[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Byte Code and Backwards Compatibility (was Re: Explicitlytriggering the Garbage Collector)
- From: Philippe Lhoste <PhiLho@...>
- Date: Mon, 08 Aug 2005 11:37:52 +0200
Uli Kusterer wrote:
If you want to obscure the source code more than that, gzip it
before inserting it into the C source, and use zlib to decompress
it before calling luaL_loadbuffer, or write a little decompressing
string loader and use lua_load. (I don't think this is a very good
way of hiding your code; it is only effective against stupid people
without smart friends :) But it does reduce executable size if the
scripts are large.)
Yeah, just making them ZIP files wouldn't be very safe. I won't
even try to deter anyone hell-bent on getting the data out of the
file, but it's not really very desirable to make it as easy as just
changing the suffix to .gz and suddenly the files unpack before your
eyes...
As you said, there is no such thing as an inviolable security, but if
you want to make things harder and discourage wannabe crackers using
only simple recipes, you can use a number of simple encryption schemes,
allowing easy and fast decryption by the runtime engine.
For example, you take an encryption string, and apply it to byte code,
then decode it in memory before running it.
I am not an encryption expert by any mean, so the simplest scheme I
would apply would be to XOR the string against bytecode, so you just
have to XOR it again to decode it...
Of course, that doesn't solve backward compatibility, I guess you have
to ship recompiled code with the new engine.
--
Philippe Lhoste
-- (near) Paris -- France
-- http://Phi.Lho.free.fr
-- -- -- -- -- -- -- -- -- -- -- -- -- --