-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I think there are others who would want to give an answer, but here
is a quick one. Regarding server backend logic protection, you
naturally use what your server environment offers. If you are using
the standard tomcat deployment, then looking into various servlet
technologies or design patterns to protect web-services is the best
idea. In most instances, OL merely interchanges XML and it is this XML
data source - not OL - that has the responsibility for protecting data
from malicious users (things like session cookies, SSL, etc.). The
moral here is that using OL doesn't force you to make any back-end
choices at *all* since it's primarily (again, it does ship with a
tomcat environment) a client-side technology.
As far as client side goes - yes - your web browser may well cache
your application. If you are looking for a form of obfuscation to
prevent people from reading your code directly, then that is
accomplished by compiling the application itself. It won't completely
protect the code, but it's not as if someone can read your source by
some automatic listing. Even a flash decompiler will only be so
useful, since some abstractions are hard to unroll when viewed from
that low-level perspective.
The age old question of "I want to give you something, but i dont
want to give you that same thing" that is currently rampant in the
entertainment industry is still as basically unsolvable as ever.
Various hardware companies are trying to solve the problem using the
(still vulnerable and somewhat ethically challenged) TPM "trusted
computing" stuff that is a completely different conversation.
Help at all? Good luck and keep poking around,
- james
On May 18, 2008, at 9:20 PM, Jason Hall wrote:
Hi,
I'm new to openlaszlo and I want to know if developing a COTS
application (product to be used by others) how do I protect business
logic (on server-side) specifically and secondly protect client
logic. Are the lzx files exposed locally on the client box
somewhere in the cache the anyone can see?
Thanks,
JH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkgx1vMACgkQUrPEkfL5s4sOowCfR+EstV2dQKKePW4NDi+bXEUe
sOIAn0w8c4xNYsg40MQtyFjvv8uKGYbb
=LZAD
-----END PGP SIGNATURE-----
