[prog] 'protecting' perl code

Riccarda Cassini riccarda.cassini at gmx.de
Fri May 7 15:31:44 EST 2004 

Hi Jacinta,
thank you very much for your detailed response!

Jacinta Richardson wrote:
> 
> Having said that, if the target machine for the code is Windows then you
> might have some advantage in trying:
> 
> Activestate PerlApp : 
> http://www.activestate.com/Products/ASPN_Perl/more_information.plex
> 
> or 
> 
> the Perl Archive Toolkit:
> http://search.cpan.org/~autrijus/PAR-0.80/lib/PAR.pm
> 
> or
> 
> perl2exe 
> http://www.indigostar.com/perl2exe.htm
> 	
> 
> These do not "compile" your scripts.  They encrypt it (or obscure it in
> some way) and then bundle it into an exe file.  As the Perl interpreter
> is also placed in the exe (so that you can distribute a single exe to
> machines without Perl) the exe can be sizable.
> 
> If your target machine is a *nix, then it's harder.  (ActiveState's tool
> may actually work here too)

Actually, it's for various flavors of unix (mainly HP-UX and Linux).
No Windows, currently.  Maybe I should have mentioned this initially.

Btw, PAR seems to be mostly platform independent, if I understood this
correctly. It seems to be remotely similar to "jar" for Java, only for
Perl, i.e. a tool to pack various things together for convenient
distribution and deployment. (Or have I misunderstood something?)

> 
> > I googled a bit, but all I found were a few commercial solutions (source
> > code obfuscators like Perlguardian, Perl-obfus, etc.), and rather
> > heated discussions about why you should never ever do such a thing at
> > all, as it would be a breach of the open source philosophy, ethically.
> 
> In my opinion it would be a breach of code maintainability, patchability,
> and system resource usage policies.  But that might just be me.  :)

I essentially agree with you here.  I generally consider open source a
good thing, and I wouldn't feel inclined to use such tools myself.

On the other hand, I don't see any fundamental issues with implementing
such a tool, if someone wants to have one for some special, dedicated
purpose - I mean, ultimately it's their decision, not mine. I probably
couldn't stop them from finding some other method, anyway.

Also, I'd just find the topic interesting from a purely technical
perspective. I guess it's a good possibility to learn a lot of things
along the way.

Anyhow, it definitely wasn't my intention to start another one of those
heated debates here... (count me out, if anyone wants to go on with it).


> I'd normally say that if you were determined to do this you should get a
> commercial package to do it for you.

Maybe that's the way to go... If so, I'd suggest that to my client.

On the other hand, it doesn't seem entirely impossible to write your
own custom solution, if I understood Almut correctly - though you seem
to hold a slightly different view in that respect ;-)

(It's definitely above my head to participate in that discussion, so
I'll just wait how that unfolds...)


> However, having seen some of the other commercial
> solutions... well some of them break things badly.

May I ask in what way?  Certain code constructs failing?  Also, if
you have any specific experiences with particular commercial tools, I'd
definitely be interested in which tools you'd better want to avoid...

> 
> To hide your source code does not stop pirating any way. Most of the
> time, they don't care your source code at all, what they want to steal
> is the functionality your code delivers. What they want is money without
> effort, to study your source code is too long a way to go.

Well, it seems to be sort of the other way round here: he wants people
from other companies to be able to make use of a bunch of his perl
scripts (for free), to ease collaboration with them.  But he doesn't
also want to disclose the algorithms to his competitors, because that's
where he and his company put the main work in.
(On the other hand, the algorithms are not that top secret that anyone
would find it worth hiring some highly paid specialist to reverse
engineer the scripts. It's just that people would be curious enough to
take a look at the code, if it was unencrypted.)

At least that's what he told me.  He might just as well be planning to
use it out of shame over code quality, or whatever - I don't know, you
cannot really look into people's heads...

> 
> I guess your client has to work out why they want to do this.  Illegally
> copying and distributing obscured Perl is just as easy as non-obscured
> Perl.

I don't think that's his motivation.


Thanks again!

Riccarda



-- 
NEU : GMX Internet.FreeDSL
Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl

More information about the Programming mailing list