[squeak-dev] Securing access to the .changes file

Herbert König herbertkoenig at gmx.net
Tue Apr 18 17:41:01 UTC 2017


Hi Hari,

that's a simple experiment. Disable warnIfNoChangesFile and 
warnIfNoSourcesFile, move both files away and open your image.

Now if browsing code all your temp vars will be named t1, t2 ... that's 
all. The rest can be decompiled due to the dynamic nature of Smalltalk.

If you look how mcz are read an written (they are just zipped files) you 
could use the same technique to en- and decrypt code you file in instead 
of zipping and unzipping them. Look at: GZipReadStream>>fileIn:

But please read my reply to your other mail.


Cheers,

Herbert

Am 18.04.2017 um 18:02 schrieb Hari:
> Hi Vaidotas,
> My app downloads code updates from the server and files them in. Will this
> be possible with your suggestion?
> I'm looking at "openSources: sourcesName andChanges: changesName forImage:
> imageName" in FileDirectory. It appears to need this file. I wonder if I can
> encrypt and decrypt writing and reading sources.
> Kind regards,
> Hari
>
>
>
> --
> View this message in context: http://forum.world.st/Ma-Client-Server-Squeak-launch-issues-tp4928722p4942559.html
> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>



More information about the Squeak-dev mailing list