how to secure perl modules?
i have a collection of perl modules (running under the mod_perl umbrella) and would like to distribute the application to several different sources (clients with open internet web servers). but i dont want to send it out without at least making it somewhat difficult for some hacker to just simply steal it and load it somewhere else without my consent. what options do i have (if any) to secure the code so that it can't be 'easily' stolen? 'easily' being the operative word here, as i realize it wont be 100% safe no matter what i do. the ideal would be to perhaps encrypt some of the code, maybe a few of the base configuration modules, maybe even the startup.pl file, others? any suggestions would be appreciated, thanks
Re: how to secure perl modules?
hi ( 03.05.29 14:25 -0700 ) Kirk Rogers: but i dont want to send it out without at least making it somewhat difficult for some hacker to just simply steal it and load it somewhere else without my consent. why not? have you ever read the GNU manifesto? http://www.gnu.org/gnu/manifesto.html and how do you know it won't be a script kiddie, or middle manager, or someone just like you [but a little less experienced] that 'steals' it? any suggestions would be appreciated license it under GPL and count it as a donation to the good of the species. or, if you're more self-directed, a step toward release from the endless cycle of death and rebirth. -- \js
RE: how to secure perl modules?
why the scarcasm? -Original Message- From: John Saylor [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 2:34 PM To: [EMAIL PROTECTED] Cc: modperl Subject: Re: how to secure perl modules? hi ( 03.05.29 14:25 -0700 ) Kirk Rogers: but i dont want to send it out without at least making it somewhat difficult for some hacker to just simply steal it and load it somewhere else without my consent. why not? have you ever read the GNU manifesto? http://www.gnu.org/gnu/manifesto.html and how do you know it won't be a script kiddie, or middle manager, or someone just like you [but a little less experienced] that 'steals' it? any suggestions would be appreciated license it under GPL and count it as a donation to the good of the species. or, if you're more self-directed, a step toward release from the endless cycle of death and rebirth. -- \js
Re: how to secure perl modules?
you seem to be talking about two different things here. firstly, do you want to protect your source code being viewed by other people? secondly, do you want to ensure that your code is only being run on computers that you have authorised? these are related problems, but each requires a different method of solving it. the other question that is useful to ask is how many days of effort will be required to secure your program and compare that with how much your clients would value that amount of time being used in development of new features instead? uru -Dave Kirk Rogers wrote: i have a collection of perl modules (running under the mod_perl umbrella) and would like to distribute the application to several different sources (clients with open internet web servers). but i dont want to send it out without at least making it somewhat difficult for some hacker to just simply steal it and load it somewhere else without my consent. what options do i have (if any) to secure the code so that it can't be 'easily' stolen? 'easily' being the operative word here, as i realize it wont be 100% safe no matter what i do. the ideal would be to perhaps encrypt some of the code, maybe a few of the base configuration modules, maybe even the startup.pl file, others? any suggestions would be appreciated, thanks
RE: how to secure perl modules?
On Thu, 2003-05-29 at 17:41, Kirk Rogers wrote: why the scarcasm? You asked a very loaded question that is guaranteed to get you a lot angry responses on most Perl mailing lists. Hiding your source code is a FAQ (http://perldoc.com/perl5.8.0/pod/perlfaq3.html#How-can-I-hide-the-source-for-my-Perl-program-) so the real question is more whether or not the method you've chosen to hide it works with mod_perl. I believe source filters do work, although I've never tried them myself. If you search in the mail archives you'll find many long and flaming threads on the subject. Personally, I would appreciate it if everyone would let this thread die quietly unless they have something specific to add about the use of source filters (or alternate methods) with mod_perl. If you want to argue the ethics of hiding source code, please do it off the list. - Perrin
Re: how to secure perl modules?
Hi there, On Thu, 29 May 2003, Kirk Rogers wrote: i have a collection of perl modules ... i dont want to send it out without at least making it somewhat difficult for some hacker to just simply steal it and load it somewhere else without my consent. This is getting to be an old chestnut, I wonder if we should specifically forbid discussion of it in the email-etiquette doc.? The best way to do what you want is to code it in C, compile it and send out only the compiled executables, a bit like that firm up in the North-West USA. There are -ahem- Open Source packages to translate Perl into C and/or bytecode, but then I suppose you wouldn't get much help from this List with C programs... It does seem a bit rich to take all the free stuff you can from CPAN and then try to deny everyone else the fruits of your own labours. But I suppose it's a free world, at least in parts. 73, Ged.
how to secure perl modules?
i have a collection of perl modules (running under the mod_perl umbrella) and would like to distribute the application to several different sources (clients with open internet web servers). but i dont want to send it out without at least making it somewhat difficult for some hacker to just simply steal it and load it somewhere else without my consent. what options do i have (if any) to secure the code so that it can't be 'easily' stolen? 'easily' being the operative word here, as i realize it wont be 100% safe no matter what i do. the ideal would be to perhaps encrypt some of the code, maybe a few of the base configuration modules, maybe even the startup.pl file, others? any suggestions would be appreciated, thanks
Re: how to secure perl modules?
