Forum: Ruby Source code protection

2fd00720aa006ffed73cb8bcbb39bec5?d=identicon&s=25 Mario Rossi (stratio)
on 2014-02-26 17:27
Hi everybody, I would like to know, at the present time, in which ways I
can protect my ruby source code that is deployed on machine connected to
the Internet?

I googled a bit and found that I could compile the code to obtain a
bytecode but is it safe? I mean isn't there a way to reobtain source
code starting from the bytecode?

Thanks in advance for your help.
Abdb670e1c130f96f947a94d03c02efa?d=identicon&s=25 Eric Christopherson (echristopherson)
on 2014-02-26 20:43
(Received via mailing list)
On Wed, Feb 26, 2014 at 10:27 AM, Mario Rossi <lists@ruby-forum.com>
wrote:

> Hi everybody, I would like to know, at the present time, in which ways I
> can protect my ruby source code that is deployed on machine connected to
> the Internet?
>
> I googled a bit and found that I could compile the code to obtain a
> bytecode but is it safe? I mean isn't there a way to reobtain source
> code starting from the bytecode?
>
> Thanks in advance for your help.
>

Translating from source to bytecode is a one-way process -- you can't
get
the exact same source out from the bytecode. However, it can still be
fairly easy for someone to reverse-engineer the bytecode and get a gist
of
what the programmer intended the code to do.

You might have found information on JRuby in your search. JRuby normally
compiles Ruby into an intermediate form of bytecode and then executes
that;
but it can also take the extra step of compiling the intermediate
bytecode
into *Java* bytecode. Anecdotally, that's supposed to give you a little
more security because it goes through multiple translations.

But the safest way to protect your code is just not to distribute it,
e.g.
hosting it all on the web. (I suppose even then, someone may have a
slight
chance of hacking the server it's on and getting it out.)
9a45896e48a382fe5c656b8873e0dfcb?d=identicon&s=25 Stu (Guest)
on 2014-02-27 05:32
(Received via mailing list)
Yes bytecode can be disassembled and it's simpler than you think. If
security is an issue you will need to build your own server and employ
your
own policy on such matters.
1ea245dc79ad44fcaa9cbf821a354369?d=identicon&s=25 Michael Uplawski (frog_boche)
on 2014-02-27 22:49
Hi

I may be dumb as a Java-programmer, but would really like to know, what
kind of security-risk you try to protect against; just the list, like
that and that kind of evil or mischief...

Each time, that this kind of question arises, I feel like if I had
heard:
"theft of my intellectual property" and such. I hope, I am erring and
that we all know what a scripting-language is.

Never mind, I really *was* a Java-programmer.
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.