info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: stupid question about to protect source code of perl web application scripting
4 views
Skip to first unread message
Uri Guttman
Jul 6, 2019, 11:15:04 PM7/6/19
to begi...@perl.org
On 7/6/19 11:01 PM, Eko Budiharto wrote:
> dear all,
>
> I have a question. I have written a web application with perl,
> unfortunately everything written in perl, everyone can see all source
> codes I wrote. My question is is there anyway to protect those source
> codes? Compile or encrypt it?
>
if it is a web application and you don't give out the source, it should
be inaccessible to users of the application. but in general there is no
secure way to hide perl source if you want to distribute the program. if
your application is worth something, then honest users will pay for it
and you shouldn't need to hide the source.
uri
> dear all,
>
> I have a question. I have written a web application with perl,
> unfortunately everything written in perl, everyone can see all source
> codes I wrote. My question is is there anyway to protect those source
> codes? Compile or encrypt it?
>
if it is a web application and you don't give out the source, it should
be inaccessible to users of the application. but in general there is no
secure way to hide perl source if you want to distribute the program. if
your application is worth something, then honest users will pay for it
and you shouldn't need to hide the source.
uri
Uri Guttman
Jul 6, 2019, 11:30:04 PM7/6/19
to Eko Budiharto, Perl Beginners
On 7/6/19 11:10 PM, Eko Budiharto wrote:
> dear Uri,
>
> it is a web application but it is on premise. The user is not honest.
> That's why I am trying to find a way to protect the source code like
> in java we can compile into java class and still can be run.
please write to the list and not only to me. use a wide reply for that.
i cc'ed the list.
i am not sure what you mean by "on premise". what did you write that has
a dishonest user accessing it? there are ways to hide perl code but they
are all breakable with some skill needed. if your user isn't skilled or
doesn't want to get into the source, try one of those methods. you can
google around and find them.
but it would be better to write the code so that even a dishonest user
can't break in behind the code. the source code can be useless to them
if it accesses secure resources (e.g. a database or other server) with a
login/password that is not in the code.
uri
> dear Uri,
>
> it is a web application but it is on premise. The user is not honest.
> That's why I am trying to find a way to protect the source code like
> in java we can compile into java class and still can be run.
please write to the list and not only to me. use a wide reply for that.
i cc'ed the list.
i am not sure what you mean by "on premise". what did you write that has
a dishonest user accessing it? there are ways to hide perl code but they
are all breakable with some skill needed. if your user isn't skilled or
doesn't want to get into the source, try one of those methods. you can
google around and find them.
but it would be better to write the code so that even a dishonest user
can't break in behind the code. the source code can be useless to them
if it accesses secure resources (e.g. a database or other server) with a
login/password that is not in the code.
uri
Uri Guttman
Jul 6, 2019, 11:45:03 PM7/6/19
to begi...@perl.org
On 7/6/19 11:21 PM, Eko Budiharto wrote:
> dear Uri,
>
> it is a web application but it is on premise. The user is not honest.
> That's why I am trying to find a way to protect the source code like
> in java we can compile into java class and still can be run.
>
> I read some articles in the internet. Some method are using PAR,
> dear Uri,
>
> it is a web application but it is on premise. The user is not honest.
> That's why I am trying to find a way to protect the source code like
> in java we can compile into java class and still can be run.
>
> perlc, Filter::Crypto, acme::bleach, but I am not sure it will encrypt
> the source code and it still can be runnable.
>
> The application users of course cannot read the source code, but the
> sys admin can access the source code and this sys admin is a dishonest
> person. :)
>
the whole point of those methods is to 'hide' the code and keep it
runnable. you can try them out and see that they will keep the code
runnable. how well they 'hide' the code is a different story.
again, i am asking why this code is so valuable (and you are a new perl
coder it seems) that hiding it is so important.
you can easily get access to a different server away from this dishonest
admin and redirect your local script to the other place. since the admin
won't have access to the other server, it will be safe from viewing.
if this is so valuable, paying $5/month for a basic hosting service
would be worth your while.
uri
Shlomi Fish
Jul 8, 2019, 4:15:04 AM7/8/19
to Eko Budiharto, begi...@perl.org
Hi,
On Mon, 8 Jul 2019 08:44:46 +0700
Eko Budiharto <eko.bu...@gmail.com> wrote:
> dear all,
>
> first of all, thank you for the respond of my inquiry. And then, there
> is a few questions I would like to ask:
>
> 1. if someone takes your works and then he steals the credit by claiming
> the work is his work instead of your work, what will you do?
>
First note that it never happened to me.
Anyway, in this case, I will try to find evidence that I originated the works
first, e.g:
* https://en.wikipedia.org/wiki/Wayback_Machine
* https://en.wikipedia.org/wiki/Version_control histories
* https://en.wikipedia.org/wiki/Internet_forum archives
Note that I think the most restrictive licences I used are
https://en.wikipedia.org/w/index.php?title=CC-by-nc-sa&redirect=no and
https://en.wikipedia.org/wiki/Affero_General_Public_License which also allow
asserting copyright on derivative changes.
