Greetings,

Is there anyway to modify the HTML displayed in the header? For security reasons, I would REALLY prefer to keep the fact that it is encoded with nusphere completely out of site of anyone.

Thanks...

It will be possible to encode with custom headers in version 1.4.
But it will nevertheless keep NUCODER keyword in the beginning of binary.

Greetings,

Thanks for the reply, but I do not understand the logic behind that. The message appears only when the developer/web master user of NuSphere encoded items has not yet installed NuSphere on the server/php engine, which should actually never happen 99.9% of the time. Why would it be wise to advertise the fact that this is the encoding scheme to folks whose purpose may be to crack into the site? It seems to me that for the sake of a plug for NuSphere, it provides a potential shortcut to a compromise to the code.

logic is very simple.
Say you're an end-user and want to evaluate an e-commerce software written in php. Say, you went ahead, found and downloaded one solution that is encoded. Of course, if you have phpexpress installed on your website, software will run, otherwise, it has to point you out to right direction for installing phpexpress which is the loader and accelerator for nu-coded files.

This is an example of the header in an IonCube encoded file.

<?php //003f4
// GLOBODIGITAL Support center
// www.globodigital.net
// @package SupportCenter
// @copyright (C) 2000-2006 GLOBODIGITAL.net,
// @license Commercial
if(!extension_loaded('ionCube Loader')){$__oc=strtolower(substr(php_uname(),0,3));$__ln='/ioncube/ioncube_loader_'.$__oc.'_'.substr(phpversion(),0,3).(($__oc=='win')?'.dll':'.so');$__oid=$__id=realpath(ini_get('extension_dir'));$__here=dirname(__FILE__);if(strlen($__id)>1&&$__id[1]==':'){$__id=str_replace('\\','/',substr($__id,2));$__here=str_replace('\\','/',substr($__here,2));}$__rd=str_repeat('/..',substr_count($__id,'/')).$__here.'/';$__i=strlen($__rd);while($__i--){if($__rd[$__i]=='/'){$__lp=substr($__rd,0,$__i).$__ln;if(file_exists($__oid.$__lp)){$__ln=$__lp;break;}}}@dl($__ln);}else{die('The file '.__FILE__." is corrupted.\n");}if(function_exists('_il_exec')){return _il_exec();}echo('Site error: the file <b>'.__FILE__.'</b> requires the ionCube PHP Loader '.basename($__ln).' to be installed by the site administrator.');exit(199);

Notice that even IonCube tells the user that the file is encoded, and that he needs to install the IonCube loader to execute the file.

I think, like Dmitri, that there is a good reason for keeping the Nucoder information in the header.

after bzink's post, I think that there are two quite different scenarious of nucoder usage:

1st: you encode your project to be released as say trial version to your customers. In this case you have no control on extensions installed on their servers and clear indication on what must be installed in order to get encoded files to work should be in their headers.

2nd: you encode your live site to get more protection for the sensitive data that otherwise would be in plain text form like say mysql password in phpbb config files, etc. In this case you have full (or some good level of) control on what is installed on the server, therefore any reference to the protection mechanism is not desired.

dimitri,

Your last post was right on the mark. That was exaclty my point. I would simply like this feature to be 'optional' as there are occasions for BOTH types of headers. One should not necessarily preclude the other.

Thanks,
Bill

Hallo at all.

I have purchased NuCoder v1.4. And i have encodet some files. Now i have an importand question...

First:

bzink have write:


dmitri have write:


Now my question:
How can i modify the HTML-header of encodet files?