Re: Security With Show Package Contents?
Re: Security With Show Package Contents?
- Subject: Re: Security With Show Package Contents?
- From: "Michael Ash" <email@hidden>
- Date: Mon, 12 Jan 2009 12:10:08 -0500
On Mon, Jan 12, 2009 at 11:56 AM, I. Savant <email@hidden> wrote:
> On Mon, Jan 12, 2009 at 11:46 AM, Jean-Daniel Dupas
> <email@hidden> wrote:
>
>> The purpose of code sign is to prevent tempered code to be run inadvertently by an user, not to protect the binary itself.
>
> Agreed - see my retraction that immediately follows the message you
> responded to. I misunderstood what I read about the technology months
> ago and conceptual error when I read in more detail.
>
> I do admit wondering how OS X prevented merely swapping one
> signature for another, which is what prompted me to read the
> documentation in greater depth. :-)
And note that even when code signing *is* used as an anti-piracy
measure it doesn't really work. For evidence of this look at the
iPhone, whose ubiquitous code signing is used in a much more draconian
way on OS X, and is intended to prevent piracy. No shortage of cracked
apps there.
>> Note that there is a lots of app impossible to crack. We call them freeware
>> ;-)
>
> Ah, the old "software should be free" meme. Cute but unrealistic
> (and off-topic). Let's not get that religious debate going on
> cocoa-dev ...
I'm pretty sure that's not "software should be free", but rather
pointing out the simple fact that the only uncrackable software is
software which doesn't have any protections in the first place. It's
not a commentary on what you *should* do, only that if you're going to
put protections into your app, you need to be realistic about the
ability of others to remove them.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden