Hi Bob, The problem with obfuscation is that if does not work. No mater how far you go (all database tables are called T<number> with every column being C<number>) all variables being single letter things like $a and @a and %b one that wants to will always be able to read it. The only thing that you are going to achieve is that the people that are unfortunate enough to have to maintain you product will cures you, reverse engineer the code and write a maintainable version to replace your code.
I have been supporting various systems for various companies in several different branches of industry for over 13 years now. At all companies I have seen the same thing, some perl script build by a perl "guru" (often self proclaimed). That is near impossible to read and/or enormously big; often very difficult to work with in terms of the environment requirements, command line options that have to be in a certain order, undocumented command line parameters that might or might not do something. Every single time I ended up having to replace that code with something much simpler cleaner and easier maintain because the old code was simply not able to grow with the companies needs and the previous perl guy had left a long time ago. Obfuscation is not security, it is just a way to get remembered as the guy that left the code that no one could maintain. Even switching to a different language will not help, after all code that gets executed can be reverse engineered. When you slap enough copyrights and other wonderful "protection" on your code then the mere input and resulting output can be emulated in any language of your choice. In the end the beautiful thing of computers is that given a certain program and a certain input the result of that program combined with that input will always be the same, which means there is no way to "hide" what you are doing just to make it harder to figure out which as I explained above is never a good idea and your code will normally out live you by many years. And the next person is not going to be singing your praises for making their live miserable thanks to code that no one can figure out. Of course other languages that are compiled for instance make it a little harder to read the code because of this compilation step, but this does not stop people from reading the code it just means they have to take an extra step. Which they will if needed simply because copying a working solution is always better then inventing the wheel all over again. The only semi "obfuscation" that works a little bit is today's buzzword 'cloud computing' it allows you to keep your code in your own hands away from the customer thus better hidden then ever before. Of course this does not mean that you or me could not for instance build our own Facebook or Google. It will just be a whole lot harder to do as we are missing one important bit of information: the input, at least the bit of input that is running on their servers... But all in all when you end up working for Google or for Facebook you can be certain that the code is not obfuscated as it would not be feasible to maintain a code base of that size with so many people if it where obfuscated. Or as the perl help says, Obfuscation only works if you simply delete the code. All other solutions will simply frustrate those with good intentions and just make it more interesting for those with bad intentions. On Tue, Feb 12, 2013 at 7:39 PM, jbiskofski <jbiskof...@gmail.com> wrote: > I understand that obfuscating code is not a real detriment to a seriously > motivated knowledgeable hacker. Yet I still think some security is > preferable to no security at all. Also I wish this problem could be > attacked somehow other than suggesting to switch to a different language. > > > On Tue, Feb 12, 2013 at 12:32 PM, Bob McConnell <r...@cbord.com> wrote: > > > You cannot obfuscate the input to an interpreter. It has to be in a > format > > that the interpreter will recognize, which necessarily means that people > > can also read it. If you really need to hide your source code, you have > to > > switch to a compiled language with an actively optimizing compiler. Then > > only distribute the output from the compiler. Even then there may be > > de-compilers or disassemblers that can reconstruct much of your source in > > readable form. > > > > Bob McConnell > > > > > -----Original Message----- > > > From: jbiskofski [mailto:jbiskof...@gmail.com] > > > Sent: Tuesday, February 12, 2013 1:30 PM > > > To: timothy adigun > > > Cc: John SJ Anderson; Perl Beginners > > > Subject: Re: obfuscating code > > > > > > I see everyone is eager to judge this as a terrible idea, its the exact > > > same response Ive gotten to this question on mailing lists on IRC. > > > > > > HOWEVER, I think this can be a valid concern. We are always talking > about > > > how the best way to shine good light on Perl is writing cool stuff in > it. > > > > > > Well Ive actually gone out a built a company that does a HUGE LMS in > > Perl, > > > its used by over 300K students in Mexico ( www.algebraix.com ), and > > > employs > > > 18 people. I dont think its stupid of me to worry about someone getting > > > into my servers somehow and stealing the code. I have to think of the > > > people who work here and their job security, I also have to worry about > > my > > > competitors, I dont know how ethical they are or are not. > > > > > > So yeah I think this questions should be given more thought and not > just > > > discarded as immediate stupidity. > > > > > > my $two_cents. > > > > > > - Jose Biskofski > > > > > > > > > On Tue, Feb 12, 2013 at 12:01 PM, timothy adigun > > > <2teezp...@gmail.com>wrote: > > > > > > > On 12 Feb 2013 18:56, "John SJ Anderson" <geneh...@genehack.org> > > > wrote: > > > > > > > > > > >> On Feb 12, 2013 7:05 PM, "Rajeev Prasad" <rp.ne...@yahoo.com> > > > wrote: > > > > > >>> what is the advice just for obfuscating code? platform is > > solaris. > > > > > > > > > > I think you're getting the idea, at this point, that this is > > > > > considered a bad idea, regardless of what platform you're > targeting. > > > > > > > > > > You may have an actual issue, but unless you explain to us what you > > > > > thought you were going to achieve via obfuscating your code, we're > > not > > > > > going to be able to help with that. > > > > > > > > > > Also, I'm a little disappointed in the "it's Perl, it's already > > > > > obfuscated" answers. If you think the Perl you're writing is > > > > > pre-obfuscated, you're doing it wrong. My Perl code is idiomatic, > > easy > > > > > to read and understand, and as clear, if not more so, than code > > > > > written in any other language. One of the common criticisms of Perl > > is > > > > > that it's a "write-only language". This is, frankly, bullshit -- > but > > > > > having people on a list aimed at helping Perl beginners promote > that > > > > > bullshit only makes it more odorous. Please stop. > > > > > > > > +1 John. I can't agree more. > > > > > > > > > > thanks, > > > > > john. > > > > > > > > > > -- > > > > > To unsubscribe, e-mail: beginners-unsubscr...@perl.org > > > > > For additional commands, e-mail: beginners-h...@perl.org > > > > > http://learn.perl.org/ > > > > > > > > > > > > > > > > > > -- > > To unsubscribe, e-mail: beginners-unsubscr...@perl.org > > For additional commands, e-mail: beginners-h...@perl.org > > http://learn.perl.org/ > > > > > > >
