Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

(Ovid - Security is *still* the issue) Re(4)

by Ovid (Cardinal)
on Jul 18, 2001 at 00:19 UTC ( [id://97433]=note: print w/replies, xml ) Need Help??


in reply to Re: (Ovid Security *is* the issue) Re(2): Security, is it to much to ask?
in thread Security, is it to much to ask?

As lemming pointed out, that was caused by my confusing PerlEx and PerlApp. Once I saw that, I started looking at things a bit closer. PerlEx claims to offer the source code protection. However, all PerlEx does is keep a version of Perl memory-resident and compile the first execution of a Perl/CGI script and save that in memory (see this link for details). The source code is still readily available. Why the heck do they claim source code protection when there is absolutely no attempt to protect the source code?

Now regarding PerlApp, there's no apparent claim that source code is protected. However, since you wish to play Devil's Advocate, why, exactly, would one wish to XOR the source code with a string? This merely adds an unnecessary level of complexity. In fact, the only reason that I could come up with is a naive attempt to hide the source code, which brings us back to tachyon's original post. If you have other theories, I'd love to here them.

Cheers,
Ovid

Vote for paco!

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

  • Comment on (Ovid - Security is *still* the issue) Re(4)

Replies are listed 'Best First'.
Re: (Ovid - Security is *still* the issue) Re(4)
by joefission (Monk) on Jul 18, 2001 at 15:30 UTC
    why, exactly, would one wish to XOR the source code with a string?

    I don't know how the internals of PerlApp works. There might be a technical reason for it being XOR, or it might be a hold-over from a previous version that tried to hide source code. But at this point, it doesn't matter...ActiveState's stated intent is not security, but a packaging tool in the present incarnation of PerlApp. Not that it will be like that forever, but it seems like a window of opportunity to figure out how it works and possibly replicate a free version.

    Truthfully, I haven't investigated the perl2exe from indigoperl claims of source code protection. The point seems moot because it isn't true as the above discussions point out. IP, in that case, is protected more by threat of lawsuit than technical reasons. PerlEx, the ActiveState product that's like mod_perl for Windows platform web servers. And that is an odd statement about encryption on the product web page.

    My apologies for coming off a little over the top, I just couldn't understand what was being said. I consider myself more enlightened at this point, thanks to Ovid.

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://97433]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others studying the Monastery: (6)
As of 2024-04-19 16:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found