Need some suggestions regarding licensing

  • You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

  • You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

ChintanBhat

Well-known member
Moderator
Null Master
Trusted Uploader
Nov 18, 2020
1,149
1,120
120
36
Universe
babiato.org
Hi guys, well i'm on my way to complete one project of php pased model. So i just want to know that how i can secure my php script? Like i know that "Security is myth" but still i can improve the security encryption too. So i need suggestions from you guys that how i can make a well secured script. And one more thing after the completion of my project, i'll give one license to my Babiato's family also to test the product.

And in this community we null the scripts but never try to understand or discuss this so it may be useful for many developers too.

As already mentioned above that don't give advice that security is myth so i need suggestions regarding securing the script not advice that you can't.

Hoping some best suggestions😀
 
  • Like
Reactions: HeyMakarina

wooyihoo

Active member
Babiato Lover
Trusted Uploader
Oct 26, 2020
150
67
28
you might want to check the code of EventPortal


in folder admin > stp > php files.

It has an elaborate way of securing codes. I'm not sure if they used an obfuscation software, but it's quite impressive.

You can also offer software as a service. This way your codes resides in your own server. This is what I'm doing.

Hope this helps.

Cheers!
 

ChintanBhat

Well-known member
Moderator
Null Master
Trusted Uploader
Nov 18, 2020
1,149
1,120
120
36
Universe
babiato.org
you might want to check the code of EventPortal


in folder admin > stp > php files.

It has an elaborate way of securing codes. I'm not sure if they used an obfuscation software, but it's quite impressive.

You can also offer software as a service. This way your codes resides in your own server. This is what I'm doing.

Hope this helps.

Cheers!
See even if i make such a function like SQL file will be downloaded from my server but still even after someone having my purchased product and he/she can share the SQL Dump file and it can be null easily by manipulating the script. Yes, i like your idea but i need some more intense security encryption. Like what if i can do one thing that always it will check the license from my server or what if i can host all my buyer's SQL in my server then if will allow only the person having license code, then he/she only can access to the script. What you say? And i'll make a session query that even if someone will make SQL file then also it will not be accessible because it will ask for session json token. And the json token will be generated randomly by my server.
 

phpcore

ReLOADED
Staff member
Moderator
Null Master
Trusted Uploader
Jun 6, 2020
1,212
1,069
120
127.0.0.1/::1
bit.ly
See even if i make such a function like SQL file will be downloaded from my server but still even after someone having my purchased product and he/she can share the SQL Dump file and it can be null easily by manipulating the script. Yes, i like your idea but i need some more intense security encryption. Like what if i can do one thing that always it will check the license from my server or what if i can host all my buyer's SQL in my server then if will allow only the person having license code, then he/she only can access to the script. What you say? And i'll make a session query that even if someone will make SQL file then also it will not be accessible because it will ask for session json token. And the json token will be generated randomly by my server.

And if this person is a member on babiato, your script will be for sure nulled ;)

The solution is : applications in the cloud
 
  • Haha
Reactions: Saint Gabriel

slvrsteele

Cranky mo(o)d
Staff member
Moderator
Null Master
Trusted Uploader
Nov 5, 2019
3,276
3,285
113
CDN
That mean permanent query to your server. With low number of queries won't be a problem but if that number gets high either your hosting will filter or if you're behind cloudflare those queries will be blocked or your hosting will disable your server for DDoS like attack. And beside that who can stop someone to replicate the queries on local where script is installed and bypass requests to your server? One option would be ioncube but if the script is worthy then some can be tempted to pay to decode it.
 

ChintanBhat

Well-known member
Moderator
Null Master
Trusted Uploader
Nov 18, 2020
1,149
1,120
120
36
Universe
babiato.org
And if this person is a member on babiato, your script will be for sure nulled ;)

The solution is : applications in the cloud
Yeah! I thought the same but then i think if somethings happen with my server, like if it's gets crash or like it's runtime error for like also even for 10 sec then buyers will get panic. That's why i dropped this idea.
 

ChintanBhat

Well-known member
Moderator
Null Master
Trusted Uploader
Nov 18, 2020
1,149
1,120
120
36
Universe
babiato.org
That mean permanent query to your server. With low number of queries won't be a problem but if that number gets high either your hosting will filter or if you're behind cloudflare those queries will be blocked or your hosting will disable your server for DDoS like attack. And beside that who can stop someone to replicate the queries on local where script is installed and bypass requests to your server? One option would be ioncube but if the script is worthy then some can be tempted to pay to decode it.
Yes, IONCube is not the only solution for licensing because it may also get decode. And you're right server may get disable but what if i have my own dedicated server? And yes it can be bypass the request from the server. This idea is also dropped😗
 

HeyMakarina

Active member
Jul 29, 2020
242
227
43
Every script can be nulled regardless how you encrypt. Even latest ioncube can be decoded. Question is your script is good enough to pay decoding service.

Also depending on your product, you might consider SaaS option since end users do not get script on their hands.
 

ChintanBhat

Well-known member
Moderator
Null Master
Trusted Uploader
Nov 18, 2020
1,149
1,120
120
36
Universe
babiato.org
Every script can be nulled regardless how you encrypt. Even latest ioncube can be decoded. Question is your script is good enough to pay decoding service.

