not 100% secure, but alot better then it is.)
Last edited by LavaCube; March 5th, 2003 at 06:15 PM.
March 5th, 2003, 06:26 PM
And how did I "diss" you first? I simply said that It can be decoded, Whoopdy doo?
The whole thing you've been trying to be smart, Although you're just "giving VERY bad advice" according to you. There are more then likely many ways to decode an encoded file, So why bother messing with something so supposedly "great". Although it costs money. The greatest things in the world are always free in my eyes(Examples:// Linux(O.S.), FreeBSD(O.S.), GIMP(Imaging), Apache(Web server), Mozilla(Web Browser) Etc. etc.)
Why bother paying for something when there is most likely alot more things that do the same things, With some more advanced control, For free? I find that things that cost money are always not worth what you payed for. (Example: Windows(Anything Micro$oft for that matter.))
Last edited by LavaCube; March 5th, 2003 at 06:41 PM.
March 5th, 2003, 07:56 PM
No, but it doesn't offer ANY security.
It can or it cannot? There is no way to alter that script to provide security against another user reading it on a shared server without safe mode. End of story, get over it.
You still don't get it. I guess it's beyond you.
BTW, your rant about free software is pointless. There isn't a free solution available so it's kind of pointless to debate the worth of ZE or Ioncube vs something that is non-existent.
The whole point here is that you are disparaging things you KNOW ABSOLUTELY NOTHING ABOUT. Just because you don't know how it works doesn't mean it can't. Get over it.
March 5th, 2003, 09:12 PM
Although there is more then likely an open source implimentation of the encoders.
Like who the f*ck is going to pay like $300 for a ****ing useless program? You want a good Database use MySQL for f*ck sakes.
And yes, By the way it does offer security you stupid ****, #1. It stops people from executing your code. #2. Stops dumbasses from trying to open it in a web browser. #3. Almost all of the big(*FREE*) scripts run that on pretty much all files.(Examples: PHP-Nuke, phpBB.) Maybe you should think before you say something.
March 5th, 2003, 09:47 PM
Really? Remember, we're talking about a compiled code encoder, NOT a source encoder. Care to give a link? Besides which, I wouldn't use an open source implementation. That WOULD be useless since it makes it orders of magnitude easier to decompile.
Visit www.ioncube.com again. You DON'T have to pay $300.
Ah, I see. You say your script isn't useless, but things you know nothing about are? Gotcha.
ROFLMAO MySQL has it's place, but I wouldn't characterize it as a good RDBMS. If you want good try Postgres.
You seem to think I'm against free software. I don't know how you came to that conclusion.
Yes, it does do that, but that's not the problem we're addressing. We're talking about other users READING the script. Try to keep up.
??? No, it doesn't. Simply being a PHP executable does that. And if they find a way around that, how the hell is your little line of code going to execute?
Good for them. I wouldn't hold phpBB up as some paragon of security if I were you.
Maybe you should try to gain some knowledge before offering advice about security. You're worried someone else on your server is going to include your script in their's? So you stop them, big deal. Now all they have to do is write a php script to read your directory, then read in the files. BAM! Got your freakin' source and don't need to include the file at all.
Now, do you want to reconsider what is useless? No, compiled encoding is NOT 100% safe. Just as any compiled code can be decompiled and reverse engineered. However, doing so is far beyond the means of 99.999% of the people out there and requires far more time and resources than it is probably worth. If your data is so sensitive as to be worth that effort, it shouldn't be on a shared host, should it?
Your "solution" anyone with half a brain and a couple weeks of experience can get around in a script of less than 20 lines.
March 5th, 2003, 10:12 PM
People only loose their cool when they know they're in deep**** they can't get out of So this is LavaCube's way of saying 'my bad, I should rtfm first'.
Dude, just drop it will ya? I think rod crashed every single statement of yours and has explained things in quite appropriate manner. By the way, I agree with every single word he said, so there - now you got me backing up rod's ideas. Anyone else is in for a ride?
And you know I mean that.
March 5th, 2003, 10:41 PM
Lavacube - face it, you're line of code doesn't address the fundamental problem and it's very simple to see why (even for Non-PHPers). If people are playing by the rules, then the script will be executed on the web server and the client will only ever see what it RETURNS - that is, the HTML and text that come back from it MINUS the executed code.
However, if people AREN'T playing by the rules, they're going to try and get the code to spill it's guts without executing. If the code burps everything up instead of executing, all that the extra eregi() line is going to do is get burped up with it. At that point, the line becomes 100% useless and it's too late to do anything about it. Not only for others' benefits, but yourself as well, you might want to read up on the available security mechanisms and implement them. It doesn't do anyone, including yourself, any good to continue arguing a point that's clearly mistaken.
On top of that, Rod pointed that out to you. Instead of either accepting the mistake and CORRECTING it, or, presenting evidence that you're solution is indeed good, you've started throwing a tantrum. That's just hurting future credibility.
Yell at me all you want, but leave Rod alone. He's right, you're wrong, face it - you're not perfect just like the rest of us.
Come on man, show some pride and humility and just accept the mistake and learn from it. That's what being a programmer is all about!
March 5th, 2003, 11:02 PM
Amen! Well, that and free coffee
And you know I mean that.
March 5th, 2003, 11:47 PM
Whatever... You just continue whacking off to your Microsoft software..
March 6th, 2003, 12:07 AM
You've heard the man guys! We are all Microsoft fanatics here and worship Big Billy! Now back on your knees and start saying the prayer
And you know I mean that.
March 6th, 2003, 01:55 PM
LavaCube, why donīt you just shut up?
rodk knows what heīs talking about. you obviously donīt. not even what you are talking about. You are just trolling around.
Klick the "search" button below his posts if you donīt believe me, you can read his other posts there.
"Linux is better because it is free" - yeah man. good argumentation. you canīt make something cheaper than free....
you know whatīs even better than free software? free advice!