[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

Chris,

I found this in Perl FAQ 3 (it makes reference to Filter::* from CPAN) in 
spite of what the FAQ says I have included some possible solutions.

How can I hide the source for my Perl program?

Delete it. :-) Seriously, there are a number of (mostly unsatisfactory) 
solutions with varying levels of ``security''.

First of all, however, you can't take away read permission, because the 
source code has to be readable in order to be compiled and interpreted. 
(That doesn't mean that a CGI script's source is readable by people on the 
web, though--only by people with access to the filesystem.) So you have to 
leave the permissions at the socially friendly 0755 level.

Some people regard this as a security problem. If your program does 
insecure things and relies on people not knowing how to exploit those 
insecurities, it is not secure. It is often possible for someone to 
determine the insecure things and exploit them without viewing the source. 
Security through obscurity, the name for hiding your bugs instead of fixing 
them, is little security indeed.

You can try using encryption via source filters (Filter::* from CPAN), but 
any decent programmer will be able to decrypt it. You can try using the 
byte code compiler and interpreter described below, but the curious might 
still be able to de-compile it. You can try using the native-code compiler 
described below, but crackers might be able to disassemble it. These pose 
varying degrees of difficulty to people wanting to get at your code, but 
none can definitively conceal it (true of every language, not just Perl).

If you're concerned about people profiting from your code, then the bottom 
line is that nothing but a restrictive license will give you legal 
security. License your software and pepper it with threatening statements 
like ``This is unpublished proprietary software of XYZ Corp. Your access to 
it does not give you permission to use it blah blah blah.'' We are not 
lawyers, of course, so you should see a lawyer if you want to be sure your 
license's wording will stand up in court.



Here are some ideas:

Compile it
<a  rel="nofollow" href="http://www.indigostar.com/perl2exe.htm";>http://www.indigostar.com/perl2exe.htm</a>


pENC - Can encrypt Perl Source code multiple times. Each iteration produces 
a license file that is required for the encrypted program to run.
<a  rel="nofollow" href="http://www.p3ptools.com/index.php?category=pENC";>http://www.p3ptools.com/index.php?category=pENC</a>


Perlguardian - Encrypt Perl scripts, modules and run them only in one 
specific domain name, also set up the expiry date for scripts.
<a  rel="nofollow" href="http://www.perlguardian.com/";>http://www.perlguardian.com/</a>


PerlSafe - Protects Perl source code by generating binary executables from 
scripts. It's currently available for Linux and OpenBSD x86 based 
platforms. By MadLogic, Inc.
<a  rel="nofollow" href="http://www.madlogic.com/perlsafe.html";>http://www.madlogic.com/perlsafe.html</a>


WWS Perl Protector - Allows encrypt Perl source code and Perl Modules 
making its very difficult to modify or steal.
<a  rel="nofollow" href="http://www.webwapstudio.com/PerlProtector.html";>http://www.webwapstudio.com/PerlProtector.html</a>


Here's an article on rolling your own encrypted script
<a  rel="nofollow" href="http://archives.neohapsis.com/archives/sf/www-mobile/2003-q1/0111.html";>http://archives.neohapsis.com/archives/sf/www-mobile/2003-q1/0111.html</a>


WWC - The World Wide Perl Coder allows you to encrypt your Perl source 
code. (this one may be free)
<a  rel="nofollow" href="http://www.worldwidecreations.com/perlcoder.htm";>http://www.worldwidecreations.com/perlcoder.htm</a>


iWeb Toolkit: Perl Source Code Obfuscator (this looks like an on line 
obfuscator)
<a  rel="nofollow" href="http://www.searchengineforums.com/tools/perl-encrypt/";>http://www.searchengineforums.com/tools/perl-encrypt/</a>


Stunnix Perl-obfus - the obfuscator for Perl source code
<a  rel="nofollow" href="http://www.stunnix.com/prod/po/overview.shtml";>http://www.stunnix.com/prod/po/overview.shtml</a>


You might consider posting your question on the Atlanta Perl Mongers list too.
<a  rel="nofollow" href="http://pompeii.mvrateshop.com/public/apm/";>http://pompeii.mvrateshop.com/public/apm/</a>
atlanta-pm at mail.pm.org


hope this helps,
keith

-- 

Keith R. Watson                        GTRI/ISD
Systems Support Specialist III         Georgia Tech Research Institute
keith.watson at gtri.gatech.edu           Atlanta, GA  30332-0816
404-894-0836


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00487" href="msg00487.html">[ale] Perl Obfuscation</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00481" href="msg00481.html">[ale] Perl Obfuscation</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00483.html">[ale] problems running perl scripts thru apache 2.0.52</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00485.html">[ale] Nero for Linux</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00481.html">[ale] Perl Obfuscation</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00487.html">[ale] Perl Obfuscation</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00484"><strong>Date</strong></a></li>
<li><a href="threads.html#00484"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>