Re: perl scrambling

From: Tim Greer (chatmaster_at_charter.net)
Date: 06/25/03

  • Next message: ATD: "RE: Firewall configuration statistics"
    To: "Dave Killion" <Dkillion@netscreen.com>, "'Charles Lacroix'" <chuck@linuxquebec.com>, <security-basics@securityfocus.com>
    Date: Tue, 24 Jun 2003 17:08:32 -0700
    
    

    But perlcc does compile it. It's not Perl code anymore--at all. It converts
    it to C code (unreadable C code), which it then compiles.

    --
    Regards,
    Tim Greer  chatmaster@charter.net
    Server administration, security, programming, consulting.
    ----- Original Message -----
    From: "Dave Killion" <Dkillion@netscreen.com>
    To: "'Charles Lacroix'" <chuck@linuxquebec.com>;
    <security-basics@securityfocus.com>
    Sent: Monday, June 23, 2003 11:08 AM
    Subject: RE: perl scrambling
    > Don't use Perl.  It really doesn't matter how much you obfuscate it, it
    > still needs to be readable by Perl.  A really good Perl programmer won't
    > be deceived, and most anyone can do search/replace for stuff.
    >
    > Write in C or C++ and compile it, if you're really concerned about IP and
    > customer mucking.
    >
    > Dave Killion
    > Senior Security Engineer
    > NetScreen Security Group
    > NetScreen Technologies, Inc.
    >
    >
    >
    > -----Original Message-----
    > From: Charles Lacroix [mailto:chuck@linuxquebec.com]
    > Sent: Friday, June 20, 2003 12:14 PM
    > To: security-basics@securityfocus.com; chuck@linuxquebec.com
    > Subject: perl scrambling
    >
    >
    >
    > Hi group,
    >
    > The main reason i want to scramble the application is "it's on my todo
    > list at
    > work". The second reason is to make it as hard as possible for people to
    > modify the code mainly because we do not want to deal
    > with supporting our application if it has been modified by a client.
    >
    > We had troubles with that in the past, and we do not want to deal with it
    > anymore.
    >
    > We what to protect the code because we sale the application and do not
    > want some other company to use what we have and modify it to sale it
    > again.
    > I know that a good licence will protect you legally for that but it's not
    > enough, we all know that some companies do not respect licences.
    > using file integrity check software like tripwire can be disable
    > by just about any admin.
    >
    > Other part is we do not want the code to actually work before we
    > give them a key to use the software. but that isn't the main priority.
    >
    > This key would also be used to updates available, and other special
    > features.
    >
    > So bottom line, we should have written it in another language but we
    > didin't
    > so from there how can i secure up this mod_perl / cgi application ?
    >
    > we need to do the following :
    >
    > - Give a headache to the persone who will read the source.
    > - Make sure they cannot alter the code, and be warned if it does
    > - use a key that will let them use the code if they paied for the
    > software.
    >
    > Thanks
    >
    > --
    > Charles Lacroix
    > chuck@linuxquebec.com
    > Support Technique
    > LQT Systems
    >
    > --------------------------------------------------------------------------
    > -
    > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > while InStat has confirmed Neoteris as the leader in marketshare.
    >
    > Find out why, and see how you can get plug-n-play secure remote access in
    > about an hour, with no client, server changes, or ongoing maintenance.
    >
    > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    > --------------------------------------------------------------------------
    > --
    >
    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------
    

  • Next message: ATD: "RE: Firewall configuration statistics"

    Relevant Pages

    • Re: ASP Pages
      ... Server administration, security, programming, consulting. ... Subject: ASP Pages ... > if u afraid of people stealing your code,what u can do is compile all ur ... >>> The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • ANNOUNCE: UnixODBC 0.31
      ... UnixODBC provides a toolkit for writing Perl ODBC clients. ... - Installing and Configuring the Bridge Server ... UnixODBC.pm provides Perl programs with a subset of the X/Open ... Bridge Server," below. ...
      (comp.lang.perl.modules)
    • Re: Questions about "perldoc perlembed"
      ... Ultimately I am trying to embed the ability to run Perl scripts on ... Perl to properly embed in my Win32 C++ program. ... COMPILE THE PROGRAMS IN EXACTLY THE SAME ... Eventually I read the section "Maintaining multiple interpreter ...
      (comp.lang.perl.misc)
    • POP3 Mail Client in PERL using IO::Socket module only and regular expressions
      ... I am writing a POP3 Client program in Perl. ... Server and have a running conversation with the mail server using ... print $socket "STAT",CRLF; ...
      (comp.lang.perl.misc)
    • Re: Who will win the battle for control of the web?
      ... Java is about the only language which was popular for both, ... the server despite a number of implementations. ... Can Perl generate a file that will produce a rich ... Same as any other language. ...
      (comp.lang.perl.misc)