If the person who claims my work is theirs does not sue me for infringement, I
will likely not care much:
* https://fc-solve.shlomifish.org/faq.html#abuse_of_fc_solve
* https://www.mail-archive.com/linu...@cs.huji.ac.il/msg56378.html
> 2. if someone has a problem, he does not want to try to find a way to
> solve the problem first, and then he asks your help and then problem
> solved, then he is blaming the person who already helped him and
> claimed, that is his work. what will you do?
>
What do you mean?
> This is kind of some images of this dishonest person.
>
> I do not mind to share my code to the person, if he does not have that
> character.
>
> So far, I am using the perl code for web application in a hosting
> server. But this time, I have to create a web application on a on
> premise server.
>
> I am not an expert yet in perl and still learning although I know perl
> when I got still in my university 19 years ago.
>
> regards,
>
> Eko Budiharto
>
>
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
The Case for File Swapping - http://shlom.in/file-swap
Do you always begin conversations this way?
— https://en.wikipedia.org/wiki/The_Princess_Bride_%28film%29
Please reply to list if it's a mailing list post - http://shlom.in/reply .
On Mon, 8 Jul 2019 08:44:46 +0700
Eko Budiharto <eko.bu...@gmail.com> wrote:
> dear all,
>
> first of all, thank you for the respond of my inquiry. And then, there
> is a few questions I would like to ask:
>
> 1. if someone takes your works and then he steals the credit by claiming
> the work is his work instead of your work, what will you do?
>
First note that it never happened to me.
Anyway, in this case, I will try to find evidence that I originated the works
first, e.g:
* https://en.wikipedia.org/wiki/Wayback_Machine
* https://en.wikipedia.org/wiki/Version_control histories
* https://en.wikipedia.org/wiki/Internet_forum archives
Note that I think the most restrictive licences I used are
https://en.wikipedia.org/w/index.php?title=CC-by-nc-sa&redirect=no and
https://en.wikipedia.org/wiki/Affero_General_Public_License which also allow
asserting copyright on derivative changes.
If the person who claims my work is theirs does not sue me for infringement, I
will likely not care much:
* https://fc-solve.shlomifish.org/faq.html#abuse_of_fc_solve
* https://www.mail-archive.com/linu...@cs.huji.ac.il/msg56378.html
> 2. if someone has a problem, he does not want to try to find a way to
> solve the problem first, and then he asks your help and then problem
> solved, then he is blaming the person who already helped him and
> claimed, that is his work. what will you do?
>
What do you mean?
> This is kind of some images of this dishonest person.
>
> I do not mind to share my code to the person, if he does not have that
> character.
>
> So far, I am using the perl code for web application in a hosting
> server. But this time, I have to create a web application on a on
> premise server.
>
> I am not an expert yet in perl and still learning although I know perl
> when I got still in my university 19 years ago.
>
> regards,
>
> Eko Budiharto
>
>
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
The Case for File Swapping - http://shlom.in/file-swap
Do you always begin conversations this way?
— https://en.wikipedia.org/wiki/The_Princess_Bride_%28film%29
Please reply to list if it's a mailing list post - http://shlom.in/reply .
Shlomi Fish
Jul 8, 2019, 8:45:03 AM7/8/19
to Eko Budiharto, begi...@perl.org
On Mon, 8 Jul 2019 15:07:41 +0700
Eko Budiharto <eko.bu...@gmail.com> wrote:
> >> 2. if someone has a problem, he does not want to try to find a way to
> >> solve the problem first, and then he asks your help and then problem
> >> solved, then he is blaming the person who already helped him and
> >> claimed, that is his work. what will you do?
> >>
> > What do you mean?
> >
> >
> dear Shlomi,
Eko Budiharto <eko.bu...@gmail.com> wrote:
> >> 2. if someone has a problem, he does not want to try to find a way to
> >> solve the problem first, and then he asks your help and then problem
> >> solved, then he is blaming the person who already helped him and
> >> claimed, that is his work. what will you do?
> >>
> > What do you mean?
> >
> >
>
> what I mean in this one is the person has a problem, but he does not
> make any efforts first, he just ask the solution from someone else.
> After the problem is solved, he blames the person.
>
> For example:
>
> I have a problem and then I do not do anything or make my own effort and
> then I ask your help to solve it for me. After the problem solved
> because you helped me, I blame you instead you being grateful and thank
> you and plus I said to anyone that I am the one who solved if instead of
> your name.
>
I understand now, thanks. That seems like a very ungrateful and "bastard"y
thing to do. I won't like it, but not sure how i'll act.
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
An apple a day keeps the doctor away.
Two apples a day will keep two doctors away.
— one of Shlomi Fish’s relatives
0 new messages