[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Ioncube Encoded PHP Files

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Ioncube Encoded PHP Files
From: Joachim Schipper <j.schipper@xxxxxxxxxx>
Date: Wed, 21 Dec 2005 13:51:14 +0100

On Wed, Dec 21, 2005 at 10:57:37PM +1100, mz4ph0d@xxxxxxxxx wrote:
> Hi All,
> 
> Just wondering, can anyone here speak to the level of security
> afforded by Ioncube encoded PHP files? Has anyone here broken the
> encryption or otherwise gained access to initially Ioncube encoded
> source files? Thanks!
> 
> Ioncube: <http://www.ioncube.com>

Pretty much any source code encoding scheme can be defeated, given
enough work. The point is in making sure that it is too much work to do
so.

Though I wonder what the point is - it's not likely to be all that hard
to run the code on another system. The main point seems to be to prevent
administrators from making local changes, and I must admit to not seeing
a problem with people who have bought the software doing that.

                Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Ioncube Encoded PHP Files
  - From: mz4ph0d
- Re: [Full-disclosure] Ioncube Encoded PHP Files
  - From: Valdis . Kletnieks

References:
- [Full-disclosure] Ioncube Encoded PHP Files
  - From: mz4ph0d

Prev by Date: Re: [Full-disclosure] happy new year.
Next by Date: [Full-disclosure] XSS vulnerabilities in Google.com
Previous by thread: [Full-disclosure] Ioncube Encoded PHP Files
Next by thread: Re: [Full-disclosure] Ioncube Encoded PHP Files
Index(es):
- Date
- Thread