Full Disclosure mailing list archives
Re: Ioncube Encoded PHP Files
From: <mz4ph0d () gmail com>
Date: Thu, 22 Dec 2005 00:04:17 +1100
On 12/21/05, Joachim Schipper <j.schipper () math uu nl> wrote:
Pretty much any source code encoding scheme can be defeated, given enough work. The point is in making sure that it is too much work to do so. Though I wonder what the point is - it's not likely to be all that hard to run the code on another system. The main point seems to be to prevent administrators from making local changes, and I must admit to not seeing a problem with people who have bought the software doing that.
Agreed, but in this case the application is for a security purpose rather than change or server control. Looking for a secure way to include an AES password in a PHP script for use with AES_ENCRYPT() in MySQL without that password being viewable even if the source of the page is compromised. Ioncube seems to fit the bill, but wanted to enquire about whether or not that's the case. Z. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Ioncube Encoded PHP Files mz4ph0d (Dec 21)
- Re: Ioncube Encoded PHP Files Joachim Schipper (Dec 21)
- Re: Ioncube Encoded PHP Files mz4ph0d (Dec 21)
- Re: Ioncube Encoded PHP Files Joachim Schipper (Dec 21)
- Re: Ioncube Encoded PHP Files Valdis . Kletnieks (Dec 21)
- Re: Ioncube Encoded PHP Files Joachim Schipper (Dec 22)
- Re: Ioncube Encoded PHP Files mz4ph0d (Dec 21)
- Re: Ioncube Encoded PHP Files Stefan Esser (Dec 21)
- Re: Ioncube Encoded PHP Files Joachim Schipper (Dec 21)