Re: Security With Show Package Contents?
Re: Security With Show Package Contents?
- Subject: Re: Security With Show Package Contents?
- From: Jean-Daniel Dupas <email@hidden>
- Date: Mon, 12 Jan 2009 17:46:01 +0100
Le 12 janv. 09 à 17:00, I. Savant a écrit :
On Mon, Jan 12, 2009 at 10:49 AM, I. Savant
<email@hidden> wrote:
The fact is, Apple ALREADY put a highly-effective* system into
place: Code signing.
A retraction: From the documentation (quoted below), the user can
apparently run modified code anyway ...
"It is not a digital rights management (DRM) or copy protection
technology. Although the system could determine that a copy of your
program had not been properly signed by you, or that its copy
protection had been hacked, thus making the signature invalid, there
is nothing to prevent the user from running the program anyway."
I have nothing that needs any real copy protection, so I have not
used this technology. This is one aspect of it that I had not
realized. :-( My apologies for the noise.
My earlier statement about "impossible to crack" is 100% accurate,
however. :-)
The purpose of code sign is to prevent tempered code to be run
inadvertently by an user, not to protect the binary itself.
An hacker can resign the modified app with its own certificate, so the
modified app will be consider valid by the OS.
How, but you can embed your certificate into your app, and check if an
hacker changed the signature.
Yes but the hacker will be able to replace your certificate with its
own, or it can also modify the binary to skip the check.
An eternal "mouse / cat" game that's not worth the price.
Note that there is a lots of app impossible to crack. We call them
freeware ;-)
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden