|
BobbyDouglas -> Zend and IonCube compromised (1/12/2008 16:37:34)
|
I am sure that many developers have worked with scripts/programs before that are "encoded" using the popular Zend or IonCube encoders.
Unfortunately, beginning last year, there have been many cases where these encoded files have been decoded. Zend is much easier to decode than IonCube, but both are 100% possible.
Comments and extra space are not included in the decoded version, so you don't have the exact file that was encoded, but you have the code for it.
IonCube claims to have "obfuscated bytecode execution engine" which would basically make it impossible to decode the file. The idea behind that, is you take machine level language, and try to convert it back to a high level language (such as C++), before it was compiled to machine level.
What does this mean for everyone?
For lazy developers, who relied on their hidden code to be the main security measures, will be prone to SQL injections, hacks, and other things that will be able to compromise the software. Basically, anyone who decided to code lazy because they knew their code couldn't be seen, will have to go through every piece of code to make sure there are not any open holes.
Developers who coded with security in mind from the beginning should be ok.
|
|
|
|
