On Thu, Dec 9, 2010 at 8:19 PM, Huihong Luo <[email protected]> wrote: > > We got more and more users to request how to deliver a vm whose configuration > cannot be modified in any way. > > VBox is so powerful in its APIs, which is a very good feature compared to > other vm software. However, this feature makes it very difficult to prevent > people from chaning the vm settings, etc. Any thoughts on this? > > VBox uses across process COM communications, so need a way to only allow > internal components to use those APIs, but disallow external programs to use > it. Even this is done, a hacker can easily hook a DLL's exports, and change > the code. > > For example, even if a VDI disk is encrypted, I can easily hook VBoxDDU.dll > to dump its raw content, and bypass the encryption.
Use OVF -- it is a read-only format... better yet is to burn OVFs on CD-ROM. OVF can't be changed by mistake. Snapshots are read-only too. Once you have a snapshot it's settings can't be changed. -- -Alexey Eromenko "Technologov" _______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
