Internal security of Rev?

John Tregea john at debraneys.com
Tue Jul 11 21:49:28 EDT 2006


Hi all,

I have evaluated Rev a couple of times across the last few version 
releases and feel quite satisfied that it will enable us to achieve the 
things we want in terms of commercial product development.

I have a question about the readability of the scripts "source code" of 
an application once it is built as a standalone. I have seen the 
"encrypt with password" option in the standalone settings but want to 
know if anyone can tell me how secure this option is.

Our application will be used to front end a database that contains 
classified information, the initial login account details would have to 
be stored in the Rev application (inside custom properties ?). I know I 
can base64encode the username and password for the database before 
putting them into the custom properties, but if someone is able to read 
my script, they could discover which custom properties I use and how to 
decode the information. This would eventually lead them to a direct 
connection to the database and the potential for SQL injection attacks 
etc. on the back end.

Other steps I intend to take is to put the front end rev application on 
a U3 drive and encode the drive serial number uniquely into the rev app 
to stop it being copied and run from another location (effective copy 
protection, I hope). I also thought to measure the available space on 
the volume [diskSpace] where the application is first installed (U3 
drive) and check it each time the application launches (quitting if the 
disk space is greater than the original space on the initial installed 
USB device).

Any other experiences/ideas/suggestions would be greatly appreciated.

If all is OK, then I can get the enterprise product and formally join 
your community...

Thanks and regards

John T.



More information about the use-livecode mailing list