I’ve been asked to protect a Magento module through obfuscation. I never used PHP obfuscation packages but I know how they work and I forsee some issues in obfuscating a module that is very string and xml dependant:
- /etc/config.xml registers harcoded class names and paths
- auto-loading is heavily used and paths are important
- I cannot imagine how to automatically obfuscate a class name that will be called later by Mage::getModel(‘my/module’).
- I’ll have to exclude from the obfuscation process Magento function calls ( ex. $order->getItems()).
Any recommendations?
I don’t know about IonCube encoder, but Zend Encoder is able to encode the files so that they essentially operate as PHP bytecode and cannot be easily edited. Since the code is compiled, your strings, classnames, etc will be encoded still accessible. Filenames would remain the same so that any includes will function correctly. This has the side effect of speeding up execution as the PHP compiler doesn’t have to recompile the PHP files.
Make sure to specify that you don’t want to rename classes and such, as the stronger type of encoding will cause all the problems you list. The other caveat here is that any encoding that doesn’t rename classes and functions is more easily un-encoded, but for a persistent person this is the case anyway.
Hope that helps.
Thanks,
Joe