New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Anyone ever heard of "Billic"?
Stumbled across this while looking for a WHMCS module for VirtualBox. Anyone used it before? There were some issues with getting to the site due to SSL errors, and there's gems like this on their site:
Thank you, Lead Developer.
But with their statement of "fully modular", might be interesting, especially for 10 eur a month, or 200 eur once.
Comments
"Too many redirects occurred trying to open https://www.billic.com"
Same here they might want to fix that for the chrome/chromium crowd. Did not try on FF.
It happens for Firefox too.
Same on Safari.
It would appear I'm the only one who can visit their site. That's not going to be good for business.
Safari refused to connect for me, I had to use Firefox which worked on my end of things.
Interesting business plan they have there. Can imagine the meeting they had to come up with that one. Let's just let one user from LET visit our site and that should do it...........
They are so secure that I couldn't see their website either.
probably a ssl configuration error
Their SSL configuration is terrible - they couldn't even stick the proper chain so the damn website would be secure.
I would imagine that they're not much better at software then!
Hello,
We apologize for any inconvenience this may have caused, and would like to thank you for your feedback on the matter.
We have addressed these issues and concerns. We once again apologize for any inconvenience this may have caused.
Regards,
Adam W
Billic.com
"Custom Built Database Class
Custom built database class based on the MySQLi PHP extension which makes it easy for any module to prevent SQL injections."
Is Billic open-sourced or is it ion-cube'd? If it's open source and I can extend it, maybe this is interesting (though @joepie91 is going to smack you down for not using PDO).
If it's encrypted like WHMCS, then who cares? Woo hoo, you wrote a class...
Alright. So, given that you claim to have security as a core focus...
This is not necessarily a problem. MySQLi does offer parameterized queries (and it is, in fact, what PDO is based on), so it depends on the answer to question 4.
EDIT: Man, the quote feature is buggy...
Remember Virtpanel? Same people as it seems. Only Virtpanel is no more.
http://www.dellam.com/07079770-VIRTPANEL LTD
http://www.lowendtalk.com/discussion/20245/bitaccel-com-having-problems-virtpanel-account-suspended
http://www.webhostingtalk.com/showthread.php?t=1488407
...
Hello,
Thank you for your questions, we work from your questions and use them as feedback as we want to give our clients and potential clients a decent product that has multiple uses.
Regards,
Adam W
Billic.com
Unacceptable. This keeps your customers from auditing the source code, or from patching issues themselves as needed, all the while not preventing actual pirates from pirating your software (just like for every other form of DRM).
As long as you are using an obfuscator, you are not in a position to claim that you "care about security". Kerckhoff's Principle applies.
That is far from sufficient. You should get a professional third party audit ASAP, and publish the results.
That's something, but I'd advise speeding up the building of a security reporting page. You will also want to consider a promised patching timeframe, like Sails has done recently.
That's good.
Hello Joepie91,
We thank you for your advice and we are taking into consideration everything you have said, we are going to try pushing our new website as soon as we can with a security reporting page, as well as a patching timeframe.
We are encoding to prevent source code theft, not to provide security through obscurity.
We are also considering on making Billic 99% "readable" source.
We thank you for your time.
Regards,
Adam W - Billic.com
It seems to be interesting, even though I never heard it but honestly you can find a better alternative such as WHMCS for almost the same price.
I would love to see the day were people realizes that trying to hide your code is pointless.
You may have a better chance to protect if you do SaaS, but if it runs on other people machines it will be cracked if a reson for cracking it exist.
99.9% of the times would be that hard to replicate the functionality even if you never saw a line of code.
Your software is a real living proof of that, it's not the first of his type, and it's not the first to be obfuscated. I would bet that the only reason you may think obfuscating to prevent code steal is working is probably because
they have less incentive to crack your software than your competitors.
Might be, you will however not find any serious company that provides a paid PHP application unencoded. Simple as that.
I strongly disagree with this statement. Just yesterday I installed a commercial PHP application - XenForo - and it happens to be not encoded, and it's definitely from a serious company.
Most of Blesta is not encoded either.
Xenforo is not a billing system. Though, my answer was not clear in that regard, so you are sort of right.
I am aware. The problem is that source encoding doesn't and can't actually accomplish this. Once it leaves your physical systems, it is out of your control, and that's the hard reality of it - trying to obfuscate/encode/DRM/whatever is just going to end up hurting your real customers.
It is not technically possible to prevent somebody from copying or reproducing code from their own systems. End of story.
Open-source, or readable source? For something to be open-source, it must comply with these rules. If customers are able to read the source but not allowed to modify or reproduce it, then it would not be open-source (even if it is still a step up from encoded/obfuscated source).
I do want to say that I'm happy that you're taking the feedback seriously
Very few companies use obfuscators. No legitimately professional ones do, that I have seen. Usage of obfuscators almost always correlates with poor quality code, a reactive approach to security rather than proactive, and various other 'hallmarks of incompetence'.
If you keep running into obfuscated code, then you're purchasing your software from the wrong companies.
Hello,
Yes sorry Readable Source, i updated my original post for that aswell. Once again we do thankyou for your feedback and look forward to rolling out our changes shortly.
Regards,
Adam W
Billic.com
My head is about to explode.
Just chiming in as someone who used to believe that obfuscating your code would make it secure from being hacked and even stolen, you're wrong. Deadly wrong. All you're doing is making it harder for your customers to use it. If I want your source code, I can get it, obfuscating it won't stop me.
Obfuscating software is the equivalent of having non-skippable "DON'T COPY THIS MOVIE!!" messages 30 times before allowing a user to play the movie they bought. Sooner or later, pirating it is going to be the easier and better user experience.
Hello killswitch thank you for your reply can you give me an example please?
using this
Regards,
Adam
Billic.com
Hello,
sorry i meant turning it back into its original source, not what the output was, i should have mentioned that.
Regards,
Adam