Internal security of Rev?

John Tregea john at debraneys.com
Wed Jul 12 01:34:47 EDT 2006


Yikes!, that point number 4 is a tall order. But happily it is one of 
the core parts of what we do and how we are able to do it.

My boss always said, "how can you write software to help people be 
organised if you can't even keep your sock drawer tidy?". Mind you I 
don't know that she had ever seen my sock drawer, but my office drawer 
may have given her a clue O:-) .

So the short answer is we take a plenty of time to get things right 
(three years on the current development) (nearly a year of evaluations 
looking for the correct development environment and database 
combination) and back up everything we do regardless of what it takes to 
fix a problem (if it is of our making). I did say this was the short 
answer, so I better shut-up now.

Thanks for all the assistance, I was hesitant to ask as we are still in 
evaluation mode and not a licensed user yet. (soon though, soon :-) )

John T


Dar Scott wrote:
>
> On Jul 11, 2006, at 8:56 PM, John Tregea wrote:
>
>> Like putting a big padlock on the door with a note stuck to it saying 
>> "the key is under the mat".
>
> Yes.
>
> You need to write the note in pig-latin.
>
> (almost) The best you can do is obfuscation.  Don't put your key in 
> one place.  Don't leave your key in your code in a form that looks 
> like a key from an editor.  Don't use a script that can be seen by a 
> text editor.  Even machine language is just obfuscation.  Everybody 
> has this same problem to some degree.
>
> However, there are a few things you can do.
>
> 1
> If you assume a paying customer is less likely to try to break your 
> encryption, then put part or all of the decryption key in the software 
> enabling key (serial number or whatever you call it).
>
> 2
> Don't put all your eggs in one basket.  Don't use the same encryption 
> key for all modules or all products.  This is even better when 
> combined with #1.
>
> 3
> Don't keep decrypted pieces in files.  Not very long, if you have to.
>
> And most of all...
>
> 4
> Keep motivation by sneaks low:  Keep your price low.  Come out with 
> something better, soon.  Provide good support.  Fix bugs.  Make sure 
> the software is flexible.  Be ready to license and supply OEM 
> components.  Your happy customers will never notice that there is an 
> encryption challenge; be ahead of them on what you give them.
>
> Dar Scott
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>



More information about the use-livecode mailing list