What is important is to understand the ratio attacker vs. defense. It is important not to be paranoid. - against who are you protect yourself? - if you do not ship source code (or if you ofuscate it) - you can try remove the decompiler I do not think that people will do much. Now again how much time and for what?
Stef On Tue, Sep 26, 2017 at 8:03 PM, Peter Uhnák <i.uh...@gmail.com> wrote: > Out of curiosity... how does enforcing headlessness protects code? Wouldn't > it be still accessible via e.g. TelePharo, or startup script override, or > anything? > > Peter > > On Tue, Sep 26, 2017 at 7:04 PM, Sven Van Caekenberghe <s...@stfx.eu> wrote: >> >> >> > On 26 Sep 2017, at 18:06, Cyril Ferlicot <cyril.ferli...@gmail.com> >> > wrote: >> > >> > On Tue, Sep 26, 2017 at 5:59 PM, Esteban Lorenzano <esteba...@gmail.com> >> > wrote: >> >> >> >> >> >> it is not. >> >> specially on windows. >> >> >> >> vm handles the creation of host window and you will always have one. >> >> >> >> now… if you wait one week, I will have ready the (experimental) real >> >> headless VMs. In my tests, they are working fine but we will still need to >> >> work when we want to actually start a world window… but that’s another >> >> story >> >> ;) >> >> >> > >> > I don't think we can wait Pharo 7 before doing this task. But I can >> > still try it when you're done. >> > >> > With this, will it be possible to totally disable the non headless >> > mode in production? >> >> Why not do as follows: >> >> (1) add some startup code inside the image that tests if the image is >> running headless, if not exit >> (2) remove some of the command line handlers (especially the ones that >> execute or load code) >> >> Problem is that you will lock yourself out as well ;-) >> >> >> Esteban >> >> >> >> >> >> >> > >> > >> > >> > -- >> > Cyril Ferlicot >> > https://ferlicot.fr >> > >> > http://www.synectique.eu >> > 2 rue Jacques Prévert 01, >> > 59650 Villeneuve d'ascq France >> > >> >> >
