Re: perl scrambling

["Tim Greer" <chatmaster () charter net>]

But perlcc does compile it. It's not Perl code anymore--at all. It converts
it to C code (unreadable C code), which it then compiles.
--
Regards,
Tim Greer  chatmaster () charter net
Server administration, security, programming, consulting.


----- Original Message -----
From: "Dave Killion" <Dkillion () netscreen com>
To: "'Charles Lacroix'" <chuck () linuxquebec com>;
<security-basics () securityfocus com>
Sent: Monday, June 23, 2003 11:08 AM
Subject: RE: perl scrambling


> Don't use Perl.  It really doesn't matter how much you obfuscate it, it
> still needs to be readable by Perl.  A really good Perl programmer won't
> be deceived, and most anyone can do search/replace for stuff.
>
> Write in C or C++ and compile it, if you're really concerned about IP and
> customer mucking.
>
> Dave Killion
> Senior Security Engineer
> NetScreen Security Group
> NetScreen Technologies, Inc.
>
>
>
> -----Original Message-----
> From: Charles Lacroix [mailto:chuck () linuxquebec com]
> Sent: Friday, June 20, 2003 12:14 PM
> To: security-basics () securityfocus com; chuck () linuxquebec com
> Subject: perl scrambling
>
>
>
> Hi group,
>
> The main reason i want to scramble the application is "it's on my todo
> list at
> work". The second reason is to make it as hard as possible for people to
> modify the code mainly because we do not want to deal
> with supporting our application if it has been modified by a client.
>
> We had troubles with that in the past, and we do not want to deal with it
> anymore.
>
> We what to protect the code because we sale the application and do not
> want some other company to use what we have and modify it to sale it
> again.
> I know that a good licence will protect you legally for that but it's not
> enough, we all know that some companies do not respect licences.
> using file integrity check software like tripwire can be disable
> by just about any admin.
>
> Other part is we do not want the code to actually work before we
> give them a key to use the software. but that isn't the main priority.
>
> This key would also be used to updates available, and other special
> features.
>
> So bottom line, we should have written it in another language but we
> didin't
> so from there how can i secure up this mod_perl / cgi application ?
>
> we need to do the following :
>
> - Give a headache to the persone who will read the source.
> - Make sure they cannot alter the code, and be warned if it does
> - use a key that will let them use the code if they paied for the
> software.
>
> Thanks
>
> --
> Charles Lacroix
> chuck () linuxquebec com
> Support Technique
> LQT Systems
>
> --------------------------------------------------------------------------
> -
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------------------
> --


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------