lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20051221125114.GA22919@melpomene.jschipper.dynalias.net>
Date: Wed Dec 21 12:51:21 2005
From: j.schipper at math.uu.nl (Joachim Schipper)
Subject: Ioncube Encoded PHP Files

On Wed, Dec 21, 2005 at 10:57:37PM +1100, mz4ph0d@...il.com wrote:
> Hi All,
> 
> Just wondering, can anyone here speak to the level of security
> afforded by Ioncube encoded PHP files? Has anyone here broken the
> encryption or otherwise gained access to initially Ioncube encoded
> source files? Thanks!
> 
> Ioncube: <http://www.ioncube.com>

Pretty much any source code encoding scheme can be defeated, given
enough work. The point is in making sure that it is too much work to do
so.

Though I wonder what the point is - it's not likely to be all that hard
to run the code on another system. The main point seems to be to prevent
administrators from making local changes, and I must admit to not seeing
a problem with people who have bought the software doing that.

		Joachim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