[Vtigercrm-developers] ionCube/ZendGuard vs Vtiger Installer - What do developers prefer?

[Sreenivas Kanumuru]

Thanks Bastiaan. ( i edited the email subject to reflect the discussion)

What do others think of using IonCube or ZendGuard for source code
protection instead of Vtiger installer? If the popular opinion favors
ionCube / ZendGuard, we can take that route. I summarized the pros/cons
below. If users can share more benefits of ionCube/ZendGuard, it will be
helpful.

Benefits of ionCube / ZendGuard

   1. ionCube / Zendguard installers are likely to be preinstalled by
   hosting provider, even in the webhosting plans. So users will be able to
   install paid extensions without having to install Vtiger loader.
   2. Windows installer is readily available (Vtiger installer for windows
   is not yet ready)
   3. Paid extensions can be more widely distributed since more users will
   have the installer ready.

Disadvantages of ionCube / ZendGuard

   1. Users would be able to copy the encrypted extension to another
   machine and use it. It will not be possible to restrict license to MAC
   address (since the extension is distributed through the marketplace, the
   manual generation of license by entering MAC address will not work).
    Developer will need to provide Vtiger a encrypted version with a license
   that doesn't restrict it to a specific address.
   2. 'Try before Buy' feature will not be available
   3. There are already some hacking tools to convert code obfuscated by
   IonCube back to readable format (
   https://www.youtube.com/watch?v=8cMKiWdxpvA).
   4. Developer has to pay $400 to $800 to buy the ionCube/ZendGuard Tool.
   (with Vtiger installer, developer is free)

Via our marketplace, even if we go with ionCube / ZendGuard, Publishers
will still be able to view the number of downloads, sales revenue, etc,
through the publisher portal.

Regards,
Sreenivas



On Mon, Aug 11, 2014 at 2:19 PM, Zebra Hosting <support at zebrahosting.eu>
wrote:

