protecting perl script source

From: John Hanna (jhannaat_private)
Date: Fri Jan 24 2003 - 10:58:21 PST

  • Next message: Pete Herzog: "RE: Secure programming FAQ?"

    Hi. Let's assume someone wrote a perl script that figured out how to make a
    lot of money on the stock market, but that they wanted to protect the script
    because if others began using it, it would dimish its returns. The new
    millionaire would want to protect her creation, but it has to run on a
    computer with access to the internet. She puts it on a box which she tries
    to keep patched, it's behind a firewall, and only root has access to the
    scripts. The scripts need to run unattended, and the system needs to boot
    unattended. She fears two things: a remote root vulnerability, and that
    someone would physically walk off with the box.
    
    My impression is that under these conditions, besides vigilance, limiting
    running processes, working on physical security, keeping up on patches,
    possibly some sort of IDS -- there really isn't anything she can do to
    protect the source. If it's booting unattended, and running scripts
    unattended there's no sort of crypto strategy that could protect either
    against an intruder with root access or physical access to the hard drive.
    
    What do you think?
    John
    



    This archive was generated by hypermail 2b30 : Fri Jan 24 2003 - 11:48:18 PST