lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Dec 21 13:04:26 2005
From: mz4ph0d at gmail.com (mz4ph0d@...il.com)
Subject: Ioncube Encoded PHP Files

On 12/21/05, Joachim Schipper <j.schipper@...h.uu.nl> wrote:
> Pretty much any source code encoding scheme can be defeated, given
> enough work. The point is in making sure that it is too much work to do
> so.
>
> Though I wonder what the point is - it's not likely to be all that hard
> to run the code on another system. The main point seems to be to prevent
> administrators from making local changes, and I must admit to not seeing
> a problem with people who have bought the software doing that.


Agreed, but in this case the application is for a security purpose
rather than change or server control. Looking for a secure way to
include an AES password in a PHP script for use with AES_ENCRYPT() in
MySQL without that password being viewable even if the source of the
page is compromised. Ioncube seems to fit the bill, but wanted to
enquire about whether or not that's the case.


Z.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