On Wed, May 18, 2011 at 12:36 AM, Hans Georg Schaathun <h...@schaathun.net> wrote: > On Mon, 16 May 2011 23:42:40 +0100, Rhodri James > <rho...@wildebst.demon.co.uk> wrote: > : ...which is, of course, not exactly secure either. A sufficiently > : determined hacker won't have much trouble disassembling a shared library > : even if you do strip out all the debug information. By chance I'm having > : to do something closely related to this at work just at the moment; it's > : hard, but far from impossible. > > But then, nothing is secure in any absolute sense.
If you're talking security and not philosophy, there is such a thing as a secure system. As a developer you should aim for it. > The best you can > do with all your security efforts is to manage risk. Since obfuscation > increases the cost of mounting an attack, it also reduces risk, > and thereby provides some level of security. The on-the-ground reality is that it doesn't. Lack of access to the source code has not kept windows or adobe acrobat or flash player secure, and they have large full-time security teams, and as you might imagine from the amount of malware floating around targeting those systems there are a lot of people who have these skills in spades. > Obviously, if your threat sources are dedicated hackers or maybe MI5, > there is no point bothering with obfuscation, but if your threat source > is script kiddies, then it might be quite effective. On the theory that any attack model without an adversary is automatically secure? Geremy Condra -- http://mail.python.org/mailman/listinfo/python-list