Hi!
On Thu, May 29, 2003 at 10:27:54AM -0700, iCap wrote:
i have a collection of perl modules (running under the mod_perl umbrella)
and would like to distribute the application to several different sources
(clients with open internet web servers). but i dont want to send it out
without at least making it somewhat difficult for some hacker to just simply
steal it and load it somewhere else without my consent. what options do i
have (if any) to secure the code so that it can't be 'easily' stolen?
'easily' being the operative word here, as i realize it wont be 100% safe no
matter what i do.
the ideal would be to perhaps encrypt some of the code, maybe a few of the
base configuration modules, maybe even the startup.pl file, others?
If you want to make it hard to read the code, use an Obfuscator (eg.
Acme::EyeDrops)
If want to really secure your code: it's not possible, see this thread on
perlmonks:
http://www.perlmonks.org/index.pl?node_id=243011
or search in the mailinglist archives. This questions was discussed here a
few times.
--
#!/usr/bin/perl http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$-gprint$_.$/}
Re: how to secure perl modules?
Hi All,
Just to throw a spanner in the works, a little while ago I came across the
following Article on the Net.
http://www.perl.com/pub/a/2002/10/15/radiator.html
From what I can tell The author of the 'radiator' product claims to have
successfully shipped 'encrypted' code.
I've been pondering how to do this for ages anyay, I realise it's not
completely foolproof, but I'm trying to find a mechanism that would stop
anybody but a perl litterate hacker from getting at my code.
Marty
- Original Message -
From: Thomas Klausner [EMAIL PROTECTED]
To: modperl [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 8:58 AM
Subject: Re: how to secure perl modules?
Hi!
On Thu, May 29, 2003 at 10:27:54AM -0700, iCap wrote:
i have a collection of perl modules (running under the mod_perl
umbrella)
and would like to distribute the application to several different
sources
(clients with open internet web servers). but i dont want to send it
out
without at least making it somewhat difficult for some hacker to just
simply
steal it and load it somewhere else without my consent. what options do
i
have (if any) to secure the code so that it can't be 'easily' stolen?
'easily' being the operative word here, as i realize it wont be 100%
safe no
matter what i do.
the ideal would be to perhaps encrypt some of the code, maybe a few of
the
base configuration modules, maybe even the startup.pl file, others?
If you want to make it hard to read the code, use an Obfuscator (eg.
Acme::EyeDrops)
If want to really secure your code: it's not possible, see this thread on
perlmonks:
http://www.perlmonks.org/index.pl?node_id=243011
or search in the mailinglist archives. This questions was discussed here a
few times.
--
#!/usr/bin/perl http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$-gprint$_.$/}
RE: how to secure perl modules?
Regarding the use of source filters, they only seemed to cause me trouble under mod_perl. A while ago I tried using Switch.pm, another source filter from Damian that provides a switch... case sort of syntax, together with HTML::Mason and mod_perl. It led to some really strange errors that didn't really make sense, but the errors went away when I stopped using Switch. Wes Perrin Harkins [EMAIL PROTECTED] on 05/29/2003 05:56:05 PM To:[EMAIL PROTECTED] cc:John Saylor [EMAIL PROTECTED], modperl [EMAIL PROTECTED] Subject:RE: how to secure perl modules? On Thu, 2003-05-29 at 17:41, Kirk Rogers wrote: why the scarcasm? You asked a very loaded question that is guaranteed to get you a lot angry responses on most Perl mailing lists. Hiding your source code is a FAQ ( http://perldoc.com/perl5.8.0/pod/perlfaq3.html#How-can-I-hide-the-source-for-my-Perl-program- ) so the real question is more whether or not the method you've chosen to hide it works with mod_perl. I believe source filters do work, although I've never tried them myself. If you search in the mail archives you'll find many long and flaming threads on the subject. Personally, I would appreciate it if everyone would let this thread die quietly unless they have something specific to add about the use of source filters (or alternate methods) with mod_perl. If you want to argue the ethics of hiding source code, please do it off the list. - Perrin