Also depending on your product, you might consider SaaS option since end users do not get script on their hands.
See my question is not about my script is good or bad. My query is how i can make my script more secure licensing. And i think end user Saas is also not be a good option
 
  • Like
Reactions: HeyMakarina

slvrsteele

Cranky mo(o)d
Staff member
Moderator
Null Master
Trusted Uploader
Nov 5, 2019
3,276
3,285
113
CDN
As I said to a developer on this forum some time ago: if your script is worthy then people will buy it to support it. Tho the buyers will be like 40-50% of the uses is still a gain. What should be your concern are the low price resellers and GPL sites.
There is no bullet proof encryption and licensing (think that php has to be interpreted for script to work so one way encryption is out of discussion). Focus on features and quality and people will buy it on long term run. Don't expect a pot of gold from the beginning.
You can offer a try before you buy option for couple weeks then the script goes in complete lockdown. In that trial period have the script always get data from your server. As we don't know exactly what your script is doing can only assume a way of work.
 
  • Like
Reactions: ChintanBhat

ChintanBhat

Well-known member
Moderator
Null Master
Trusted Uploader
Nov 18, 2020
1,149
1,120
120
36
Universe
babiato.org
As I said to a developer on this forum some time ago: if your script is worthy then people will buy it to support it. Tho the buyers will be like 40-50% of the uses is still a gain. What should be your concern are the low price resellers and GPL sites.
There is no bullet proof encryption and licensing (think that php has to be interpreted for script to work so one way encryption is out of discussion). Focus on features and quality and people will buy it on long term run. Don't expect a pot of gold from the beginning.
You can offer a try before you buy option for couple weeks then the script goes in complete lockdown. In that trial period have the script always get data from your server. As we don't know exactly what your script is doing can only assume a way of work.
See it will be a backend controlling for the website, those who have cart functionalities or kind of payment controlling and they want to secure their API call from the gateways to over fluctuate the call function for returning a successful payment notification upto this it will help to secure your payment as well as it will take your website security to the next level like i can give you some overview for the project is like it's a php based cloudflare and more over functionalities i'm thinking to add so after a first release i would take suggestions from you guys as well as from buyers that what extra they need. i hope you got your answer about my script. Well i don't know whether my script is good for you or not but i'm giving my best to the script to make it very useful and more powerful. And i think you're right i can give trial period for the script and i'll buy a dedicated server for the backend handling for the packages, SQL and all then it will be little bit easy for me to check my own server only regard contacting my hosting support again and again.
 

wooyihoo

Active member
Babiato Lover
Trusted Uploader
Oct 26, 2020
150
67
28
software as a service has been working for me for years. scaling is the only way to handle huge amounts of workloads (ie. 200 requests per second). put it in cloud flare, then a load balancer server connecting to php servers (depending on the load of each server), then php server connecting to database clusters.
 

ChintanBhat

Well-known member
Moderator
Null Master
Trusted Uploader
Nov 18, 2020
1,149
1,120
120
36
Universe
babiato.org
software as a service has been working for me for years. scaling is the only way to handle huge amounts of workloads (ie. 200 requests per second). put it in cloud flare, then a load balancer server connecting to php servers (depending on the load of each server), then php server connecting to database clusters.
Well will clusters will handle the GET and POST request if there will be increase in both the commands?
 

HeyMakarina

Active member
Jul 29, 2020
242
227
43
just an idea.
if you can implement OTP like verification on your server side, and client server side.

Once client server executes php code, it requires token from your server, which is very likely coded to OTP. Your server checks license, then send back generated token to their server, and code will executed. Also chain set last requested token to wait for next request.

Then encode with ioncube :p
 

wooyihoo

Active member
Babiato Lover
Trusted Uploader
Oct 26, 2020
150
67
28
Well will clusters will handle the GET and POST request if there will be increase in both the commands?
The php servers will handle those. You just need to separate the database server from the web servers so it will be easy to scale. In my case, i have 10 web servers connecting to 1 database server (with 2 replicated readonly database servers).
 

ckeeper

Well-known member
Nov 8, 2019
510
296
63
Majority of the nullers have challenges on completely nulling a script if there is a part that makes api calls to your licensing servers in order to get activated. Whmcs has a licensing feature so does bunch of others, but creating a cloud application that responds to calls if they are registered sounds like the best approach. Good luck.
 
Last edited:

wooyihoo

Active member
Babiato Lover
Trusted Uploader
Oct 26, 2020
150
67
28
If you really need to give away the code to your client and let them store and run them in their servers, another idea would be to run part of that script in your server. What I meant is that some functionality in your script are processed in your server. For example is the user roles , all user roles data are only stored in your server (not in the script database) and will require the license key to be sent to your server. Then your server return the data required for the by the script after validating the license.

This way nulling will be useless as the script / app requires part of the functionality to be connected in your server.

What do you think?

Cheers!
 

ChintanBhat

Well-known member
Moderator
Null Master
Trusted Uploader
Nov 18, 2020
1,149
1,120
120
36
Universe
babiato.org
If you really need to give away the code to your client and let them store and run them in their servers, another idea would be to run part of that script in your server. What I meant is that some functionality in your script are processed in your server. For example is the user roles , all user roles data are only stored in your server (not in the script database) and will require the license key to be sent to your server. Then your server return the data required for the by the script after validating the license.

This way nulling will be useless as the script / app requires part of the functionality to be connected in your server.

What do you think?

Cheers!
Yeah!! This thing is really something that i can work in. Thankyou let me do some more research on this.
 
AdBlock Detected

Hi bro. Can you please help us?

I know the ads sometimes are too annoying and you want to use Adblock. But I think you can support us by adding Babiato to the whitelist. It will help us and our community.

Thanks for your help!

I've Disabled AdBlock