Hi everybody, I would like to know, at the present time, in which ways I can protect my ruby source code that is deployed on machine connected to the Internet? I googled a bit and found that I could compile the code to obtain a bytecode but is it safe? I mean isn't there a way to reobtain source code starting from the bytecode? Thanks in advance for your help.
on 2014-02-26 17:27
on 2014-02-26 20:43
On Wed, Feb 26, 2014 at 10:27 AM, Mario Rossi <firstname.lastname@example.org> wrote: > Hi everybody, I would like to know, at the present time, in which ways I > can protect my ruby source code that is deployed on machine connected to > the Internet? > > I googled a bit and found that I could compile the code to obtain a > bytecode but is it safe? I mean isn't there a way to reobtain source > code starting from the bytecode? > > Thanks in advance for your help. > Translating from source to bytecode is a one-way process -- you can't get the exact same source out from the bytecode. However, it can still be fairly easy for someone to reverse-engineer the bytecode and get a gist of what the programmer intended the code to do. You might have found information on JRuby in your search. JRuby normally compiles Ruby into an intermediate form of bytecode and then executes that; but it can also take the extra step of compiling the intermediate bytecode into *Java* bytecode. Anecdotally, that's supposed to give you a little more security because it goes through multiple translations. But the safest way to protect your code is just not to distribute it, e.g. hosting it all on the web. (I suppose even then, someone may have a slight chance of hacking the server it's on and getting it out.)
on 2014-02-27 05:32
Yes bytecode can be disassembled and it's simpler than you think. If security is an issue you will need to build your own server and employ your own policy on such matters.
on 2014-02-27 22:49
Hi I may be dumb as a Java-programmer, but would really like to know, what kind of security-risk you try to protect against; just the list, like that and that kind of evil or mischief... Each time, that this kind of question arises, I feel like if I had heard: "theft of my intellectual property" and such. I hope, I am erring and that we all know what a scripting-language is. Never mind, I really *was* a Java-programmer.