Obfuscation¶
Obfuscation refers to the practice of deliberately making something difficult to understand or obscure.
In the context of web security, code obfuscation is a technique used to make source code more difficult to filter and identify as a threat. The primary goal is not to improve the program’s functionality but rather to hinder reverse engineering, the extraction of sensitive information from the code.
In the context of development, obfuscation leads to making the code difficult to read, so that it cannot be maintained or modified for any purpose. This is a weak strategy to protect intellectual property for editors, which usually rely on encryption of the code. Obfuscation may be achieved by using very generic terms, abbreviations, unknown languages, abstract naming schemes.
<?php
// built with base64_encode($_GET);
$v = "X0dFVA==";
// obfuscated code : this displays $_GET
print_r($\{base64_decode($v)});
// This function does not help its caller, unless the definition is read.
echo foo('yes', 'no');
function foo($cat, $dog) {
// very simple feature, with misleading names
return $cat . ' and ' . $dog;
}
?>
See also Obfuscate Your PHP Source Code and unPHP.
Related : Security, Minification, Proprietary Source