Skip to main content
AI Assist is now on Stack Overflow. Start a chat to get instant answers from across the network. Sign up to save and share your chats.

Return to Answer

Additional explanation and details about the premise
Source Link
Eric Hughes
Eric Hughes
  • 841
  • 6
  • 19

The short answer is: you can't. Because the server (which you don't control) executes the code (which you no longer control), they have full control over the response. It's always going to be possible to change stuff and try to fake that it's legit.

But, you can try to make it harder. This is the same premise behind software piracy protection, digital rights management, and other similar technologies designed to restrict what actions can be performed with information outside the owner's/originator's control.

Some ways to do this:

  • obfuscate the heck out of the php to make it more tamper-resistant.
  • have the script send you a hash of itself, encrypted with your public key, as part of its output.
  • encrypt (symmetrically or asymmetrically) most of the php itself, and add a decrypt/execute portion to it.
  • individualize each script copy, including some kind of known, unique value in the expected output of every script you let other people use, and verify it in the output to make sure it's the expected value for that server.

The short answer is: you can't. It's always going to be possible to change stuff and try to fake that it's legit.

But, you can try to make it harder.

Some ways to do this:

  • obfuscate the heck out of the php to make it more tamper-resistant.
  • have the script send you a hash of itself, encrypted with your public key, as part of its output.
  • encrypt (symmetrically or asymmetrically) most of the php itself, and add a decrypt/execute portion to it.
  • individualize each script copy, including some kind of known, unique value in the expected output of every script you let other people use, and verify it in the output to make sure it's the expected value for that server.

The short answer is: you can't. Because the server (which you don't control) executes the code (which you no longer control), they have full control over the response. It's always going to be possible to change stuff and try to fake that it's legit.

But, you can try to make it harder. This is the same premise behind software piracy protection, digital rights management, and other similar technologies designed to restrict what actions can be performed with information outside the owner's/originator's control.

Some ways to do this:

  • obfuscate the heck out of the php to make it more tamper-resistant.
  • have the script send you a hash of itself, encrypted with your public key, as part of its output.
  • encrypt (symmetrically or asymmetrically) most of the php itself, and add a decrypt/execute portion to it.
  • individualize each script copy, including some kind of known, unique value in the expected output of every script you let other people use, and verify it in the output to make sure it's the expected value for that server.
Source Link
Eric Hughes
Eric Hughes
  • 841
  • 6
  • 19

The short answer is: you can't. It's always going to be possible to change stuff and try to fake that it's legit.

But, you can try to make it harder.

Some ways to do this:

  • obfuscate the heck out of the php to make it more tamper-resistant.
  • have the script send you a hash of itself, encrypted with your public key, as part of its output.
  • encrypt (symmetrically or asymmetrically) most of the php itself, and add a decrypt/execute portion to it.
  • individualize each script copy, including some kind of known, unique value in the expected output of every script you let other people use, and verify it in the output to make sure it's the expected value for that server.