Obfuscating Plug-in PHP files / preventing others from re-developing your Plug-in

tenants

tenants

Well-known member
Are there any "best practices" for obfuscation of plug-ins

For instance, if I design a plug-in that I don't want others to further develop (making it harder for them to go away and make their "own version") is it possible to use something like Zend Guard to obfuscate the code?

I have no experience with using Zend Guard, but I'm wondering if Xenforo even allow plug-in developers to obfuscate the plug-in PHP files?

Also, is there anything in the ACP to prevent other developers at looking for the call backs your plugin uses?

[I know obfuscation inst full proof, but it sometime makes it "not worth while" to try and copy / change the source]
 
Short answer, no.
Long answer, no not really.

If someone wants to analyse/copy/reverse engineer your add-on, there's not really a lot you can do about it.
 
You shouldn't really obfuscate your code as add-on developers can extend your add-on and add more functionality to it.
 
That's true, would there be any license issues if I obfuscated the PHP?
(for instance, I've read you are not allowed to obfuscate the PHP files if using a GLP license)
 
Not to mention, I wouldn't go near any addon that was obfuscated.

Sadly, its just a risk you take when you release any software. After all if XenForo Ltd felt like you, they'd Obfuscate the entire forum software!

James - I'm guessing that he's thinking about a Paid Addon, which to a degree I can understand, but if such an Addon was found, I'm sure if you told whoever was hosting it (i.e. the equvilant of vbulletin.org for XenForo), they'd remove it anyway.

If he's not thinking of a Paid addon then what's the point? Surely anyone who releases an Addon based upon yours, the same copyright infringement applies and the same removal option as above is available to you.
 
,
James said:
You shouldn't really obfuscate your code as add-on developers can extend your add-on and add more functionality to it.
Click to expand...
Well, thats kind of what I dont want.

I don't think it would be fair if I went along and grabbed XenCarta, made a minor modification and added my own link through the plug-in (and receive donations for it). If I put a lot of effort into a plug-in, I wouldn't necessarily want other developers to reap the benefit of the hard work (not that I've added any plug-ins that have any work put into them.. yet)

.. Yes, I am thinking more towards "paid plugins" but not just paid plugins
 
tenants said:
,

Well, thats kind of what I dont want.

I don't think it would be fair if I went along and grabbed XenCarta, made a minor modification and added my own link through the plug-in (and receive donations for it). If I put a lot of effort into a plug-in, I wouldn't necessarily want other developers to reap the benefit of the hard work (not that I've added any plug-ins that have any work put into them.. yet)

.. Yes, I am thinking more towards "paid plugins" but not just paid plugins
Click to expand...
If you grabbed XenCarta and decided to extend it and add your own functionality to it, you could just release what you've coded as an add-on to XenCarta.
 
I think MGSteve is right (and hit the nail on the head),

"I wouldn't go near any add-on that was obfuscated." <<== I totally Agree, I don't think anyone should

I dont think Xenforo should even allow / support plugins that have been obfuscated. I would even go as far as saying it should be XenForos official stand point. An obfuscated plug-ins should not be allowed / supported / added to the community.

As far as the forum owner is concerned, a plug-in is foreign and could have complete control / access to your board/db

It's not easy to tell what they do. Someone could quite easily design a plug in that seems to do one thing, but actually sends a dump of all the tables to Mr Malicious. In doing this, Mr Malicious has access to everything, the entire list of emails, hashed/Encrypted passwords, etc..

I didn't know if XenForo has an official view point on this

.. Having said this, without obfuscation, it does make the development of plug-ins less beneficial to the plug-in developers (if they can easily be taken further by other plug-in developers). There seems to be no way of "protecting" your plug-in that you develop, but I think the benefits of this (understanding other plug ins, learning from other peoples development) far out weigh the costs.
 
tenants said:
,

Well, thats kind of what I dont want.

I don't think it would be fair if I went along and grabbed XenCarta, made a minor modification and added my own link through the plug-in (and receive donations for it). If I put a lot of effort into a plug-in, I wouldn't necessarily want other developers to reap the benefit of the hard work (not that I've added any plug-ins that have any work put into them.. yet)
Click to expand...

Well that comes down to the management on the addons site and the reason why XF should have their own and promote it, so that people get them from one main source, where the addons are managed and there is someone to go to if you see your addon being abused as you suggest above.

btw, I must be sad, I just put your sig into a binary to text to check if it said what I thought it said!

it did! :LOL:
 
You must log in or register to reply here.

Similar threads

Phil Stewkesbury
Are there any agencies specialising in developing XenForo forums?
Replies
4
Views
6K
BDOutdoors
BDOutdoors
Yugensoft
Add-on Offer: Sale of IP Rights of All Addons
Replies
10
Views
2K
ssj2_ssbm
ssj2_ssbm
X
XF 1.5 [SOLVED] Fatal error: Class 'Xenforo_ControllerPublic_Abstract' not found in...
Replies
0
Views
1K
xnaxdy
X
Brent W
100% Ground Up CentminMod Server Setup & Optimization Saving You Money On Hosting
2 3 4
Replies
72
Views
15K
fionix
fionix
tenants
If I wanted to add a button to the option area for a plug-in?
Replies
0
Views
581
tenants
tenants
Top Bottom