Thanks Richard... (and Brian) (and everyone else)
Richard Gaskin wrote:
Brian Yennie wrote:
Although probably at least non-trivial, Chipp is probably on to
something here. I don't think Rev script encryption is intended for
the highest possible security.
Absolutely. All code in all languages always leave their algorithms
exposed to anyone with a low-level debugger/disassembler. Code is not
the place to store secure information.
Code in Rev is encrypted with a DES equivalent; more than most "script
kiddies" can break, but often little more than a weekend's work for
someone who knows what she's doing.
When a stack is encrypted, properties are also made unreadable in the
disk file via the same DES-derived algo. But since those properties
must be usable at runtime, anyone with a copy of Rev can simply open
and read properties.
Security is best handled with encrypting the data itself. Rev now
supports Blowfish and others, which can be made to exceed legal limits
if needed, certainly sufficient for most industrial, medical, or
government applications.
I haven't had a need for strong security in my apps as yet, so I'm
confident others here can provide better details on the specifics (Dar
-- where are you? <g>). But given the range of industrial-strength
encryption options Rev now supports, I see no reason why anything made
with Rev would be any less secure than anything made with any other tool.
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
