RE: how to secure perl modules?

2003-05-30 Thread wsheldah

Regarding the use of source filters, they only seemed to cause me trouble
under mod_perl. A while ago I tried using Switch.pm, another source filter
from Damian that provides a switch... case sort of syntax, together with
HTML::Mason and mod_perl. It led to some really strange errors that didn't
really make sense, but the errors went away when I stopped using Switch.

Wes



Perrin Harkins <[EMAIL PROTECTED]> on 05/29/2003 05:56:05 PM

To:[EMAIL PROTECTED]
cc:John Saylor <[EMAIL PROTECTED]>, modperl
   <[EMAIL PROTECTED]>
Subject:    RE: how to secure perl modules?


On Thu, 2003-05-29 at 17:41, Kirk Rogers wrote:
> why the scarcasm?

You asked a very loaded question that is guaranteed to get you a lot
angry responses on most Perl mailing lists.  Hiding your source code is
a FAQ
(
http://perldoc.com/perl5.8.0/pod/perlfaq3.html#How-can-I-hide-the-source-for-my-Perl-program-
) so the real question is more whether or not the method you've chosen to
hide it works with mod_perl.  I believe source filters do work, although
I've never tried them myself.  If you search in the mail archives you'll
find many long and flaming threads on the subject.

Personally, I would appreciate it if everyone would let this thread die
quietly unless they have something specific to add about the use of
source filters (or alternate methods) with mod_perl.  If you want to
argue the ethics of hiding source code, please do it off the list.

 - Perrin







Re: how to secure perl modules?

2003-05-30 Thread Martin Moss
Hi All,

Just to throw a spanner in the works, a little while ago I came across the
following Article on the Net.

http://www.perl.com/pub/a/2002/10/15/radiator.html
>From what I can tell The author of the 'radiator' product claims to have
successfully shipped 'encrypted' code.
I've been pondering how to do this for ages anyay, I realise it's not
completely foolproof, but I'm trying to find a mechanism that would stop
anybody but a perl litterate hacker from getting at my code.

Marty

- Original Message - 
From: "Thomas Klausner" <[EMAIL PROTECTED]>
To: "modperl" <[EMAIL PROTECTED]>
Sent: Friday, May 30, 2003 8:58 AM
Subject: Re: how to secure perl modules?


> Hi!
>
> On Thu, May 29, 2003 at 10:27:54AM -0700, iCap wrote:
> > i have a collection of perl modules (running under the mod_perl
umbrella)
> > and would like to distribute the application to several different
sources
> > (clients with open internet web servers).  but i dont want to send it
out
> > without at least making it somewhat difficult for some hacker to just
simply
> > steal it and load it somewhere else without my consent.  what options do
i
> > have (if any) to secure the code so that it can't be 'easily' stolen?
> > 'easily' being the operative word here, as i realize it wont be 100%
safe no
> > matter what i do.
> > the ideal would be to perhaps encrypt some of the code, maybe a few of
the
> > base configuration modules, maybe even the startup.pl file, others?
>
> If you want to make it hard to read the code, use an Obfuscator (eg.
> Acme::EyeDrops)
>
> If want to really secure your code: it's not possible, see this thread on
> perlmonks:
> http://www.perlmonks.org/index.pl?node_id=243011
> or search in the mailinglist archives. This questions was discussed here a
> few times.
>
> -- 
> #!/usr/bin/perl   http://domm.zsi.at
> for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}
>



Re: how to secure perl modules?

2003-05-30 Thread Thomas Klausner
Hi!

On Thu, May 29, 2003 at 10:27:54AM -0700, iCap wrote:
> i have a collection of perl modules (running under the mod_perl umbrella)
> and would like to distribute the application to several different sources
> (clients with open internet web servers).  but i dont want to send it out
> without at least making it somewhat difficult for some hacker to just simply
> steal it and load it somewhere else without my consent.  what options do i
> have (if any) to secure the code so that it can't be 'easily' stolen?
> 'easily' being the operative word here, as i realize it wont be 100% safe no
> matter what i do.
> the ideal would be to perhaps encrypt some of the code, maybe a few of the
> base configuration modules, maybe even the startup.pl file, others?

If you want to make it hard to read the code, use an Obfuscator (eg.
Acme::EyeDrops)

If want to really secure your code: it's not possible, see this thread on
perlmonks:
http://www.perlmonks.org/index.pl?node_id=243011
or search in the mailinglist archives. This questions was discussed here a
few times.

-- 
#!/usr/bin/perl   http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}


how to secure perl modules?

2003-05-30 Thread iCap
i have a collection of perl modules (running under the mod_perl umbrella)
and would like to distribute the application to several different sources
(clients with open internet web servers).  but i dont want to send it out
without at least making it somewhat difficult for some hacker to just simply
steal it and load it somewhere else without my consent.  what options do i
have (if any) to secure the code so that it can't be 'easily' stolen?
'easily' being the operative word here, as i realize it wont be 100% safe no
matter what i do.
the ideal would be to perhaps encrypt some of the code, maybe a few of the
base configuration modules, maybe even the startup.pl file, others?

any suggestions would be appreciated,
thanks




Re: how to secure perl modules?

