• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Application Security...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Application Security...

  • Subject: Re: Application Security...
  • From: David Remahl <email@hidden>
  • Date: Thu, 20 Feb 2003 11:59:18 +0100
Adam,

I guess it is a similar situation to Web design where all the HTML/JS code
is downloaded a visible to the client...

The same is true for every open source application out there. And you don't hear people calling Apache less secure than IIS, do you? The point people are trying to get across is that security through obscurity isn't a substitute for real security.

If the problem is protecting the code from scrutiny by normal users on the machine (non-admins), then I guess running the vital portions of the algorithm as separate setuid tools. The operating system will then disallow the current user from attaching to the process in question because of normal user access restrictions. Please correct me if I'm wrong.

Thanks all,
Adam
Ps The other problem is IP, if people can see inside your app then they can
reverse engineer a similar solution - again something I have to get used
to...

All processes can be reverse engineered, and sure it may be a bit easier with Cocoa code. There are ways to make it more difficult, as discussed in a few lengthy threads about serial number protection. One bullet-proof solution is to run the algorithms that you want to protect on a machine controlled by you - and only you - and pass the data across a network. That's real security (but you should be aware of security problems associated to passing the data over the network, as well, and exercise proper caution (encryption etc)).

Most companies protect their intellectual property (however ethically objectionable) by license agreements where the user agrees not to reverse engineer the product. Others protect it by patenting (also ethically objectionable).

/ Rgds David
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Application Security...
      • From: Shawn Erickson <email@hidden>
References: 
 >RE: Application Security... (From: "Salter, Adam Q" <email@hidden>)

  • Prev by Date: Re: NSTextView and Line Numbering
  • Next by Date: Re: nsformatters and focus
  • Previous by thread: RE: Application Security...
  • Next by thread: Re: Application Security...
  • Index(es):
    • Date
    • Thread