A way to "lock" a php archive to prevent modifications ?

[Ryan RAJKOMAR]

Does anyone know of a way to accomplish this ?
I mean that you would develop your app as usual but when packaging it
into a phar, the phar file would only be readable using th php server
but nothing could be "extracted" or accessible (like when using the
import phar project feature of eclipse)

Cheers.

[martin.eisengardt]

As of PHP-Maven 2.1 there will be an option saying "only put it onto the classpath and do not extract it". But everyone can at least extract it manually.

Why do you ask? Are you looking for some way to implement closed sources? Or some performance tuning?

[Ryan RAJKOMAR]

Well I'm actually just trying to know if such a thing exists in case I
might for some reason have to use something similar in a company
related project.
But I have no intention to develop something with closed sources for
the moment, although the need may arise someday.
I've seen a few programs using a similar process like zend guard but
this is not a lock per say, just a way to render code harder to read.

On 1 mar, 16:16, "martin.eisengardt"

[martin.eisengardt]

A lock will never suceed.At least PHP itself is able to extract a phar. But something similar to a soft lock (in PHP-Maven environment) will be available in 2.0.1 or 2.1. And of course we will support closed source/ obfuscators in the next versions.

[Shadowwalker]

By lock I meant that it would only prevent manual extraction of the code (like when you import a phar file using eclipse import feature, you can get the entire code and be able to modify it).
PHP would of course still be able to read the phar file.

And it is true that an implementation of obfuscation would be nice for closed source project but most great solution for this are not free...

[martin.eisengardt]

No, a lock would never succeed. A phar is an open specification described in the php manual. Think of zip files or jar files. They can always be manually extracted. A phar file that will be usable in classic php can always be extracted.

 

It is really simple:

 

<?php

$phar = new Phar('my.phar');

$phar->extractTo('target-dir');

You even can read the contents via: file_get_contents('phar://my.phar/some/file.php');

 

To apply a lock that relly means "no one is ever possible to extract the phar" you need an extension and you need to specify your own (closed) file format.

[Shadowwalker]

While looking into the whole Zend solution, I've stumbled upon this :
" Zend Encoder (included in Zend Guard) converts your PHP into a binary form which Zend calls ‘Zend Intermediate Code’."
This "conversion" towards Zend Intermediate Code is apparently not reversible (not even by the Zend Optimizer which is the "reader" used to read converted apps)

A similar process, combined which an obfuscation process (included in Zend Guard) would be a great and viable solution to closed source applications..., would it not ?

[martin.eisengardt]

Yes. It would be a help for building closed source.

 

--

You received this message because you are subscribed to the Google Groups "Maven for PHP" group.

To view this discussion on the web visit https://groups.google.com/d/msg/maven-for-php/-/AEolJlLYmk0J.

To post to this group, send email to maven-...@googlegroups.com.
To unsubscribe from this group, send email to maven-for-ph...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/maven-for-php?hl=en.