Differences between Commercial and Community versions of LiveCode

[Mark Waddingham]

On 2018-06-06 22:29, Bob Sneidar via use-livecode wrote:
> I do the same thing, but if they can get to your code, they can
> discern how you get your salt.

Yes - essentially - although I did miss out making one important 
point...

If you are using community (i.e. GPL) then there is nothing you can do 
here to protect anything embedded in the code:

Your app is open-source, so you must provide ALL the source-code - 
admittedly that doesn't mean you must provide any 'secret keys' but 
where there are will be obvious as the source has to be for the build 
you distributed.

LiveCode community is open-source (GPL) - this means all code for it is 
publicly available.

If LiveCode Community included code which did obfuscate code in built 
apps (which it could) then it doesn't do you any good - because the code 
which deobfuscates at runtime so the code of your app can run also has 
to be open-source and thus visible.

i.e. A suitably motivated individual would just need to invert the code 
run when building the app, so that it can take a built app and spit out 
what it was built from.

Upshot: In a GPL app code can never be secret as it violates the terms 
of the license - so using code to protect 'secrets' which are included 
in a GPL app doesn't work.

Of course, I'm not sure I'm entirely clear on what Tom is needing 
'secret' salts for, so can't really comment on that specific case.

Warmest Regards,

Mark.

P.S. I'd suggest any use of the word 'hacking' in association with GPL 
software you put on a local machine is somewhat silly - one of the 
reasons the GPL came about in the first place was to guarantee the right 
of hacking around with the source-code for the software you receive!

-- 
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps