I have clarified the project requirements with additional comments, so please read the posting in its entirety all the way down. Please review the PHP Interpreter source code, specifically the compile_string() function in the file zend_language_scanner.c, to help understand my reasoning and expectations. See "Complete Source Code" under [url removed, login to view] . Requirement Details: I have a large website with hundreds of highly proprietary PHP source code files. I need to allow outsourced PHP developers to make some tweaks to about 5% of the scripts. I do not want to give out the source for the other 95% of scripts. Unfortunately the 5% cannot be tested in any stand-alone mode, they require all scripts to be present at the same time due to 'include' statements and shared PHP class files. So, I need a way to keep all 95% of these sensitive PHP files protected on the server at all times, executable by the PHP interpreter but not accessible to the coders who are editing the non-proprietary portion of the code. This can be accomplished with encryption, or with Unix permissions and privilege escalation/de-escalation (setuid). The PHP interpreter should have access to the protected files ONLY when it needs to parse and execute them, NOT at any other time. Please note this is NOT a code distribution issue where I want to distribute PHP and let others execute it without access to the source. No. That's not it. I want encrypted PHP scripts that can ONLY be executed on my server, and if they are removed from the server they cannot be executed at all AND the source cannot be stolen to be used in other projects. The use of Unix permissions instead of encryption is acceptable but only if it accomplishes the same result: PHP coders cannot gain access to a protected script by modifying an unprotected one. Please look below for my response to comments already received from coders.
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
* * *This broadcast message was sent to all bidders on Thursday Jul 10, 2008 10:10:27 AM:
Thank you for all your comments. I have received many comments which are missing the point or not understanding the requirement. Please note:
1. Any solution involving security via FTP is useless. The reason is simple. Any coder can write fopen() or get_file_contents() inside an unprotected script (which they are allowed to edit) to gain access to the source code of a protect script! This is because the PHP interpreter runs with the effective permissions of the Apache server, NOT the user who modified the script!
2. Any solution like IonCube Encoder which involves bytecode compilation is useless. This is because any competent coder can disassemble the bytecode and then manually fix it up to make it readable and use it in another project.
3. Any solution that involves modifying only PHP source code is useless, because the source will still be accessible. This project requires modifying the PHP interpreter itself and then recompiling it.
4. This project is to implement the security solution only. The actual website and sensitive source code already exists.
5. This project is actually very simple. Once you locate the place in the PHP interpreter's source code where a "PARSE" is performed, you can simply introduce an if() statement to check if the source is encrypted and if so, invoke GPG or similar external utility to decrypt it.
A competent C-language coder can do this in 1 to 2 hours.
* * *This broadcast message was sent to all bidders on Thursday Jul 10, 2008 10:23:55 AM:
6. Any solution that involves packing PHP into an executable, such as [url removed, login to view], is completely useless. You cannot pack a website into an executable. And with such an arrangement, the unencrypted PHP scripts modified by the untrusted coders would not be able to include any of the sensitive scripts using 'include'.
* * *This broadcast message was sent to all bidders on Thursday Jul 10, 2008 7:43:58 PM:
This project can be done by modifying just one file - the compile_string() function in zend_language_scanner.c in the PHP interpreter source. Please confirm in your bid if you think this approach will work. Thanks
* * *This broadcast message was sent to all bidders on Thursday Jul 10, 2008 8:30:57 PM:
7. Some of you have asked why I don't trust my coders or why I don't just use an NDA (Non-Disclosure Agreement). There are two reasons. One is that 99% of RAC coders will not sign an NDA. The other reason is that we once caught a RAC coder trying to hack into our network from a development box. Fortunately our Intrusion Detection system caught him. But this was clearly illegal. Since the coder is in another country we cannot do anything about it. This shows why an NDA is not a good solution and it should help clarify the requirement.