homepage Welcome to WebmasterWorld Guest from 54.167.138.53
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
How to protect your perl code?
copy protection, compilers?
explorador

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4142089 posted 5:16 pm on May 27, 2010 (gmt 0)

Hi Webmasters, a client had a problem with his internet connection, it went dead for a whole day and intermittent for many hours after that. A lot of online services went down in that incident.

The client wants everything he can get inside his local server, in fact that's a very good idea as no storm will cut his connection from his pc to the server (right in the next room). The thing is how do I protect the apps I wrote for that client?

Having my apps on my server helps me to keep my apps safe, away from any tech copying the source code or modifying it. I can install the app on his server and make it work as on the internal network, of course that involves explaining the client that a lot of bad things might happen there... with no responsibility on my side, but what worries me is others copying my apps.

is there a way to avoid others looking into my perl source code? some sort of compiler? then I can get the scripts to run only on one machine and if copied, refuse to run.

Thanks in advance

 

janharders

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4142089 posted 11:09 am on May 28, 2010 (gmt 0)

There are no effective measures to protect your source.
You can, of course, run it through an obfuscation script that replaces meaningful variable names with var1 var2 var3 etc, and you can write complicated checks to see wether this is a licensed machine, but in the end, you cannot protect the source from someone who really wants to copy or modify it.
of course, you can make it hard for the average person to get your source, by not giving him access to the machine, even if it's located in his office, or putting it inside a virtual machine that he doesn't have access to, but either it's painful (virtual machine with encrypted harddisk that you have to decrypt with your passphrase whenever it is rebooted) or less secure.

explorador

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4142089 posted 4:03 pm on May 28, 2010 (gmt 0)

Thanks janharders,

1. I have in mind putting checking procedures in certain scripts to detect any modification and then stop from working (but first the script will send me a notification).

2. I also have the idea of leaving an open door so when the scripts detects any mod and notifies me, I could shut it down via url or making the app to lock itself.

You gave me a very good idea. Instead on working with an obfuscation script I think more about encryption but not on a virtual machine basis. My first option was setting up a Linux Box and your suggestion makes me think I might have the solution on the Linux file system itself configuring the server to boot and auto login but giving no access to the files (my source code) via users and permissions. I'm researching now about the security of this approach.

I also know I can encrypt the full file system, so there goes another option. Both options offer a way to have the server running but nobody being able to access those files, it would be just as if the server was far away.

Thanks again

lexipixel

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4142089 posted 9:31 pm on May 28, 2010 (gmt 0)

Ajax-ify things, keep the scripts on your server and provide SaaS.

explorador

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4142089 posted 3:00 am on May 29, 2010 (gmt 0)

Thanks, my app uses ajax. In this case the client wants to be able of using it locally, even with no internet (it will be a local network).

By now I'm already experimenting with user accounts and privilege administration under Linux, it seems to work, still lots to test about it.

chorny

5+ Year Member



 
Msg#: 4142089 posted 8:24 pm on Jun 6, 2010 (gmt 0)

There are 3 options of encrypting Perl code:

1. Use PAR with PAR::Filter::Obfuscate or PAR::Filter::Crypto

2. Use Filter::Crypto::CryptFile (will require some modules installed on target OS)

3. Turn into module and encrypt into Module::Crypt.

explorador

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4142089 posted 5:10 pm on Jun 14, 2010 (gmt 0)

thanks chorny, checking out...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved