Chip Turner wrote:
>
> The problem is that no matter how you encrypt the system, it has to
> know how to decrypt itself. That is, if you xor, or even used DES or
> IDEA or whatnot, the key (password, etc) has to be included with the
> modules, and therefore a suitably sophisticated programmer could
> extract the key, decrypt your code, and have his way with your
> source.
>
> It can be very frustrating to not be able to compile perl :(
>
> Even without the key, they could use some kind of B::Deparse trick to
> get just about all of the code anyway.
>
> It's a problem we've run up against where I work. We've considered a
> number of possibilities, but none are perfect.
>
> Unfortunately all you can hope for is to make it very, very hard for
> them to modify; with enough resources, a sufficiently sophisticated
> attacker could change your code and make it non-trial without a huge
> amount of labor.
Or you could just ship the product with the source code, and prohibit
redistribution in the sales contract.
-jwb
