PDA

View Full Version : [ubuntu] Ioncube loader



DustWolf
August 2nd, 2012, 09:43 PM
Hello,

I keep an ubuntu server with LAMP... a user asked me to install an "Ioncube loader". I am considering if I want to do this. I am concerned about security in two ways:
1. Installing a propertiary binary that may very well be a backdoor
2. Installing a decoder, which allows encrypted PHP I cannot check for obvious exploits (which to my experience to date has always been poorly coded and full of exploits)

On the other hand, ioncube is likely a reputable company and the client claims "all hosting providers usually have this installed" (which personally I don't believe for a second).

I would like to have some oppinions. What do you think? Is it safe?

Thanks.

LP,
Jure

d4m1r
August 3rd, 2012, 12:15 AM
1) Most people do NOT encrypt their php with ioncube or other systems.

2) If it is encrypted, you cannot easily check what it is doing so I'm sure security people on here would advise against it on that grounds.

3) I'd say run it ONLY if you really really need to.