运用screw plus来保护php代码安全
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><a style="color: black;"><span style="color: black;">https://</span><span style="color: black;">github.com/del-xiong/sc</span><span style="color: black;">rew-plus</span></a></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><a style="color: black;"><span style="color: black;">http://</span><span style="color: black;">git.oschina.net/splot/p</span><span style="color: black;">hp-screw-plus</span></a></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">screw plus是一个开源的php扩展,<span style="color: black;">功效</span>是对php文件进行加密,网络上<span style="color: black;">供给</span>php加密的服务<span style="color: black;">非常多</span>,但大多都只是混淆级别的加密,被人拿到加密文件问只要有足够耐心就能破解,与之<span style="color: black;">区别</span>的是,screw plus采用扩展来加解密,<span style="color: black;">况且</span>是<span style="color: black;">全世界</span>金融业流行的高强度AES256加密,除非破解了服务器,否则黑客拿到了加密文件<span style="color: black;">亦</span>只是一堆乱码。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">同一个加密级别的有ioncube和官方的zend guard,但这两款都是收费的,一年至<span style="color: black;">少许</span>千元的<span style="color: black;">花费</span>并不值得普通<span style="color: black;">研发</span>者去尝试,而<span style="color: black;">运用</span>screw plus,你不<span style="color: black;">必须</span>多花一分钱。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">下面以LNMP一键安装环境为例演示下screw plus的配置</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">首要</span>克隆一份代码到服务器</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">git clone <a style="color: black;"><span style="color: black;">https://</span><span style="color: black;">git.oschina.net/splot/p</span><span style="color: black;">hp-screw-plus.git</span></a></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">进入项目目录,<span style="color: black;">而后</span>执行php的phpize文件,phpize是官方<span style="color: black;">供给</span>的可执行文件用于动态生成扩展<span style="color: black;">研发</span>环境,<span style="color: black;">通常</span>在php的bin目录下<span style="color: black;">能够</span>找到。lnmp的phpize在/usr/local/php/bin/phpize</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">/usr/local/php/bin/phpize</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Configuring for:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">PHP Api Version: 20100412</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Zend Module Api No: 20100525</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Zend Extension Api No: 220100525</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">执行成功后<span style="color: black;">能够</span>看到当前的php api版本,扩展api版本等。下一步就<span style="color: black;">能够</span><span style="color: black;">起始</span>配置了。配置命令为 ./configure --with-php-config=, <span style="color: black;">通常</span><span style="color: black;">亦</span>在php的bin目录下,写绝对路径就<span style="color: black;">能够</span>了。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">./configure --with-php-config=/usr/local/php/bin/php-config</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>没报错,说明配置成功了,<span style="color: black;">能够</span><span style="color: black;">起始</span>下一步编译了。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">编译之前,<span style="color: black;">咱们</span><span style="color: black;">能够</span>修改加密的key,打开php_screw_plus.h<span style="color: black;">能够</span>看到开头<span style="color: black;">便是</span> #define CAKEY "..." ,把里面的值改为一个足够<span style="color: black;">繁杂</span>的key,最好16位以上,<span style="color: black;">例如</span>:9mqss6q7WsBpTMOZ</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">vi php_screw_plus.h</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">修改完毕之后,直接<span style="color: black;">起始</span>编译,执行make命令,<span style="color: black;">倘若</span>最后<span style="color: black;">表示</span>Build complete.说明编译成功,扩展在modules里面,<span style="color: black;">倘若</span>报错请<span style="color: black;">按照</span>提示进行修复,<span style="color: black;">而后</span>make clean之后重新编译。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">make</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">...</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Build complete.</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">上面<span style="color: black;">咱们</span>编译的是解密程序,而加密程序<span style="color: black;">亦</span><span style="color: black;">必须</span><span style="color: black;">咱们</span>手动编译一下,进入tools目录执行make命令<span style="color: black;">就可</span>。<span style="color: black;">倘若</span><span style="color: black;">无</span>报错,则扩展就<span style="color: black;">所有</span>编译完<span style="color: black;">成为了</span>。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">cd tools/ && make</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">而后</span><span style="color: black;">必须</span>把扩展的路径加入到php.ini中,你<span style="color: black;">能够</span>把modules/php_screw_plus.so复制到php扩展目录<span style="color: black;">亦</span><span style="color: black;">能够</span>直接在ini中加入绝对路径,我<span style="color: black;">通常</span>倾向于绝对路径<span style="color: black;">这般</span>修改编译了扩展<span style="color: black;">亦</span>不<span style="color: black;">必须</span>重新复制过去。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">vi php/etc/php.ini</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">加入绝对路径例如</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">extension=/home/php_screw_plus-1.0/modules/php_screw_plus.so</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">而后</span>重启php服务 <span style="color: black;">此时</span><span style="color: black;">能够</span>放个php文件输出phpinfo信息,<span style="color: black;">倘若</span>看到以下提示说明扩展生效了。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">下面还有最后一步,加密程序。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在扩展的tools目录,执行./screw [路径],[路径]<span style="color: black;">能够</span>是单个文件<span style="color: black;">亦</span><span style="color: black;">能够</span>是文件夹,<span style="color: black;">而后</span>就<span style="color: black;">能够</span>实现加密了。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">加密完成后查看源码,<span style="color: black;">能够</span><span style="color: black;">发掘</span>除了开头的几个英文字符外,其余的都<span style="color: black;">成为了</span>乱码。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">然则</span>打开网站,php运行正常,<span style="color: black;">倘若</span><span style="color: black;">无</span>加密<span style="color: black;">同样</span>。经过测试,解密速度大约为100M每秒,对php<span style="color: black;">自己</span>的性能损失非常小,<span style="color: black;">通常</span>不到20毫</p>
楼主发的这篇帖子,我觉得非常有道理。 你的话语如春风拂面,让我心生暖意。 期待你更多的精彩评论,一起交流学习。 “板凳”(第三个回帖的人)
页:
[1]