• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: AppleScript feature request - encryption
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AppleScript feature request - encryption

  • Subject: Re: AppleScript feature request - encryption
  • From: has <email@hidden>
  • Date: Tue, 15 Mar 2005 15:08:03 +0000
Martin Orpen wrote:

I've been asked to create some scripts that I'd really like to keep very
*hush hush* from both the client and the end users.

AppleScript's "read only" protection was kind of OK up to and including OS
9, but with OS X you can retrieve all the AppleEvents, variables names and
shell commands with one very basic shell tool :-(

There's no difference between AppleScript bytecode on OS 9 and OS X. It's always been possible to extract string data from read-only scripts with very little effort; anyone could write a script to do this in about five minutes flat, OS X's bundled 'strings' tool merely saves five minutes.


Does anybody else feel that Apple should include some form of encryption so
that at least the AppleEvents in the read only scripts and applications are
a little harder to get at?

You mean like OS-enforced DRM? Hmmm, "Be careful what you wish for..." and all that.


Or maybe there's a workaround that I'm unaware of? 

Harsh fact of life: anything that can be compiled can be decompiled:

<http://en.wikipedia.org/wiki/Reverse_engineering>
<http://en.wikipedia.org/wiki/Software_cracking>
<http://en.wikipedia.org/wiki/Warez>

All you can really do is try to make cracking your scripts more effort than it's worth. For example, obfuscating important variable names and strings so they're less meaningful to anyone viewing the raw bytecode should at least deter casual snoopers.

OTOH, if your AppleScript code is particularly valuable, a reasonably determined cracker could reverse-engineer the AppleScript bytecode format and write a decompiler to convert your "read-only" compiled scripts back into source code. AppleScript, like other scripting languages, is designed for convenience, not for security.

If that's a possibility, you could try writing the key sections of code in something like C, as compiled machine code is harder to crack than interpreted bytecode. Maybe run it through a commercial C obfuscator too if you're really worried. Or perhaps go for a completely different approach, such as a client-server architecture where the main program resides on a well secured server, out of the reach of remote prying eyes, exposing only those services clients need direct access to. And so on.

HTH

has
--
http://freespace.virgin.net/hamish.sanderson/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: AppleScript feature request - encryption

      • From: Martin Orpen <email@hidden>
      • 



    

  • Prev by Date:
Re: AppleScript feature request - encryption

    • 

  • Next by Date:
Re: Scripting Energy Saver to Sleep Display Now?

    • 

  • Previous by thread:
Re: AppleScript feature request - encryption

    • 

  • Next by thread:
Re: AppleScript feature request - encryption

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •