Keep in mind the "Works out of the box with no changes to your server" requires the use of the function dl()
according to the PHP docs; dl() is not supported in multithreaded Web servers. Use the extensions statement in your php.ini when operating under such an environment. However, the CGI and CLI build are not affected ! I haven't tested wether it actually works with servers such as IIS/Apache2, and given its not supported, perhaps it works, but could have weird results after the so/dll has been loaded after the millionth time. user contributed notes off of the PHP site: the function dl() is not supported on Multithreaded systems like Windows XP. You need an external library for it, that has to be loaded when your server does. If not, you will get a fatal error and the script will stop parsing. -----Original Message----- From: michael kimsal [mailto:[EMAIL PROTECTED]] Sent: Saturday, 11 January 2003 2:39 PM To: [EMAIL PROTECTED]; Christopher Ditty Subject: [PHP] Re: Source Guardian Christopher Ditty wrote: > Does anyone here use Source Guardian? I am about to purchase it and > thought I'd ask before I do. Any problems using it? > > Thanks > > CDitty > Hello. We've used it to create demos. It does work, but is being surpassed by other options (at the time we purchased, it was the cheapest option, but it's not anymore). They seem to have updated their site some - $150 for 'just' the obfuscator is a bit much, and the obfuscation portion was, I thought, pretty poor. If you relied at all on globals, or ever used 'extract' on arrays coming from form input, it was useless. We don't rely on globals, but we do rely on form array extraction sometimes - completely wasted when the system would 'obfuscate' your code. Reason being: <? echo $myName; ?> becomes <? echo $uu7whfdsisdf; ?> But if you've got a form with <input type='text' name='foo[bar]'> You can't do <? extract($_POST['foo']); echo $bar; ?> and expect it to work, because the obfuscation will turn it into: <? extract($_POST['foo']); echo $uu7whfdsisdf; ?> I wrote them and told them it was fairly pointless, atleast for systems large/advanced enough that you'd consider wanting to protect them in the first place. They didn't seem to have much on their site before about how to get new .so and .dll files for newer versions of PHP (they bundle .so and .dll files for each version of PHP - 4.1.0, 4.1.1, etc). Also, the support for working 'out of the box' with no need to fiddle with the php.ini file was useful. Ioncube's encoder answer requires your users to install the appropriate .so or .dll file in a particular directory, or to edit php.ini - not as useful for giving out demos. Ioncube is making an effort to move in that 'ease of use' direction, but it doesn't seem to be there just yet. Having said that, the ioncube answer offers a greater level of security for the encrypted code - the sourceguardian stuff is, last I checked, 'just' encrypted source code. zend and ioncube package encrypted byte code. If someone decrypts zend-encoded files, they'll only get bytecode. If they decrypt sourceguardian code, they get the original code. This was how it was last summer - they may have upgraded since then. All in all, it's not bad. That the files now can be run on Windows servers is a plus, but lack of a command line version to allow for dynamic encryption from a server isn't all that good. If you *need* that, you'll need to find something else. Why? The 'time limiting' aspect, for starters - you can set a 'timeout' for a particular date. Unless you put up a new trial file on a site every day, you won't be able to offer '14 day' trials, for a start. The file will timeout on date X, regardless of when the user downloaded it. The Zend license manager is much more flexible in that regard, but is overkill for most smaller projects. Does this help at all? Michael Kimsal http://www.logicreate.com 734-480-9961 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php