Hiding the source code

[Lukas Zapletal <lz...@bach.cz>]

Hello all,

I have a really big problem now. We are going to install our first application
but we need to hide the sourcecode. User should be not allowed to get the
source. Is there any way to do it?

Thank you for help.

This is very important since we cannot install it until it can be done.

Regards

  Lukas Zapletal [lzap@bach.cz]
  web programmer
  Bach systems Ltd., Czech Republic

  ----------- PGP FINGERPRINT ------------
  4BA4ECA3EDE9608558646ABBA14259E3459FA0B4
  --------------- COOKIE -----------------
  Linux, because we don't need no steenkin' Blue Screen of Death!


---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Hiding the source code

[David Lloyd <ll...@rebel.net.au>]

Lukas!

> I have a really big problem now. We are going to install our first application
> but we need to hide the sourcecode. User should be not allowed to get the
> source. Is there any way to do it?

If Embperl is running correctly, users should not be able to see the
source code. It's an Apache handler, so if a user requests an Embperl
page, Apache will read the page, Embperl will interpret it and Embperl
will output the relevant HTML...

DSL

-- 
If we could extract all the evil from each of us,
 Think of the world that we could create!
 A world without anger, or violence or strife...
 (From the Musical, Jekyll and Hyde)

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Hiding the source code

[Kee Hinckley <na...@somewhere.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 8:48 AM +0200 10/25/01, Lukas Zapletal wrote:
>Hello all,
>
>I have a really big problem now. We are going to install our first application
>but we need to hide the sourcecode. User should be not allowed to get the
>source. Is there any way to do it?

By "user" do you mean the person on whose site the application is installed?
Perl doesn't have a "compile" option.  There's really no way to 
completely hide the code.  People have written "obfuscators" that 
make it rather unreadable, but that's about it.



-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBO9isFyZsPfdw+r2CEQIq8QCgthAXtsuAaCBkoobMSCCqixAcQS0AnAnC
TyV/Yo+IVvaIIFHUYHBsajs1
=TtTj
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Hiding the source code

[Gerald Richter <ri...@ecos.de>]

>
> I have a really big problem now. We are going to install our first
application
> but we need to hide the sourcecode. User should be not allowed to get the
> source. Is there any way to do it?
>
> Thank you for help.
>
> This is very important since we cannot install it until it can be done.
>

Fetch the current CVS version and read crypto/README. This tells you how you
can encrypt your Embperl sources. Also this is not totaly save (unless you
use some hardware encryption), this will hide the source for most of the
people (unless they are able to disassemble the Embperl binary you
distribute and retrieve the key)

Gerald


-------------------------------------------------------------
Gerald Richter    ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de         Voice:    +49 6133 925131
WWW:        http://www.ecos.de      Fax:      +49 6133 925152
-------------------------------------------------------------




---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Hiding the source code

[Axel Beckert <ab...@cs.uni-sb.de>]

Hi!

On Thu, Oct 25, 2001 at 08:48:12AM +0200, Lukas Zapletal wrote:
> I have a really big problem now. We are going to install our first
> application but we need to hide the sourcecode.

I guess, you think of the HTML code. 

EmbPerl code (like hardcoded DB passwords or something like that)
should be easily protected by Unix (or maybe als NT) file access
restrictions against local users, because EmbPerl is a server-side
scripting language and the executed EmbPerl code isn't included the
returned web page at all. There are just the results viewable in the
browser.

> User should be not allowed to get the source. Is there any way to do it?

In case of HTML code: No. So, you probably *really* have a big
problem.

But, if your users aren't smart enough (I wouldn't rely on such a
statement :-), there are few possibilities:

a) Use JavaScript to load the code into the page and make the
   JavaScript-Code quite obscure (think of JAPHs, see
   http://www.perl.com/CPAN/misc/japh), so that the URLs, you're
   fetching aren't very easy to guess. That of course doesn't work
   without the security holes abounding JavaScript.

b) Scramble your HTML code by replacing every alphanumeric (works with
   every browser, I know) and maybe even more characters by it's
   numercial HTML entity, e.g. like the scrambled GPL (serving as
   scrambling demo) at
   http://fsinfo.cs.uni-sb.de/~abe/download/COPYING.scrambled.html.gz.
   But this blows up files approximately five times of the original
   size. That's why the demo mentioned above is gzipped.

   Source code for a perl script doing this is at
   http://fsinfo.cs.uni-sb.de/~abe/download/scramblehtml/scramblehtml.pl

   I use this kind of scrambling mainly to hide email-addresses from
   simple or dumb web crawlers collecting email-addresses for
   spammers. And it really make you a headache, reading more than one
   line of such code manually :-)

   Of course, with a similar program you also can easily decode the
   scrambling. But that just will people do, which are really
   interested in the code, because it's a little bit of work. (Ok,
   work means here a PERL one-liner. :-)

c) Some people try to disable downloading pictures or anything else
   available in the (right-click) context menu by disabling this menu
   via JavaScript. But of course this only works on very dumb users.
   And it's of course necessary, that they haven't switched of
   JavaScript.

But beware: Everything, a web browser can access and display, smart
people can access and decode, too. So there is no way to *really* hide
code, which is displayed in a webbrowser.

P.S.: I wouldn't rely on these methods anyway.

		Regards, Axel
-- 
$$=42;$_=qq 93233313242132627322017304228173024422013152317309;while(!!$_){$:=
$|++;s$[1-4][0-8]$$e;$==$&;$\=pack c,$;=$|.$:;$=+=$=!=$$?$$:-$=-$;;$,=$=+$$;$@
.=pack c,$!!=$$-$;?!!$!!=$:?$=+$$:$,-$$:$,^$|<<chr$;+$|+$$;$!=$,;$|=$:}print$@

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org