>  We also offer Colo what would be number 4 on your list. + a variety of
> managed and un-managed versions
> of each.
>
>  Yes we have ion cube standard installed for all (shared) hosting yes.
> Both windows and Linux systems.
>
>  Bastiaan Houtkooper
> Zebra Hosting
>
>
>
>   From: Sreenivas Kanumuru <svk at vtiger.com>
> Reply-To: "vtigercrm-developers at lists.vtigercrm.com" <
> vtigercrm-developers at lists.vtigercrm.com>
> Date: maandag 11 augustus 2014 10:22
> To: "vtigercrm-developers at lists.vtigercrm.com" <
> vtigercrm-developers at lists.vtigercrm.com>
> Subject: Re: [Vtigercrm-developers] vtiger > Market place module
> protection (was: joomla articles)
>
>   Thanks for the feedback, Bastiaan. We can open up the store to allow
> developers to encrypt using IonCube/ZendGuard and distribute via
> marketplace. Besides the concerns i shared one of the other features we
> will not be able to offer with IonCube/ZendGuard, is the 'Try before you
> Buy' feature.
>
>  I wanted to seek some input to help shape our decision.
>
>  I see hosting companies generally have 3 plans
>
>  1. Web Hosting (cheapest)
> 2. VMs
> 3. Dedicated Servers
>
>  Are you saying that IonCube installer is preinstalled for Web Hosting
> accounts?
>
>  thanks,
> Sreenivas
>
> On Mon, Aug 11, 2014 at 12:41 PM, Zebra Hosting <support at zebrahosting.eu>
> wrote:
>
>> Dear Screenivas,
>>
>>  Thanks for your explanation, (although I had those reasons also figured
>> out). They are logical and make sense from vTiger point of view.
>> From a hosting company point of view it will be a bit different. Guess we
>> will have to advice people to run vTiger from their own VM if they want to
>> use the marketplace.
>> Seriously increasing their costs from standard hosting. Lets see if they
>> think it is worth it.
>>
>>  Remains the overal discussion how people protect their modules now
>> outside the marketplace and if there is something to learn from that
>> process.
>>
>>  Bastiaan Houtkooper
>> Zebra Hosting
>>
>>
>>
>>
>>   On 11 aug. 2014, at 07:02, Sreenivas Kanumuru <svk at vtiger.com> wrote:
>>
>>    Bastiaan, Thanks for sharing your feedback.
>>
>>  We considered using IonCube or ZendGuard. However, we didn't proceed
>> because of the following concerns.
>>
>>    1. Each extension developer has to purchase the Encoder ($400 to
>>    $800) and pay additional support fees.
>>    2. On the same MAC address we can have multiple copies of Vtiger. So,
>>    the standard MAC address based restriction would not work.
>>    3. Developer has to encode before submitting to Vtiger. (with our
>>    loader, developer has to click a checbox to encrypt - nothing else)
>>    4. IonCube doesn't work with APC. (reference
>>    <http://www.google.com/url?q=http%3A%2F%2Fstackoverflow.com%2Fquestions%2F3828845%2Fare-apc-and-ioncube-fully-compatible&sa=D&sntz=1&usg=AFQjCNHp3GMEh17QElm2gKVseSMDmNQGnw>)
>>
>>
>> We needed more flexibility, and wanted to make it easier and less
>> expensive for developers. So, we invested the time into developing the
>> Vtiger Loader as an alternative to  IonCube / ZendGuard / SourceGuardian.
>>
>>  Regards,
>>  Sreenivas
>>
>> On Mon, Aug 11, 2014 at 2:42 AM, Zebra Hosting <support at zebrahosting.eu>
>> wrote:
>>
>>>  Creating a new subject to avoid hijacking Andrews thread.
>>>
>>>
>>>  Prasad, as mentioned earlier we are not going to use the vTiger market
>>> place extension on our servers for security reasons and I assume more
>>> companies will think the same way.
>>>
>>>  That leaves the option for those companies to install modules via de
>>> manual install but the modules will not be encrypted and easy to copy
>>> (correct me if I am wrong)
>>>
>>>  I haven't been checking what could be an alternative option but would
>>> love to hear suggestions and experience how people protect their vTiger
>>> modules.
>>>
>>>  Ioncube has been a standard way but I am not sure how it plays with
>>> the marketplace.
>>>
>>>  Would it be possible to add a modules to the marketplace with a 3rd
>>> party encryption like ioncube?
>>>
>>>  I really hope you guys find a way to make the market place work with
>>> some form of security but without the mandatory extra extension install.
>>> That would solve most issues (and end this discussion)
>>>
>>>
>>>  Bastiaan Houtkooper
>>> Zebra Hosting
>>>
>>>
>>>
>>>
>>>
>>>
>>>  On 10 aug. 2014, at 20:28, Prasad <prasad at vtiger.com> wrote:
>>>
>>>  If you are not choosing source-protection for your extension on
>>> marketplace. When customer downloads the file it would not be altered. This
>>> would mean the code you had submitted (raw / encrypted) would be sent over.
>>>
>>> I assume you would submit the code with 3rd party protection if you have
>>> already have the licensed copy of those application.
>>>
>>> Could you please share more details on the confusion.
>>>
>>> Regards,
>>> Prasad
>>>
>>> *Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I*
>>> Facebook <http://www.facebook.com/pages/vtiger/226866697333578?sk=wall>
>>> *I* Blog <https://blogs.vtiger.com/>* I* Wiki
>>> <http://wiki.vtiger.com/index.php/Main_Page> *I *Forums
>>> <https://discussions.vtiger.com/>*I* Website <https://www.vtiger.com/>
>>>
>>>
>>> On Sun, Aug 10, 2014 at 3:49 PM, Zebra Hosting <support at zebrahosting.eu>
>>> wrote:
>>>
>>>> But than the source is unprotected.
>>>> I would like to see (as mentioned by others) a common way like ioncube,
>>>> to protect the source. I like the idea to support the market, I like the
>>>> idea of bringing in modules but it needs a decent protection without extra
>>>> libs.
>>>>
>>>>  Bastiaan Houtkooper
>>>> Zebra Hosting
>>>>
>>>>
>>>>
>>>>   On 10 aug. 2014, at 12:04, Prasad <prasad at vtiger.com> wrote:
>>>>
>>>>    Bastiaan,
>>>>
>>>>  You can list the extension on marketplace for free and opt-out source
>>>> protection.
>>>> Customers will be able to use the same on CRM without need of "exotic
>>>> drivers".
>>>>
>>>>  Regards,
>>>> Prasad
>>>>
>>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>   _______________________________________________
>> http://www.vtiger.com/
>>
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140811/38fd0986/attachment.html>