Crypt Class is a wrapper around the libmcrypt functions that offers a simplified interface and new features such as embedded IV. It provides an easy way to encrypt and decrypt data, and automatically creates and extracts IVs, storing them along with the encrypted string. It supports all of the ciphers in libmcrypt, including Twofish, Blowfish, and AES, and makes it easy to switch between them.
PHPCoder is a Web-based frontend to the Turck MMCache encoding functions, which are similar to the Zend Encoder product. PHPCoder enables you to encode your PHP scripts and applications into non-reversible bytecode, thus preventing users of your programs from viewing or altering the source code while having full functionality. Another excellent use for PHPCoder is to encode your applications PHP configuration files, that way someone viewing your source code does not see your databae login and password information. It also allows you to set restrictions on the encoded scripts, you can lock a script to a particular server IP address, server host name, visitor IP, or even place a time limit on the script so it will expire after a configurable amount of time. You specify Text, HTML, or PHP code that should be prepended and appended to each file before it is encoded, allowing you to easily and securely implement your own licensing scheme.
OTRS free alternative
While PerlDesk is no longer free, OTRS is an open source (GPL) trouble ticket system. PerlDesk is an excellent system but if you are looking for something open source or free try it, freshmeat homepage at: http://freshmeat.net/projects/otrs/
> It is important to note that this
> project, and Zend encoder and all
> equivalents that I am aware of are not
> failsafe as far as security goes. Once
> you place your code, bytecode or not, on
> someone elses system it is possible,
> with the necessary effort and skill, to
> reverse engineer the code into a form
> which can be operated on to remove time
> limits, IP address blocks, and to obtain
> passwords or other strings stored within
> the file.
> For the vast majority of uses the
> strength of the encoding provided is
> "good enough", however if
> you're talking about financial
> transactions, or software worth many
> thousands of dollars, you cannot trust
> this or any other encoding software to
> prevent disassembly and modification.
> Some are harder than others but in the
> end you are looking at one or two weeks
> work by someone with the necessary
> skills in order to reverse the encoding
> into something usable, even if it is not
> exactly equivalent to the original
> source (which it won't be).
> There are no tools that I am aware of
> available at this time to support the
> reverse engineering task, but I would
> not be surprised if they are around in
> one form or another, and conventional
> system tracing and crypto tools are
> still helpful.
Of course financial information should very rarely ever be stored on servers unless you have invested considerable effort and funds into securing a system(s) you should pass financial information directly to real time authorization providers. The code itself more than likely will not be able to be converted back to source code but any program can be reversed engineered, simply encoding an application will not make it secure but it can increase security by leaps and bounds.