Security

Ned Konz ned at bike-nomad.com
Fri Dec 6 00:38:35 UTC 2002


On Thursday 05 December 2002 04:00 pm, Gustavo Pistoia wrote:

>   Is there any possibility to protect the source code?
>   I'm thinking to implement an application for a client, but I
> don't want them to see the code.
>   I have a lot of tools in Java to build this application, but I
> know the opportinities I have with squeak.

First, look at a couple of FAQs on the Squeak Swiki:
http://minnow.cc.gatech.edu/squeak/778
http://minnow.cc.gatech.edu/squeak/780

It depends on how hard they're going to try to get to the code.

You will want to avoid shipping the changes file, as this may contain 
the text of your program. And there should be no need to ship the 
sources file.

As part of the normal application packaging procedure, you probably 
will want to disable the various keystrokes and menus that are part 
of the programming environment, and disable the opportunity to open 
up the debugger or interrupt the program using the interrupt 
keystroke.

I've posted a change set that does much of this:
http://swiki.gsug.org:8080/sqfixes/2695.html

You may also want to remove the browsers and debugger, and maybe the 
decompiler too.

It would be hard (but not impossible) to get to the sources in such an 
image. A Squeak expert could still do it using the 
InterpreterSimulator, but someone who could do that would probably 
not be interested in stealing your code. They'd undoubtedly prefer to 
write a new, improved version themselves.

Good luck,
-- 
Ned Konz
http://bike-nomad.com
GPG key ID: BEEA7EFE




More information about the Squeak-dev mailing list