Unfortuantely perl2exe provides no real security. The perl byte code is easily stripped out of the resulting file, and there are a number of nifty ways to convert perl bytecode back into source, even preserving label names. Perl2exe makes it easier to distribute perl applications (ie without having to distribute perl). Another previously proprosed approach is obfuscation. (Obfuscated perl code is an art form at www.perlmonks.org.) However perl even provides a module to produce beautifully indented source from the internal bytecode -- the developers use it to check their work. john ----- Original Message ----- From: "frank @ absoluta.org ( Frank Ned )" <frankat_private> To: "John Hanna" <jhannaat_private> Cc: <secprogat_private> Sent: Friday, January 24, 2003 11:44 AM Subject: Re: protecting perl script source > www.perl2exe.com > > John Hanna wrote: > > > > Hi. Let's assume someone wrote a perl script that figured out how to make a > > lot of money on the stock market, but that they wanted to protect the script > > because if others began using it, it would dimish its returns. The new > > millionaire would want to protect her creation, but it has to run on a > > computer with access to the internet. She puts it on a box which she tries > > to keep patched, it's behind a firewall, and only root has access to the > > scripts. The scripts need to run unattended, and the system needs to boot > > unattended. She fears two things: a remote root vulnerability, and that > > someone would physically walk off with the box. > > > > My impression is that under these conditions, besides vigilance, limiting > > running processes, working on physical security, keeping up on patches, > > possibly some sort of IDS -- there really isn't anything she can do to > > protect the source. If it's booting unattended, and running scripts > > unattended there's no sort of crypto strategy that could protect either > > against an intruder with root access or physical access to the hard drive. > > > > What do you think? > > John
This archive was generated by hypermail 2b30 : Fri Jan 24 2003 - 12:30:53 PST