Mini-Review: Zend Guard vs IonCube PHP Encoder

I know encoders are antithetical to open source, however there are times when you need to have licenses for software, and only by encoding can you enforce such things. As a company who uses encoding, we also contribute many small (and not so small) fixes, suggestions and new code to several open source projects.

For the last several years, we have been successfully using the IonCube PHP encoder. It works well, providing us with as secure a solution as we could wish for, for our code. Using the linux command-line based version of the tool, we have been able to include it in our build process, in as simple a way as just providing a -e flag to our build script.

I’d like to say, that in the few issues we’ve had (with licensing and compatibility with new PHP versions) the IonCube team has been very pleasant and responsive to our needs.

However, we have had a couple of minor issues, firstly the move from PHP 4 to PHP 5 made it necessary to use a different binary to do the encoding, we missed this and wondered wtf when our builds failed. In addition to this, we have run into several bugs that after several hours of investigation have led back to an IonCube issue; however an upgrade of the software has fixed this every time… till now.

After almost 2 days of debugging an issue that resulted in a whitescreen in IE, a partial page in Firefox, and neither reproducible on any other server, we came to the conclusion that the optimizing done by the IonCube encoder was – in it’s efforts to remove inaccessible logic branches from the opcode cache – removing a valid logic branch.

Due to the amount of head pounding involved in finding this issue, I started to consider using Zend Guard instead, figuring that Zend has far more resources and more experience in this arena, we might see less issues.

Well, after a false start of the damn thing needing a GUI to install (really? on a headless linux [dev] server? check the installer binary help output, there is a cli flag! :), I installed on OS X at first – if you’re curious (as I was) the GUI is an Eclipse based encoding project management tool. You create projects, and choose all the options to encode them with. Kinda neat, but overkill, I feel, for most people.

In addition to being overkill for my needs, it didn’t have the one feature I liked from IonCube, the ability to copy code verbatim (for example, a configuration file) instead of encoding it; however, the command line version of the zend encoder does have this feature.

I was able to, very quickly, once it was installed able to setup a new -z flag to use the Zend Guard encoder in our build script, and it really, just works. In 1 week we pushed it out to staging, then within a month, to production, and not a single problem.

I can recommend both these products, IonCube if you’re lighter on cash has served us well, but Zend Guard if you really want the more superior product, especially if the Zend Guard GUI might be of use to you.

– Davey