We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Compile PHP Code, protect software from distribution

Hi Phalcon,

I'm looking for a way to protect my PHP source during deployment:

I found these (i think) valid solutions:

HipHop for PHP, developed by Facebook and released under open-source license.

"Overall HipHop allows us to keep the best aspects of PHP while taking advantage of the performance benefits of C++." - Haiping Zhao 2010 (Hip Hop developer)

And this one:

Phalanger – the PHP compiler for .NET https://www.php-compiler.net/

"Phalanger is complete full-featured implementation of PHP, rewritten in safe C# language. It consists of compiler and runtime. The compilation itself brings developers and web hosting providers a lot of new possibilities. Phalanger improves execution speed, safety and makes integration with existing PHP and .NET code very simple."

I want to protect my source code in Windows environment. What do you think about these solutions ? Do you know these two instruments, have them tested with Phalcon?

Thank You Mariano Pirelli

Phalcon 2.0 is rewriten in Zephir, new language for developing php extensions. And it is created by creators of Phalcon, so you can use Zephir to rewrite your php code in zephir language to compile some sensitive parts of your application or whole application into extension and distribute it as extension. Search in google Zephir Language there are lots of information about it (SitePoint, Zephir homepage, Phalcon Blog, etc)

As long as it's the business logic/implementation you want to protect Phalcon/Zephir might be a good solution. I would not recommend it for distributing sensitive strings like passwords, API or RSA keys since they will still be visible as raw strings in compiled DLL by default.

Please see (and vote up) https://github.com/phalcon/zephir/issues/36 for more info.

An alternative is Zend Guard with Zend Encoder. This is a paid solution though.