Hi Paul,
I'm really sorry for violating the group-guidelines.
I searched the web for "perl obfuscator" and found some scripts which
do nothing else than renaming variables and functions and removing line
feeds. But this doesn't give me security....
Let me explain what I want to do (maybe I should have done this 2 posts
before...)
I'm writing a web-application which consists of a bunch of
perl-scripts. I want to implement license management, so someone will
be able to buy a 100 user license, install it (from inside the
web-frontend) and then use the frontend until the 100 users are
created. My fear is that someone could uncomment the appropriate
function in the code and set for example "return 1000;".
I read about the Bytecode module. It precompiles perl-code to the
internal bytecode-format and from this point it isn't readable any
more, but it can be easily decompiled. So I thought that there must be
some thing like the java-bytecode-obfuscator which makes the
decompilation even more difficult.
Another thought was to use the Filter::... plugin and use a usual
cypher algorythm to decode the code which was first encoded with the
license or even a part of it. another idea was to invlove gnupg in this
process but it would be some sort of overkill and implementing this
sort of function wouldn't be safe because everyone could easily catch
the output/decryption-key and simplify this...
I don't know if perl-compiler like perlcc would work in a
cgi-environment.... so I came here and asked (granted, in very short
and unmeaningful sentences) you for a better solution or for your
thoughts...
Thanks anyway.
Best regards,
Manuel
---
-----------
Manu said:
Maybe I should specify this question a bit.
What question? You haven't asked a question yet.
Oh, you're replying to a previous post, without quoting any context,
that was apparently written by you, but with a different From: name.
Have you read the posting guidelines for this group yet?
I found the appropriate entry and read (and probably) understand it,
You understand what? What did you read? It's difficult for anyone to
give you additional suggestions if we don't know what suggestions
you've already been given.
but I want to know if there is something similar to the java-obfuscator
which makes pre-compiled source-code undecompileable.
^^^^^^^^^^^^^^^^^^^^^^^^^^^
As far as I know, that's a myth. No such animal. But I won't preclude
the possibility that I'm wrong.
Maybe there is a ready-to-use solution for this common task.
If you want to deliver an executable program written in Perl without
the need for an external perl interpreter, have a look at perlcc
(included with perl) or perl2exe (not).
If you want to "protect" your source from people copying it, hire a
lawyer. Seriously. Trying to "hide" your source by compiling it is
simply not an effective way to prevent it being used without your
authorization. That's what trademark, copyright, and intellectual
property laws are for.
Paul Lalli
If this is a web app, what about having your app either use a stub
through xs or query your main server for authentication once daily.
Consider what you asking. Even if you send out a binary, the binary
codes can be reverse engineered. After all a CPU accepts binary codes
that the CPU interpretes. These codes can be reversed, too.
Anything you publish can be reversed. The deciding factor is how
much pain someone wants to go through to do the reverse engineering.
Mike