PHP Encryption

It's a myth that PHP Encryption will make your PHP code and site more secure. Furthermore, it's absolutely useless if you plan to hide any of your sensitive data.

No matter how you encrypt your data, IonCube, Zend, SourceGuardian... there is a very simple way to find out what is written in the file following 2 steps:

1. Create a new php file and include the encrypted file in it.

2. Print all defined variables, functions, classes and so on.

Here is a sample code - encrypted.php is the file which is encrypted:

include('encrypted.php');

//First, we will print the hyper secret functions:

$functions = get_defined_functions();

print_r($functions);

//Next, let's print all the variables. Usually that's where passwords are :)

$variables = get_defined_vars();

print_r($variables);


Similarly, you can use get_defined_constants and get_declared_classes to find the defined constants and classes...

Thus, if you'd like to hide any sensitive data or protect your code think of something else and don't rely on encryption.

blog comments powered by Disqus