Although PHP is the best language in the world, there are also some security issues arising from weakly typed languages. There have been some security issues in the history of WordPress caused by flaws in PHP itself. For example, the cookie forgery in CVE-2014-0166 took advantage of the flaw in PHP Hash comparison.
The following is an introduction to a source code encryption technology:
Encryption software(php_screw)
Download address: http://sourceforge.net/projects/php-screw/
Description: PHP files are usually stored in text format on the server side. It is easy for others to read the source code. In order to verify the source code To protect the code, you can use the method of encrypting the source code. To realize this function, you need two parts
One is: encryption program to realize the encryption of PHP files
The other is: The encrypted PHP file is parsed to obtain the running results. The implementation of the former is relatively simple, it is just a program. The implementation of the latter is mostly implemented in the form of php module.
php_screw
(Screw) can achieve the above functions. The latest version is 1.5, which can be downloaded from sourceforge.
php_screw
is a Japanese PHP encryption program developed, but can only run under LINUX
Installation
Description: The purpose of installation is actually to generate two files, one is to use For screw encrypting PHP files, the other
is the parsing module php_screw.so loaded by php
Installation environment
System: centos 5.3
Software: Apache 2.2.9
PHP 5.2.10
All the above environments are downloaded, configured and installed by yourself. For specific Apache php mysql installation method, please search online.
Installation steps
1. Decompress with tar tar -zxvf php_screw-1.5.tar.gz
2. Enter the php_screw-1.5 directory to start Installation
cd php_screw-1.5 phpize
Regarding phpize, it only needs to install the php5-dev module in the php5-dev extension module.
./confiugre
3.Set the password you use for encryption
Copy the code as follows:
vi my_screw.h -- Please change the encryption SEED key (pm9screw_mycryptkey) into the values according to what you like. The encryption will be harder to break, if you add more values to the encryption SEED array. However, the size of the SEED is unrelated to the time of the decrypt processing. * If you can read and understand the source code, to modify an original encryption logic will be possible. But in general, this should not be necessary. OPTIONAL: Encrypted scripts get a stamp added to the beginning of the file. If you like, you may change this stamp defined by PM9SCREW and PM9SCREW_LEN in php_screw.h. PM9SCREW_LEN must be less than or equal to the size of PM9SCREW.
4.Compile
make
5. Copy the php_screw.so file in the modules directory to the /usr/lib/php5/extension directory
cp modules/php_screw.so /usr/lib/php5/extension/
6. Edit the php.ini file
in the php.ini file , add the following statement
extension=php_screw.so
7. Restart Apache
/srv/apache/bin/apachectl restart
8. Compile the encryption tool
cd tools make
9. Copy the encryption tool screw in the tools directory to the appropriate directory
cp screw /usr/bin/
After the above 10 steps, php_screw-1.5 has been completely installed. And now PHP also supports interpretation of encrypted PHP files
Use
1. Now write a PHP file to be encrypted.
I wrote the following test.php file to test the speed of php
Copy the code as follows:
<? $a=0; $t=time(); for($i=0;$i<5000000;$i++) {$a=$a*$i;} $t1=time(); echo "<p>"; echo "It used:"; echo $t1-$t; echo "seconds"; ?>
Place the above test.php file in / var/www/ directory. Accessing through the browser will show the speed of PHP in large-scale calculations (rough estimate)
2. Encrypt the PHP file we wrote
cd /var/www/ screw test.php
After we encrypt it, the test in the current directory The .php file is what we have encrypted. The source file was renamed test.php.screw and stored.
Let’s test test.php now to see if it can be used normally? How is the speed?
I compared it and found that the speed before and after encryption is about the same, and there is basically not much loss.
3. Batch encrypted files
After testing on debian, apache2, php5 to encrypt the .html file, it can be parsed correctly;
How does php_screw encrypt the file in the current directory? , perform overall encryption on the files contained in the directory and the files in the containing directory
find ./ -name "*.php"-print|xargs -n1 screw //加密所有的.php文件 find ./ -name "*.screw" -print/xargs -n1 rm //删除所有的.php源文件的备份文件
In this way, all .php files in the current directory are encrypted.
For more related questions, please visit the php Chinese website: PHP video tutorial
The above is the detailed content of Detailed explanation of PHP source code encryption method. For more information, please follow other related articles on the PHP Chinese website!