On Mon, Mar 5, 2012 at 12:42 AM, Ken <[email protected]> wrote: > I realize this thread has largely devolved into a philosophical discussion > about whether one *should* do this, but I think the technical question of > how one *could* do this is still a valid one. I've thought about this a > while and so far the only practical and secure answer I've come up with is > to encrypt the javascript using PGP or a similar scheme. This would > require a custom built version of the node executable that is capable of > reading the encrypted files because it has the public key baked in. You'd > use the private key to encrypt the javascript files that you distribute > with your application. Some care would need to be taken to ensure that the > executable couldn't be coerced into producing decrypted versions of your > files.
Either you're misunderstanding PKI or I'm misunderstanding you. But you do realize that in this scheme you still have to hand your client -- the person you're trying to hide your valuable *secrets* from -- the private key? Sure, you can bury it in layers of obscurity but it's there, and with the right tools will be in plain sight at some point. -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
