Its not just having code stolen but the fact that it can be modified so
that it dumps its data to file or screen… If your dealing with
sensitive data thats a problem.
Encryption would offer quite a bit of protection, you could hide a key
well, not impossible to find but enough to make it easier to write the
app from scratch than go to the trouble of steeling source code.
I feel stolen code is a legal problem, not a technical one. For one
thing, as I have argued, it is a very hard if not impossible problem
to solve with a language like Ruby (and most other languages.) But the
same aspects of Ruby that make your code available to steal also make
it easy to see who has stolen your code. At that point you can put
some legal hurt on the parties that have stolen the code.
Whereas if you build some system for encrypting the code that is
actually easily broken people can steal your code and you may never
suspect it, since you will think your code is safe.
In addition, with our current world being full of open source projects
for just about every conceivable thing, the “value” of source code has
been greatly reduced. In fact if anything there needs to be more “code
stealing” in the form of reuse because everyone always seems to want
to reinvent the wheel (at least in open source software.)
If you really feel your code is valuable then you need to make it so
that the code is never on the client machine, which means some kind of
online service, like a web-site or SOAP API.
A smart card, a Trusted Computing™ platform, or some equivalent.
Essentially a platform where digital signatures on the code are
implemented in hardware and cannot be circumvented without the whole
thing breaking.
Alternatively, a sealed computer in a locked room with no network
connection (possibly). It all depends on how paranoid you are.
A smart card, a Trusted Computing™ platform, or some equivalent.
Essentially a platform where digital signatures on the code are
implemented in hardware and cannot be circumvented without the whole
thing breaking.
Oh right, Ive never used such a platform…
Alternatively, a sealed computer in a locked room with no network
connection (possibly). It all depends on how paranoid you are.
Alternatively, a sealed computer in a locked room with no network
connection (possibly). It all depends on how paranoid you are.
For a web application?
I thought you said you had sensitive data?
Yes and I’m looking for a way to allow it to be managed across the
web… It may not be possible to secure using this method of access.
Alex Y. wrote:
Kris wrote:
Alex Y. wrote:
Alternatively, a sealed computer in a locked room with no network
connection (possibly). It all depends on how paranoid you are.
For a web application?
I thought you said you had sensitive data?
I discovered ruby some month ago and I liked it in a bunch of minutes.
Then I was involved in a project using ASP.NET. At this point I had a
dream Ruby that works on .NET (knowing ruby, neither VB nor C#
fits!) .
I found some material, but nothing useable or 100% .NET, so I took
some time and decided to create a ruby compiler.
Here it is… well, at least the first version which is early alpha.
Get it, try it, read it, and tell me what you think. Is this project
worth
continuing?
Yes and I’m looking for a way to allow it to be managed across the
web… It may not be possible to secure using this method of access.
You can’t trust the client machine (unless there’s another factor at
work here). Nor can you necessarily trust any of the routers between
the server and the client not to try a man-in-the-middle attack. Again,
it depends how paranoid you want to be.
Of course, it’s possible to manage data without exposing or
transmitting it, as long as your management can be done purely on the
basis of information digests rather than on the information itself, but
that’s a whole other barrel of chipmunks.