[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Ioncube Encoded PHP Files

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Ioncube Encoded PHP Files
From: <mz4ph0d@xxxxxxxxx>
Date: Thu, 22 Dec 2005 00:04:17 +1100

On 12/21/05, Joachim Schipper <j.schipper@xxxxxxxxxx> wrote:
> Pretty much any source code encoding scheme can be defeated, given
> enough work. The point is in making sure that it is too much work to do
> so.
>
> Though I wonder what the point is - it's not likely to be all that hard
> to run the code on another system. The main point seems to be to prevent
> administrators from making local changes, and I must admit to not seeing
> a problem with people who have bought the software doing that.

Agreed, but in this case the application is for a security purpose
rather than change or server control. Looking for a secure way to
include an AES password in a PHP script for use with AES_ENCRYPT() in
MySQL without that password being viewable even if the source of the
page is compromised. Ioncube seems to fit the bill, but wanted to
enquire about whether or not that's the case.

Z.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Ioncube Encoded PHP Files
  - From: Joachim Schipper

References:
- [Full-disclosure] Ioncube Encoded PHP Files
  - From: mz4ph0d
- Re: [Full-disclosure] Ioncube Encoded PHP Files
  - From: Joachim Schipper

Prev by Date: [Full-disclosure] XSS vulnerabilities in Google.com
Next by Date: Re: [Full-disclosure] XSS vulnerabilities in Google.com
Previous by thread: Re: [Full-disclosure] Ioncube Encoded PHP Files
Next by thread: Re: [Full-disclosure] Ioncube Encoded PHP Files
Index(es):
- Date
- Thread