On Mon, Mar 5, 2012 at 6:42 AM, Ken <ken.woodr...@gmail.com> wrote: > I realize this thread has largely devolved into a philosophical discussion > about whether one *should* do this, but I think the technical question of > how one *could* do this is still a valid one.
It is _not_ a philosophical conclusion that in most cases it is not worth the effort to add multiple encryption layers. If at all, it is a economical conclusion. Technically none of the so called *coulds* are valid. They remain broken and you end up with adding layer after layer after layer, all of them beeing broken. Philosophically: You add all thoose layers not for real security, you add them to feed the paranoia of you and your clients. Let go that paranoia and you are free again to focus on the real problems of your software and your clients. > I've thought about this a > while and so far the only practical and secure answer I've come up with is > to encrypt the javascript using PGP or a similar scheme. This is _not_ secure, its only a "make it as hard as we can" As you sayed: > This would > require a custom built version of the node executable that is capable of > reading the encrypted files because it has the public key baked in. You'd > use the private key to encrypt the javascript files that you distribute with > your application. If you deliver the key with the encrypted content, why encrypt them at all? > Some care would need to be taken to ensure that the > executable couldn't be coerced into producing decrypted versions of your > files. Its not "Some care", it is "Mission Impossible" Been there, done that. -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
