On Mar 7, 2007, at 8:57 , [EMAIL PROTECTED] wrote:
Hi!
Just a note - decompiling from bytecodes is very easy in Squeak. The
only thing missing is the original indentation and any comments. But
everything else is there. Just so you know.
Well, if you're really concerned about decompiling, just mangle the
selectors. As long as you are not constructing Symbols at runtime
(#asSymbol, #intern:) this works perfectly well. Same for class names
and instance variable names.
Locking down the image is of course doable - so that you can't easily
get to the tools etc - but there are of course ways to go around that
too. For example, I guess you can use an image file analyzer (there is
at least one I think) or hack a VM to do stuff when the image is
loaded.
Sure. But if the names are mangled this is about as much fun as
reverse engineering machine code. No wait, the tool support is still
better ;)
But doesn't this imply that the source is downloaded, making it easy
(easier) to hack the system? I could make the private Monticello
connection secure, update the system and then delete the source...
just
thinking out loud.
Yes - a Monticello package is just a zip file of source code. Sure,
you
can make the transfer "secure" using SSL or whatever - and you can
apply
it and throw it away
Well, you certainly would want to encrypt and sign the patch. If you
are *that* paranoid I'd not even use MC but just image segments.
It's all a question of cost/value. I for one would be more concerned
about preventing malicious code injection than the possibility of
reverse engineering. But you have to weigh that yourself.
- Bert -
_______________________________________________
Beginners mailing list
Beginners@lists.squeakfoundation.org
http://lists.squeakfoundation.org/mailman/listinfo/beginners
