Re: AppleScript feature request - encryption
Re: AppleScript feature request - encryption
- Subject: Re: AppleScript feature request - encryption
- From: has <email@hidden>
- Date: Tue, 15 Mar 2005 15:08:03 +0000
Martin Orpen wrote:
I've been asked to create some scripts that I'd really like to keep very
*hush hush* from both the client and the end users.
AppleScript's "read only" protection was kind of OK up to and including OS
9, but with OS X you can retrieve all the AppleEvents, variables names and
shell commands with one very basic shell tool :-(
There's no difference between AppleScript bytecode on OS 9 and OS X.
It's always been possible to extract string data from read-only
scripts with very little effort; anyone could write a script to do
this in about five minutes flat, OS X's bundled 'strings' tool merely
saves five minutes.
Does anybody else feel that Apple should include some form of encryption so
that at least the AppleEvents in the read only scripts and applications are
a little harder to get at?
You mean like OS-enforced DRM? Hmmm, "Be careful what you wish
for..." and all that.
Or maybe there's a workaround that I'm unaware of?
Harsh fact of life: anything that can be compiled can be decompiled:
<http://en.wikipedia.org/wiki/Reverse_engineering>
<http://en.wikipedia.org/wiki/Software_cracking>
<http://en.wikipedia.org/wiki/Warez>
All you can really do is try to make cracking your scripts more
effort than it's worth. For example, obfuscating important variable
names and strings so they're less meaningful to anyone viewing the
raw bytecode should at least deter casual snoopers.
OTOH, if your AppleScript code is particularly valuable, a reasonably
determined cracker could reverse-engineer the AppleScript bytecode
format and write a decompiler to convert your "read-only" compiled
scripts back into source code. AppleScript, like other scripting
languages, is designed for convenience, not for security.
If that's a possibility, you could try writing the key sections of
code in something like C, as compiled machine code is harder to crack
than interpreted bytecode. Maybe run it through a commercial C
obfuscator too if you're really worried. Or perhaps go for a
completely different approach, such as a client-server architecture
where the main program resides on a well secured server, out of the
reach of remote prying eyes, exposing only those services clients
need direct access to. And so on.
HTH
has
--
http://freespace.virgin.net/hamish.sanderson/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden