Hi
I need to upgrade a php website on production server. However, I do not want to release the updated code before testing.
How can I hide those php code?
Can I use <? include "http://www.externalmachine.com/upgrade.php"; ?>
The upgraded php code is placed in another server.
Any suggestion?
If I understand you correctly you want to hide people from viewing your php code? If that is the case you don't have to worry about that because php can not be viewed because it is on the server side.
Yes, I knew people surf the web cannot view the php source code.
What did I mean is to prevent the site owner (has ftp login to download php files) to view the updated source code.
Not much I think you can do. You really can not lock the owner out of his own site. Once you make those files live, he will be able to see them. So if you really don't him to see them I wouldn't release them until you are really ready.
-Good Luck....
dagon;10883218 wrote:
If I understand that correctly, that only keeps people from encoding the code and stealing it from the web side? How would that prevent someone who has FTP and Server access from downloading the file from the server when they have access. I didn't see how that would prevent that?
How would that prevent someone who has FTP and Server access from downloading the file from the server when they have access.
It would not, but it would prevent such a person from reading the source code, assuming that he or she did not manage to break the protection mechanisms.
It's unlikely that the user will decode the encoded data.
Really your out of luck. Anyone with access to the source code, encoded or not, can decode it eventually.
So this encodes the source code before it is uploaded? If so how does the PHP engine parse the php if it is encoded? It would have to be globally known encoded which if that is the case it would be pretty easy to decode seeing it would have to be decoded in order to maintain the code.
So this encodes the source code before it is uploaded?
Yes. Of course, Zend Guard is not the only such tool out there.
If so how does the PHP engine parse the php if it is encoded?
The Zend Optimizer works as an intermediate layer.
It would have to be globally known encoded which if that is the case it would be pretty easy to decode seeing it would have to be decoded in order to maintain the code.
That is not the case, but nonetheless you are right in saying that this step is one area of weakness in the scheme.
You cannot link to PHP code from another server, unless you have the setting enabled in your php.ini file...
which is very dangerous as ANYONE will be able to include your files and run the code inside them!
Don't do it, if you don't want your 'customer' or whatever to see your code then either encode it or find a compiled language.
I want to understand the significance of this "before testing" caveat. What would be different about the situation after testing: the site owner will be allowed to see it?
I'm sure you think your code is the best thing since sliced bread, but then every one thinks that, is it really worth encoding in the first place?
You cannot link to PHP code from another server, unless you have the setting enabled in your php.ini file
Hi iceomnia
Could you tell me which parameter in php.in should be set?
It is not some important code. Anyone can obtain it by searching in google.
Just my boss requires me do that.
Thanks everyone's help
I'm sorry but I haven't got time to look for the setting in my gigantic php.ini file, but if you look at this page the same priciple applies to opening external files as 'include' and 'require'.
http://uk2.php.net/highlight_file
The setting is mentioned in one of the comments.
allow_url_fopen
