|How to protect your perl code?|
copy protection, compilers?
Hi Webmasters, a client had a problem with his internet connection, it went dead for a whole day and intermittent for many hours after that. A lot of online services went down in that incident.
The client wants everything he can get inside his local server, in fact that's a very good idea as no storm will cut his connection from his pc to the server (right in the next room). The thing is how do I protect the apps I wrote for that client?
Having my apps on my server helps me to keep my apps safe, away from any tech copying the source code or modifying it. I can install the app on his server and make it work as on the internal network, of course that involves explaining the client that a lot of bad things might happen there... with no responsibility on my side, but what worries me is others copying my apps.
is there a way to avoid others looking into my perl source code? some sort of compiler? then I can get the scripts to run only on one machine and if copied, refuse to run.
Thanks in advance
There are no effective measures to protect your source.
You can, of course, run it through an obfuscation script that replaces meaningful variable names with var1 var2 var3 etc, and you can write complicated checks to see wether this is a licensed machine, but in the end, you cannot protect the source from someone who really wants to copy or modify it.
of course, you can make it hard for the average person to get your source, by not giving him access to the machine, even if it's located in his office, or putting it inside a virtual machine that he doesn't have access to, but either it's painful (virtual machine with encrypted harddisk that you have to decrypt with your passphrase whenever it is rebooted) or less secure.
1. I have in mind putting checking procedures in certain scripts to detect any modification and then stop from working (but first the script will send me a notification).
2. I also have the idea of leaving an open door so when the scripts detects any mod and notifies me, I could shut it down via url or making the app to lock itself.
You gave me a very good idea. Instead on working with an obfuscation script I think more about encryption but not on a virtual machine basis. My first option was setting up a Linux Box and your suggestion makes me think I might have the solution on the Linux file system itself configuring the server to boot and auto login but giving no access to the files (my source code) via users and permissions. I'm researching now about the security of this approach.
I also know I can encrypt the full file system, so there goes another option. Both options offer a way to have the server running but nobody being able to access those files, it would be just as if the server was far away.
Ajax-ify things, keep the scripts on your server and provide SaaS.
Thanks, my app uses ajax. In this case the client wants to be able of using it locally, even with no internet (it will be a local network).
By now I'm already experimenting with user accounts and privilege administration under Linux, it seems to work, still lots to test about it.
There are 3 options of encrypting Perl code:
1. Use PAR with PAR::Filter::Obfuscate or PAR::Filter::Crypto
2. Use Filter::Crypto::CryptFile (will require some modules installed on target OS)
3. Turn into module and encrypt into Module::Crypt.
thanks chorny, checking out...