1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Obfuscating Plug-in PHP files / preventing others from re-developing your Plug-in

Discussion in 'XenForo Development Discussions' started by tenants, Sep 12, 2011.

  1. tenants

    tenants Well-Known Member

    Are there any "best practices" for obfuscation of plug-ins

    For instance, if I design a plug-in that I don't want others to further develop (making it harder for them to go away and make their "own version") is it possible to use something like Zend Guard to obfuscate the code?

    I have no experience with using Zend Guard, but I'm wondering if Xenforo even allow plug-in developers to obfuscate the plug-in PHP files?

    Also, is there anything in the ACP to prevent other developers at looking for the call backs your plugin uses?

    [I know obfuscation inst full proof, but it sometime makes it "not worth while" to try and copy / change the source]
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Short answer, no.
    Long answer, no not really.

    If someone wants to analyse/copy/reverse engineer your add-on, there's not really a lot you can do about it.
     
  3. James

    James Well-Known Member

    You shouldn't really obfuscate your code as add-on developers can extend your add-on and add more functionality to it.
     
  4. tenants

    tenants Well-Known Member

    That's true, would there be any license issues if I obfuscated the PHP?
    (for instance, I've read you are not allowed to obfuscate the PHP files if using a GLP license)
     
  5. MGSteve

    MGSteve Well-Known Member

    Not to mention, I wouldn't go near any addon that was obfuscated.

    Sadly, its just a risk you take when you release any software. After all if XenForo Ltd felt like you, they'd Obfuscate the entire forum software!

    James - I'm guessing that he's thinking about a Paid Addon, which to a degree I can understand, but if such an Addon was found, I'm sure if you told whoever was hosting it (i.e. the equvilant of vbulletin.org for XenForo), they'd remove it anyway.

    If he's not thinking of a Paid addon then what's the point? Surely anyone who releases an Addon based upon yours, the same copyright infringement applies and the same removal option as above is available to you.
     
    tenants likes this.
  6. tenants

    tenants Well-Known Member

    ,
    Well, thats kind of what I dont want.

    I don't think it would be fair if I went along and grabbed XenCarta, made a minor modification and added my own link through the plug-in (and receive donations for it). If I put a lot of effort into a plug-in, I wouldn't necessarily want other developers to reap the benefit of the hard work (not that I've added any plug-ins that have any work put into them.. yet)

    .. Yes, I am thinking more towards "paid plugins" but not just paid plugins
     
  7. James

    James Well-Known Member

    If you grabbed XenCarta and decided to extend it and add your own functionality to it, you could just release what you've coded as an add-on to XenCarta.
     
  8. tenants

    tenants Well-Known Member

    I think MGSteve is right (and hit the nail on the head),

    "I wouldn't go near any add-on that was obfuscated." <<== I totally Agree, I don't think anyone should

    I dont think Xenforo should even allow / support plugins that have been obfuscated. I would even go as far as saying it should be XenForos official stand point. An obfuscated plug-ins should not be allowed / supported / added to the community.

    As far as the forum owner is concerned, a plug-in is foreign and could have complete control / access to your board/db

    It's not easy to tell what they do. Someone could quite easily design a plug in that seems to do one thing, but actually sends a dump of all the tables to Mr Malicious. In doing this, Mr Malicious has access to everything, the entire list of emails, hashed/Encrypted passwords, etc..

    I didn't know if XenForo has an official view point on this

    .. Having said this, without obfuscation, it does make the development of plug-ins less beneficial to the plug-in developers (if they can easily be taken further by other plug-in developers). There seems to be no way of "protecting" your plug-in that you develop, but I think the benefits of this (understanding other plug ins, learning from other peoples development) far out weigh the costs.
     
  9. MGSteve

    MGSteve Well-Known Member

    Well that comes down to the management on the addons site and the reason why XF should have their own and promote it, so that people get them from one main source, where the addons are managed and there is someone to go to if you see your addon being abused as you suggest above.

    btw, I must be sad, I just put your sig into a binary to text to check if it said what I thought it said!

    it did! :LOL:
     

Share This Page