[Zope] Zope+Python source-code security

dman dman@dman.ddts.net
Tue, 30 Apr 2002 11:12:33 -0500


--UlVJffcvxoiEqYs2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 30, 2002 at 09:16:31AM -0600, Paul Erickson wrote:

| It sounds like you need to use something that is both compiled and not=20
| decompileable.=20

No such thing exists.  Actually
    cat </dev/random >the_app.exe
will provide such a thing, but obviously it won't solve the customer's
problem <0.5 wink>.

| This eliminates Java, Python, PHP, Perl, ruby.  It probably also
| eliminates .Net - you could ship just the intermediate language
| stuff, but then they could see and possibly modify that.
|=20
| In my world, that leaves you with C and C++, which aren't real great for=
=20
| web development, because of development time and potential core dumps.

Someone with determination can still disassemble the resultant binary.

| Sounds like a tough position to be in.

It sounds like a social solution is needed for this social problem.
Have your company's lawyers develop a suitable license/contract that
provides ways for you to determine whether or not the customer has
stolen your product and provides a means for prosecuting.

-D

--=20

The light of the righteous shines brightly,
but the lamp of the wicked is snuffed out.
        Proverbs 13:9
=20
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg


--UlVJffcvxoiEqYs2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzOwnAACgkQO8l8XBKTpRRS6wCfUdRqPcoEXt8WX8L4wY7NUIwL
65MAoIExJx/wd4HKMVjO7Eh3xCqOHkzD
=q4ip
-----END PGP SIGNATURE-----

--UlVJffcvxoiEqYs2--