http://qs1969.pair.com?node_id=164961


in reply to Encrypting script (was Encripting scipt)

I'm wondering why your 'myscript.cgi' is readable by others. If it's the fact that people can simply type some URL into their browser and download the source then there's a significant security hole on the server and you should really get it fixed by contacting the server administrator, or getting another server.

If you're worried about other people logged into the server being able to see it then set the permissions so only the user it runs as can read it. This works far better when you're running on a machine where each script executes as the user who has it in their cgi-bin, or even better a special account for them to run CGIs as.

If this isn't the case on your server then I'd recommend you get another, more secure, server before playing about with encryption as it's a far better way to guarantee safety.

Now for the bit with disclaimers- I'm really not recommending this cause of action, I'm only putting it here in case you're determined to follow this course. Giving you enough rope to shoot yourself in the foot, or somesuch.

If you're just trying to make the script difficult to read for customers etc. to stop them messing with your carefully-crafted code then look at the Obfuscation section of this very site.. many people write 'Obfuscation engines' to hide the meaning of code. This will help to hide the details, but expect a significant performance hit whilst it's decrypted, and make sure you test the encrypted version exceptionally well since it's quite possible it's broken it.