I’ve been brainstorming for a while regarding the best approach to distribute closed-source modules. I’d like to mention that I have found similar question(s) on SE sites but don’t think this is exactly the same scenario.
Let’s say I wrote a set of well-tested PHP classes which I used as a core for multiple projects (copyright is mine). It has EntityManager, ACL, ORM, Configurable Cacheing, Action logging Admin panel functionalities etc which can be very handy in any database driven projects. (Let’s not start argument regarding the integrity of the project itself 😉
My plan is to implement SAAS with the current set of functionalities, but the problem is most of the people I discussed would like it hosted in their servers and wouldn’t mind paying a small recurrent loyalty fee. That leads to the ultimate question of choosing the best way of distributing such module / micro-framework.
I found following options to consider:
PHP Extension:
First solution that’ll come to anyone’s head is to develop and distribute as a standard php extension (Which will check for valid license-code in the cache once in a while and a cronjob will update license from license server periodically). I checked php-cpp.com regarding this and it seemed pretty impressing. One major difficulty is that the extension should be able to talk to mysql / redis etc (based on the configs passed to instantiate the object) by itself. At the moment, current php classes utilise MySQL and PHPRedis extension. I’d like to be able to add Mongodb, Cassandra/ElasticSearch functionality in near future. I’m not sure how it could be achieved. If anyone can possibly shed a light about how an extension can perform mySQL query internally that would be a great help.
Zephir:
I’ve seen some performance benchmark and Phalcon is one of the top competitors. The major advantage for me is that Zephir is php-like and it’ll take considerably less time than writing C++ extension. But looking at the discussion boards, it appears that Zephir is a bit undercooked. By the time it’ll be ready for production, php itself will introduce PHP7/NG. Also, same difficulty in the extension writing is present here.
HHVM:
Arguably, the best solution as it converts everything to byte-code and I wont’t have to worry about the extension-difficulty here. But I have a new problem: I won’t be able to allow users to attach their function (anonymous function) to the events triggered in my module (e.g: OnDuplicate() or OnPost()).
Any idea, resource or comment is greatly appreciated. Thanks.
2
I honestly think you need to give up on not distributing code in your case. Closed source does not mean you don’t/can’t distribute code, it means that they are not allowed to distribute it.
I think you should really evaluate your goals. If you want to stop people from looking at your code, then use an obfuscateor, if you want to bill per install then use a licence checker of some kind. If you can’t trust your clients, then get new clients.
Besides (and I mean this in a nice way), your code is “worthless” in this type of scenario, it’s your idea and implementation that has value. Even if someone never gets your source code, they can just copy the idea.
4
What about using Zend Guard or ionCube PHP Encoder? Or why is it a problem to distribute your source code for a fee?
This is a problem not special to PHP. Many companies write libraries that they sell in source code form.
1