Best solution: Protect PHP code without encryption

Question

First of all, I'm not looking for miracles... I know how PHP works and I know there is no real way to hide my code without using encryption. But this requires installing an extension on the running server, which comes at a cost.

However, I'm looking for something different... I'm not looking to encrypt my code, or even obfuscate it. There are many PHP scripts that don't have encrypted/obfuscated code, but they are commercial applications. For example, vBulletin and/or IP.Board forum applications.

I'm just wondering what methods these people use in their applications...

I'm also open to any other suggestions manner.

Please note that I am an independent individual and do not represent any company. My product is also very specific and sales won't be very high. I just want you to know that I cannot afford a lawyer to sue people or prepare a business license. I'm just looking for a simple way to protect my simple product, if possible...

Answer 1

You need to consider your goals:

1) Are you trying to prevent others from reading/modifying your code? If so, you will need an obfuscation/encryption tool. I have used Zend Guard with great results.

2) Are you trying to prevent unauthorized redistribution of the code? A EULA/exclusive license will give you the legal power to prevent this behavior, but not completely. Key/activation schemes will allow you to actively monitor usage, but these schemes can be removed if the code is not encrypted. Zend Guard also has the ability to lock specific scripts to specific client machines and/or create time-restricted versions, if this suits your needs.

I'm not familiar with software like vBulletin, but they either need encryption/obfuscation or their users need to be trusted to do the right thing. In the latter case, they prohibit unwanted behavior through the EULA and rely on the legal system to support prosecution for breaches of the EULA.

If you are not prepared/capable of taking legal action to protect your software, and do not want encryption/obfuscation, your options are: a) Release the software with a EULA so that if needed, you have Legal options and hope for the best, or b) consider whether an open source license might be more appropriate, allowing redistribution.

Answer 2

Confusing things will only inconvenience your legitimate, law-abiding customers, and those who might deceive you are not your target paying customers. (edited out other thoughts about obfuscation)

Another tip for protecting your software: Create a business model where the code is an incomplete part of the value you provide. For example, selling product licenses and providing access to certain data that you manage on the website, or licensing products on a subscription model or with customer support.

Designing the User License Agreement (EULA) is a legal issue, not a coding issue. You can start by reading some EULA text for the products and websites you use. You might find some interesting details!

Creating a proprietary license is very flexible and may be beyond the scope of what StackOverflow intended as it involves more than just coding.

Some parts of the EULA that come to mind include:

Limit your liability if the product contains an error or causes damage.
Clearly stipulates how customers can use their licensed software, for how long, on how many machines, whether they have redistribution rights, etc.
Gives you the right to audit their site so you can enforce the license.
What happens if they violate the EULA, e.g. they lose their privileges to use your software.
You should consult a legal professional to prepare a commercial EULA.

EDIT: If this project doesn't justify the expense of an attorney, please check out the following resources:

"EULA Advice" on joelonsoftware
"How to Write an End User License Agreement"