Protecting Code
kee nethery
kee at kagi.com
Sat Apr 24 12:06:14 EDT 2004
On Apr 23, 2004, at 10:53 PM, Cubist at aol.com wrote:
> sez kee at kagi.com:
>> If I was going to create Revolution code that I wanted to give to
>> others but that I wanted to make sure that they could not change in
>> the
>> Revolution Editor, how would I protect it? I'd want people to be able
>> to call it and compile it into their standalone apps. My preference is
>> to not use an XCMD kind of thing because I'd like to write once, lock,
>> and then allow people to deploy everywhere.
> I don't think what you're asking for is possible. If you don't want
> to go
> the XCMD route, your code *will* be plain vanilla ASCII at some point,
> and
> anyone who wants to muck with said code will be able to do so at that
> point.
> Perhaps if I knew what goal you're striving towards, I might be able
> to offer some
> helpful advice: Are you trying to stop code thieves, or are you trying
> to
> ensure that the user will always have a pristine copy of your code in
> case they
> *do* screw it up horribly, or what?
We are going to have a Kagi Registration Module for RunRev and that
module will basically be a mini-store that someone would embed into
their RunRev application. When the customer decides to buy, the app
would call the KRM, it would gather customer purchase data (including
credit card info) bundle it up, send it securely to Kagi, Kagi
processes it, generates a registration code, and sends that code back
to the app, the app installs the code and the entire purchase cycle is
complete.
Want to make sure that it is less than trivial for a malicious coder to
take the KRM, and hook extra code into it that would send the credit
card data to some other server that should not be receiving credit card
data, embed the modified KRM into software that they are selling, and
then use KRM to steal credit cards.
I realize that in the end, everything is modifiable if you really know
your stuff and that less than trivial does not mean impossible. The
goal is to make it difficult to make these kinds of mods. Ultimately
the protection against this happening is that we will see the pattern
and we will be able to call in police to arrest the software author who
might do such a thing. I'd just like to make it difficult for someone
to consider this avenue of crime. It would be a rather stupid crime
given that only one person could commit it (the software author) and
the proof would be easy to establish (their software, their server).
The reason for regular runrev code versus an XCMD is that we would like
to "write once run everywhere" by making this as standard as possible.
Thanks, Kee Nethery
More information about the use-livecode
mailing list