Although, an interesting question would be how hidden are variable values?
Such as usernames/passes, etc.
Though if someone manages to get a hold of a script, encoded or not, that
has usernames and passwords in it, you are probably screwed anyway ;)
In such a case all usernames and passwords should be totally scrambled for
security, but that can only be done if you actually find out someone got a
hold of the data.
But back to the topic at hand, I ponder how easy it would be to read
variable declarations and values, after reducing the script to such a level.
As any encrypting the Zend encoding performes requires a key to decrypt, it
must be reasonable trivial for a cracker with moderate experiance in
cryptography to obtain.
Then you have clear text, which is the optimized code as you said. Basically
PHP that's been run through a compiler.
I can't imagine it's technologically possible for the Zend Encoder to do
more than obfuscate the source code.
Which basically means it's like taking your bank statement and ripping it
into little pieces by hand. It works only on people not willing to glue the
pieces together.
Someone who does Encoder cracking vary often will surely be capable of doing
all this much more efficiently than someone who's playing around with it.
But how many people make a hobby of that? ...better to keep that rhetorical.
--
Plutarck
Should be working on something...
...but forgot what it was.
""James Moore"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> > Is it possible in any instance that someone else will be able to
> > de-code my
> > PHP scripts once I have used the Zend Encoder on it, and be able
> > to read it?
> > Obviously they will be able to decode it to actually use it on
> > the server,
> > but will they ever be able to read the source?
>
> They will not be able to read the source as such. If they did mange to
> decode your script, which is unlikley then they would have Zend opcode
> rather than PHP Source Code which is the PHP equivilent of ASM. It would
be
> very difficult to reconstuct your source code from this opcode and
probably
> more hassle than actually rewriting the same functionality themselves (IE
> thats a no its pretty much impossible to retrive source code from encoded
> files).
>
> James
> --
> James Moore
> [EMAIL PROTECTED]
> PHP Web Scripting: http://www.php.net/
> PHP QA Team: http://qa.php.net/
> PHP-GTK: http://gtk.php.net/
> VL-SRM: http://www.vl-srm.net/
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
