Developer

Zend Encoder safeguards your PHP source

Do you hate when others can easily view your custom PHP code? That's where Zend Encoder 2.0 enters the picture. It applies security to your code so that it remains your code. Check out this article for more details.


Anyone who professionally develops Web-based applications now has a powerful tool available to securely distribute PHP code without having to reveal the source. Zend Encoder 2.0 supplements the security of your intellectual property by encoding PHP files into a non-human-readable format, protecting your code on the server itself. Zend Encoder hails from the creators of PHP 4. The software is equipped with a new user interface, making the Encoder functionality available to a larger audience. It also ties nicely into the Zend Development Environment (ZDE). Let's take a closer look at what the product offers.

 
Product Encoder 2.0
Zend logo
Vendor Zend
Highs Allows distribution of code without releasing source
Lows Interface is a little kludgey
Pricing $2,400, $2,880 with 1 year support, Optimizer free
Evaluation You can download a restricted demo version.
Zend Encoder product breakdown

Encoding
Protecting source code is a major consideration in the distribution of custom-developed solutions. Zend Encoder has taken yet another step toward achieving PHP's acceptance into the enterprise software realm by allowing users to produce encoded scripts for distribution. Encoder takes advantage of PHP server technology to deliver this much-needed functionality.

To put the product to work, you must first install Encoder and Optimizer (a free app that runs files you encode with Zend Encoder) on your Web server. Once you have written your script(s), you can use functionality built into Zend Studio or use the Encoder interface to create a project, which is a collection of scripts. Just specify a target directory for the encoded files and click Encode. Zend Encoder makes a call to your PHP installation (which uses the Zend Engine), runs it through Zend Optimizer, and spits out what is called a Zend intermediary file (which has a .zif extension). This non-human-readable file is then placed in your document directory to be parsed when requested.

When the file is requested, the .zif format is recognized and parsed to the user. This is a clever and effective use of the PHP server that not only obscures the source while in file format but also provides a performance improvement because the file does not need to be optimized on the fly. Additionally, the arrangement of PHP and Zend's product infrastructure gives developers a unique advantage over other PHP encoding products: Server-level functions are utilized up front, and no CGI interpreters are required to view the final product.

But how did it taste?
In using Encoder, I was pleasantly surprised with both the simplicity of the product and the powerful effectiveness of its features. Installation of both Encoder and the Optimizer went so smoothly and was so well automated that I had to run phpinfo() and create a test script before I could believe that it had been successful. Encoding files from Zend Studio was equally seamless, and Encoder's interface itself is simple and can be used interchangeably with command-line or Studio directives.

Once I got into using the product, I did find a couple of minor ramp-up annoyances. The documentation did not mesh with the reality of the software, and the included User's Guide does not actually contain information on how to use the product. Also, and this is partially due to lacking documentation, I had to play with the fields in the interface to figure out how they worked, especially in relation to each other. Specifically, the target directory is created in relation to the source directory, so if you reencode, you must remove the target directory from your project first or it will be included. But even without documentation, I had to play with Encoder for only a few minutes before figuring out how to use it.

What really thrilled me about Encoder was how well it worked. The intermediary files that are created are truly not human-readable, unlike competitors' products, which merely make the code difficult to read. Also, integration of files is easy because they retain the .php extension and function seamlessly with nonencoded PHP scripts and include files. The ability to save modified projects in Encoder helped speed up production when reencoding modified files. The security and optimization benefits of running Encoder far outweigh any perceived detriments of having to run freeware (Zend Optimizer) on the server.

Zend Encoder 2.0 is a valuable tool for the professional PHP developer. By using its closed format to conceal source code, Zend has responded to the enterprise needs that have arisen in the PHP community. At the same time, Zend has intelligently provided a solution that has a minimal impact on the development and hosting environment and that has a positive effect on server performance.

Although the documentation was insufficient, the product is fairly simple. It does one thing and does it well. This, along with Zend's experience in the industry, responsiveness to users, and, of course, the product's interoperability with Zend's other products, such as Studio and Accelerator, makes Encoder the obvious choice for PHP code protection and helps PHP provide an excellent solution for businesses.

Final thoughts
As is often the case, you can pick only two of "cheap, fast, and good"—and Encoder carries a hefty price tag. But the expense may be justifiable in comparison to total software costs of developing and deploying other languages. If your business has the need, Zend Encoder 2.0 is the right choice. On a scale of one to five, I give it a 4.5.

Editor's Picks