On Wed, Sep 24, 2008 at 08:05:18AM -0700, David Fetter wrote: > C is not magic obfuscation gear. Anybody with a debugger can expose > what it's doing. There have been math papers showing that it's > impossible to hide the functionality of a piece of software based only > on the ability to run it, so the entire prospect of obscuring the > software's functionality when people can send arbitrary inputs to it > is one of those "known-impossible" problems like the halting problem.
To be fair, one of the points that others are trying to make is not "secure this function for real" but "secure this function enough to make it a little costly." Sure, someone with a debugger and probably not much work could figure out what the function is. If all you're trying to do is make it expensive for dodgy software shops to re-use your code, however, this is probably enough: the sort of person who thinks re-using someone else's undocumented code is easier than writing it from scratch is probably not going to go to the trouble of really learning the code via debugging tools. As a defence against criminally lazy developers, "compliled C code" is probably good enough. (Of course, clever non-C code is probably also enough, in my opinion, but obviously others disagree.) A -- Andrew Sullivan [EMAIL PROTECTED] +1 503 667 4564 x104 http://www.commandprompt.com/ -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