2003-05-30 Thread Ged Haywood
Hi there,

On Thu, 29 May 2003, Kirk Rogers wrote:

> i have a collection of perl modules  ...  i dont want to send it out
> without at least making it somewhat difficult for some hacker to just simply
> steal it and load it somewhere else without my consent.

This is getting to be an old chestnut, I wonder if we should
specifically forbid discussion of it in the email-etiquette doc.?

The best way to do what you want is to code it in C, compile it and
send out only the compiled executables, a bit like that firm up in the
North-West USA.  There are -ahem- Open Source packages to translate
Perl into C and/or bytecode, but then I suppose you wouldn't get much
help from this List with C programs...

It does seem a bit rich to take all the free stuff you can from CPAN
and then try to deny everyone else the fruits of your own labours.

But I suppose it's a free world, at least in parts.

73,
Ged.



RE: how to secure perl modules?

2003-05-30 Thread Perrin Harkins
On Thu, 2003-05-29 at 17:41, Kirk Rogers wrote:
> why the scarcasm?

You asked a very loaded question that is guaranteed to get you a lot
angry responses on most Perl mailing lists.  Hiding your source code is
a FAQ
(http://perldoc.com/perl5.8.0/pod/perlfaq3.html#How-can-I-hide-the-source-for-my-Perl-program-)
 so the real question is more whether or not the method you've chosen to hide it works 
with mod_perl.  I believe source filters do work, although I've never tried them 
myself.  If you search in the mail archives you'll find many long and flaming threads 
on the subject.

Personally, I would appreciate it if everyone would let this thread die
quietly unless they have something specific to add about the use of
source filters (or alternate methods) with mod_perl.  If you want to
argue the ethics of hiding source code, please do it off the list.

- Perrin


Re: how to secure perl modules?

2003-05-30 Thread David Dick
you seem to be talking about two different things here. 
firstly, do you want to protect your source code being viewed by other 
people?
secondly, do you want to ensure that your code is only being run on 
computers that you have authorised?
these are related problems, but each requires a different method of 
solving it.

the other question that is useful to ask is how many days of effort will 
be required to secure your program and compare that with how much your 
clients would value that amount of time being used in development of new 
features instead?

uru
-Dave
Kirk Rogers wrote:

i have a collection of perl modules (running under the mod_perl umbrella)
and would like to distribute the application to several different sources
(clients with open internet web servers).  but i dont want to send it out
without at least making it somewhat difficult for some hacker to just simply
steal it and load it somewhere else without my consent.  what options do i
have (if any) to secure the code so that it can't be 'easily' stolen?
'easily' being the operative word here, as i realize it wont be 100% safe no
matter what i do.
the ideal would be to perhaps encrypt some of the code, maybe a few of the
base configuration modules, maybe even the startup.pl file, others?
any suggestions would be appreciated,
thanks


 




RE: how to secure perl modules?

2003-05-30 Thread Kirk Rogers
why the scarcasm?

>-Original Message-
>From: John Saylor [mailto:[EMAIL PROTECTED]
>Sent: Thursday, May 29, 2003 2:34 PM
>To: [EMAIL PROTECTED]
>Cc: modperl
>Subject: Re: how to secure perl modules?
>
>
>hi
>
>( 03.05.29 14:25 -0700 ) Kirk Rogers:
>> but i dont want to send it out without at least making it somewhat
>> difficult for some hacker to just simply steal it and load it
>> somewhere else without my consent.
>
>why not? have you ever read the GNU manifesto?
>http://www.gnu.org/gnu/manifesto.html
>
>and how do you know it won't be a script kiddie, or middle manager, or
>someone just like you [but a little less experienced] that 'steals' it?
>
>> any suggestions would be appreciated
>
>license it under GPL and count it as a donation to the good of the
>species. or, if you're more self-directed, a step toward release from
>the endless cycle of death and rebirth.
>
>-- 
>\js
>
>


Re: how to secure perl modules?

2003-05-30 Thread John Saylor
hi

( 03.05.29 14:25 -0700 ) Kirk Rogers:
> but i dont want to send it out without at least making it somewhat
> difficult for some hacker to just simply steal it and load it
> somewhere else without my consent.

why not? have you ever read the GNU manifesto?
http://www.gnu.org/gnu/manifesto.html

and how do you know it won't be a script kiddie, or middle manager, or
someone just like you [but a little less experienced] that 'steals' it?

> any suggestions would be appreciated

license it under GPL and count it as a donation to the good of the
species. or, if you're more self-directed, a step toward release from
the endless cycle of death and rebirth.

-- 
\js



how to secure perl modules?

2003-05-30 Thread Kirk Rogers
i have a collection of perl modules (running under the mod_perl umbrella)
and would like to distribute the application to several different sources
(clients with open internet web servers).  but i dont want to send it out
without at least making it somewhat difficult for some hacker to just simply
steal it and load it somewhere else without my consent.  what options do i
have (if any) to secure the code so that it can't be 'easily' stolen?
'easily' being the operative word here, as i realize it wont be 100% safe no
matter what i do.
the ideal would be to perhaps encrypt some of the code, maybe a few of the
base configuration modules, maybe even the startup.pl file, others?

any suggestions would be appreciated,
thanks