#30 provide MAC_ADDRESS support

open
nobody
None
5
2003-09-13
2003-09-13
Anonymous
No

Hi,

since turck mmcache can encode php-scripts
it would be nice to have a function that gives
access to the system's MAC-address.

This could help people who want to encode
scripts and restrict them to certain MAC-addresses.

e.g. a function like mmcache_mac(0..n);

could retreive the MAC-address.

So one could restrict encoded scripts to certain
systems.

Discussion

  • Nobody/Anonymous

    Logged In: NO

    I searched a bit and found that.

    So one could make a php function
    mmcache_get_mac($controller),
    where $controller is "eth0" or "eth1" a.s.o.

    #include <sys/socket.h>
    #include <stdio.h>
    #include <unistd.h>
    #include <linux/sockios.h>
    #include <linux/if.h>

    int main ()
    {
    int _sock,res;
    struct ifreq ifr;
    unsigned char *hwa;

    memset (&ifr,0,sizeof(struct ifreq));
    _sock=socket(PF_INET,SOCK_DGRAM,0);
    strcpy(ifr.ifr_name,"eth0");
    res=ioctl(_sock,SIOCGIFHWADDR,&ifr);
    if (res<0) return 0;
    hwa=ifr.ifr_ifru.ifru_hwaddr.sa_data;
    printf ("%02x:%02x:%02x:%02x:%02x:%02x\n",
    hwa[0],hwa[1],hwa[2],hwa[3],hwa[4],hwa[5]);

    return 0;
    }

     
  • Dmitry Stogov

    Dmitry Stogov - 2003-09-15

    Logged In: YES
    user_id=124551

    Sorry, but I don't like to provide MAC-address restriction in
    MMCache, because it is an Open Source program and
    anybody can chage the code to workaround the restriction.

     
  • Jonathan Oxer

    Jonathan Oxer - 2003-09-27

    Logged In: YES
    user_id=513922

    Hi Nobody,

    There are lots of ways people may want to set up a licencing
    restriction scheme, and trying to make mmcache support them
    all would not be practical. Some people might want to use
    MAC address matching (which is not actually secure, by the
    way, since under Linux the MAC address can often be changed
    by the root user) while others might want a licence key
    file, maybe combined with time limits.

    Since mmcache obscures the source code anyway, why not just
    write the licence management system directly into your web
    app? That way you can make it do anything you like such as
    match MAC addresses, licence keys or sunspot activity reports.

    Cheers :-)

    Jonathan Oxer

     
  • Andrea Trasatti

    Andrea Trasatti - 2003-11-26

    Logged In: YES
    user_id=278539

    Hello Dmitry,
    I agree with you anyone could read your sources and
    decode my compiled PHP. This would break any commercial
    agreement between him and my company! That's the use of
    encoding the scripts.
    On the other side, if I distribute my scripts in clear text, the
    customer will be able to simply read my sources and copy my
    algorithms... I know it's a thin line, but if I can demonstrate
    that he decoded my sources and copied it's different from the
    same case when I delivered my scripts in clear text.

    This is my 2 cents.

     
  • Jonathan Oxer

    Jonathan Oxer - 2003-11-26

    Logged In: YES
    user_id=513922

    Hi Trasatti,

    I don't think that's quite what Dmitry meant about working
    around the MAC address matching restriction. He didn't mean
    they could read the mmcache source to get access to your
    source, me meant that if mmcache had some internal mechanism
    that checked MAC addresses and then refused to run unless
    certain conditions are met, anyone who wanted to run your
    code could just get the mmcache source, remove the condition
    check, and recompile it.

    They would then have a copy of mmcache that would be capable
    of running any encoded scripts no matter what restrictions
    had been set, because that version of mmcache would just
    ignore the restrictions. It doesn't mean they've got access
    to your source.

    On the other hand, if you build the protection mechanism
    into your PHP app as I suggested a few comments below it
    couldn't be removed by a third party since they won't have
    access to your source in the first place.

    So IMHO the place to implement a protection mechanism is
    directly within the app you want to protect, not in the
    environment that runs it. The environment is too open to
    manipulation.

    Cheers :-)

    Jonathan

     

Log in to post a comment.