> On 7/6/19 11:21 PM, Eko Budiharto wrote: > > it is a web application but it is on premise. The user is not honest. > > That's why I am trying to find a way to protect the source code like > > in java we can compile into java class and still can be run.
That's a false sense of securtiy. A sufficiently "dishonest" person can decompile your class files back into source. It may not be the original source, comments may be lost, function names and variables may become nonsensical, ( but this last part typically requires additional obfuscation beyond the standard java compiler ) But the logic, the interface, and all the metadata required to make backtraces remotely comprehensible, is all still there for anyone who wants to look. > > > > I read some articles in the internet. Some method are using PAR, > > perlc, Filter::Crypto, acme::bleach, but I am not sure it will encrypt > > the source code and it still can be runnable. Perl is basically the same, you can make it harder for the laziest of people to obtain readable source code, but ultimately, all these systems are obfuscation, _not_ protection, they all internally decode the code first before handing it over to the perl interpreter, as that's the only way to get it to execute. All an enterprising person has to do is put some glue between that decoder and the perl runtime, and the code reveals itself. Or ... you simply need to have that decoded stuff loaded in memory, and then point deparse at the in-memory function, and it will spit out something that looks a lot like the original code. In short, the time invested in this aspect will basically cost you money, without materially giving you anything for it. And worse, it increases the odds that your code will randomly stop working, frustrating your user, making them swear to never do business with you again, _AND_ then forcing them to attempt to break your "protection" in order to fix their broken code. Just don't bother. Either simply place the software on a platform where they have no access to any form of the code whatsoever, not even in its executable state ( as Uri says ), or put an Iron Clad contract on it that empowers you to sue the pants off them if they do anything you don't like with it. Spend your time working on making a great product that works and makes them happy so they never *need* to reverse-engineer it, so they never *need* to compete with you, and you'll have a customer for life. Don't waste time and money on misguided attempts at "protecting your code" which will only make you enemies and give your competition the advantage. ( This stupidity has been tried ad-infinitum in everything, and entire websites now exist for the sole purpose of distributing defeat mechanisms, and distributing defeated copies of the software. Its an arms race, one you will ultimately lose. ) -- Kent KENTNL - https://metacpan.org/author/KENTNL -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
