Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ioncube Encoded PHP Files

From: <mz4ph0d () gmail com>
Date: Thu, 22 Dec 2005 00:04:17 +1100
On 12/21/05, Joachim Schipper <j.schipper () math uu nl> wrote:

Pretty much any source code encoding scheme can be defeated, given
enough work. The point is in making sure that it is too much work to do
so.

Though I wonder what the point is - it's not likely to be all that hard
to run the code on another system. The main point seems to be to prevent
administrators from making local changes, and I must admit to not seeing
a problem with people who have bought the software doing that.



Agreed, but in this case the application is for a security purpose
rather than change or server control. Looking for a secure way to
include an AES password in a PHP script for use with AES_ENCRYPT() in
MySQL without that password being viewable even if the source of the
page is compromised. Ioncube seems to fit the bill, but wanted to
enquire about whether or not that's the case.


Z.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: