Data Protection (was: Another CGI question. Keeping an array over more than one Webpage

Pierre Sahores psahores at easynet.fr
Sun May 9 14:27:00 EDT 2004 

Hello Alejandro and All,

Le 9 mai 04, à 02:25, Alejandro Tejada a écrit :

> on Sat, 8 May 2004 00:39:58 +0200
> Pierre Sahores wrote in response to Alejandro Tejada:
>
>>> By the way, talking about protection of data,
>>> Does exist a way to get the contents or
>>> the scripts of stacks opened directly in the
>>> engine, downloaded from the web?
>>> Someone told me that it's possible to make a dump
>>> of the memory and take the data from the resulting
>>> file. It's really possible to get a stack from a
>>> dumped memory file?
>
>> Even if it's, in theory, possible, suppose, just as
>> an example, in
>> between many other possibles ways :
>>
>> 1.- your main stack is password protected ;
>> 2.- this stack contains substacks protected by
>> randomly set passwords ;
>> 3.- the mainstack herits from the substacks stack's
>> and/or card's
>> scripts by activating them as front and back
>> scripts...
>>
>> No sure it will be a piece of cake to rebuild all
>> the stuff needed to
>> get the stack cracked and runable at the same
>> time...
>
> Pierre, you work in the Linux platform, where these
> kind of memory dump tools are common.

100% true ! It's why is it's always a very bad idea to use only one 
scheme to protect a program against unauthorised use, copy, 
duplication, etc...
>
> Could you make a small test with a password protected
> stack and another unprotected, in the next weekend?

Unneeded, as long as we are ok with the fact that we need to use a 
multiple encryptation states and protocols method to set-up a real 
difficult to crack protection scheme. Even the DES or RSA ways with 
nothing more would be like travelling over the seas in a Zepplin just 
token out from its museum... This kind of fly would, probably, in many 
cases, become very dangerous and not only under the windows platform ;)
>
> Read the information in this page:
>
> http://www.nii.co.in/vuln/crypt.html
>
>> I remember an hypercard stack i did so uncrackable,
>> uncopyable, etc...
>> that i could never restart it until i took together
>> an old unprotected
>> issue of it and the source code of the protected
>> stack to build a new one...
>
> This is very interesting. Do you remember the approach
> that you take to create this kind of protection?

Mainly, the method had to do with splitting the app in two parts (a 
splash screen stack, the main stacks of the app) where the splash 
screen was popping up, on startup, to ask for a password to the user. 
The password input was compared to to reference' one inside an XFCN res 
stored in one of the main stacks of the app, trough an XFCN 
encryptation/decryptation proc res able to start only if a third res 
was present in the MacOS 8 system's library. One of the main part of 
the "game" consisted in having this discrete system's res installed 
when the authorised user launched the app, for the first time, on a new 
box.

Each time the user was launching the app, he had to enter the password 
and if the input didn't launch the verification proc or match the right 
password reference, the app was just quitting before any main stacks of 
the app comes up in ram (not started at all)... To the end, there was 
some more procs in about the protection of the main stacks too ;)

>> In about protecting code and apps, the key
>> features are in the
>> design, lots more than in the technical tasks...
>
> Agreed, but when we are working with other people's
> data, safekeeping it's a 24 hour requisite.
>
> Thanks a lot for your insights!
>

You welcome,

Best, Pierre

BTW : just a little off topic... Do you have any web docs entry points 
to share about streaming QT/MP4 contents in a "one to many" sheme, 
runnable in IPV4, without having to send a different stream to each 
conected user, something like binding the IPV6 broadcast address witch 
could work in IPV4 mode ?... IPV6 is so great, as dream ;)

Thanks a lot :)

> al
>
> =====
> Visit my site:
> http://www.geocities.com/capellan2000/
> Search the mail list:
> http://mindlube.com/cgi-bin/search-use-rev.cgi
>
>
> 	
> 		
> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs
> http://hotjobs.sweepstakes.yahoo.com/careermakeover
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/use-revolution
>

More information about the use-livecode mailing list