0

Can the php source of a web app be considered safe on the server, or is it worthwhile obfuscating the code to reduce the chance of successful theft?

I think my question boils down to 'Is there a chance someone could hack a web server and steal all source code?'

user4370541
  • 11
  • 2

2 Answers2

3

By principle, PHP runs on the server side, only its HTML output is visible on the client side. This means NO need to obfuscate your PHP code as you do with JavaScript or other client-side scripting languages.

So the security of your PHP application code depends entirely on the security of your server itself.

  • Is the risk of the server being compromised to the point of code being stolen a realistic situation to prepare for? Or is this something extremely rare? – user4370541 Jan 16 '15 at 20:11
  • 2
    @user4370541 No, it is not extremely rare. It is very common and you can find thousands of such security breaches on Internet. The first thing to do when you want to host your application online, you must check the reputation of the company that will host it –  Jan 16 '15 at 20:13
1

If the compiler or interpreter can read it then someone can write code to de-obfuscate it.

In 99.99% (sweeping generalization, not a statistic (if someone has statistically viable metrics around code-obfuscation I would love to see them)) of cases obfuscating code is just going to get in the way of debugging and review for a marginal benefit.

u2702
  • 2,086
  • 10
  • 11
  • Any statistics to support this 99%? (This is a nice way of telling you that made up statistics are worthless). – Simon Jan 16 '15 at 19:58
  • I would say that "99%" is more of a "sweeping generalization" than a statistic. – u2702 Jan 16 '15 at 20:03