Hi All, I need to give my R code to my client to use. I would like to protect the logic/algorithms that have been coded in R. This means that I would not like anyone to be able to read the code. I am searching for ways to protect R code. I would like to create a .exe kind of file which could be executed without using R or requiring to install R. I would not like the R code to be loaded in R. This is so because, after R loads a function, if you type the function name on the command prompt, you can see the complete code. I would not like to give this type of access to the R code. I explored the option of creating .bat file (using command: R CMD BAT) and byte code (using command: compile). These are not useful since they open R, load these functions and then the R code is visible. Is there any other way to protect the R code which would help me package all my files/source files and give me an executable file which would be run without opening R? Another problem is that R is freely downloadable. Is it somehow possible to protect the code from being loaded in R and being seen. Thanks -- Vaishali =====-----=====-----====Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you [[alternative HTML version deleted]]
On 04.07.2011 09:47, Vaishali Sadaphal wrote:> Hi All, > > I need to give my R code to my client to use. I would like to protect the > logic/algorithms that have been coded in R. This means that I would not > like anyone to be able to read the code. > > I am searching for ways to protect R code. I would like to create a .exe > kind of file which could be executed without using R or requiring to > install R. I would not like the R code to be loaded in R. This is so > because, after R loads a function, if you type the function name on the > command prompt, you can see the complete code. I would not like to give > this type of access to the R code. > > I explored the option of creating .bat file (using command: R CMD BAT) and > byte code (using command: compile). These are not useful since they open > R, load these functions and then the R code is visible. > > Is there any other way to protect the R code which would help me package > all my files/source files and give me an executable file which would be > run without opening R? Another problem is that R is freely downloadable. > Is it somehow possible to protect the code from being loaded in R and > being seen.Hmmmm, R is open source software under the GPL (which is infective) and designed as such. Good luck it is almost impossible to hide the source code in R. And people who tried to generate C based binary packages found those can only be used under a small subset of platforms with few versions of R. Since R is distributed under the GPL: When you write code and make it available to others, you should be aware of this fact that you may have to distribute the sources under GPL as well - under some circumstances your lawyer can explain much better than I.> Thanks > -- > Vaishali > =====-----=====-----====> Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information.If it is "confidential or privileged information", you should not send it to a mailing list where the archives are published. Best, Uwe Ligges> If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > > [[alternative HTML version deleted]] > > ______________________________________________ > R-help at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code.
On Mon, Jul 4, 2011 at 8:47 AM, Vaishali Sadaphal <vaishali.sadaphal at tcs.com> wrote:> Hi All, > > I need to give my R code to my client to use. I would like to protect the > logic/algorithms that have been coded in R. This means that I would not > like anyone to be able to read the code.At some point the R code has to be run. Which means it has to be read by an interpreter that can handle R code. Which means, unless you rewrite the interpreter, the R code must exist as such. Even if you could compile R into C code into machine code and distribute a .exe file, its still possible in theory to reverse-engineer it and get something like the original back - the original logic if not the original names of the variables and functions. You could rewrite the interpreter to only run encrypted, signed code that requires a decryption key, but you still have to give the user the decryption key at some point in order to get the plaintext code. Again, its an obfuscation problem of hiding the key somewhere, and hence is going to fail. It all depends on how much expense you want to go to in order to make the expense of circumventing your solution more than its worth. Tell me how much that is, and I will tell you the solution. For total security[1], you need to run the code on servers YOU control, and only give access via a network API. You can do this with RServe or any of the HTTP-based systems like Rapache. Barry [1] Except of course servers can be hacked or socially-engineered into. For total security, disconnect your machine from the network and from any power supply.
Put it on rapache or otherwise server but this seems like a waste depending on what you are doing Server side is only good way but making c++ may be interesting test Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Vaishali Sadaphal <vaishali.sadaphal at tcs.com> Date: Mon, 4 Jul 2011 16:48:13 To: <spencer.graves at prodsyse.com> Cc: <r-help at r-project.org>; <b.rowlingson at lancaster.ac.uk> Subject: Re: [R] Protecting R code Hey All, Thank you so much for quick replies. Looks like translation to C/C++ is the only robust option. Do you think there exists any ready-made R to C translator? Thanks -- Vaishali Vaishali Paithankar Sadaphal Tata Consultancy Services Mailto: vaishali.sadaphal at tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty.?? IT Services ??????????????????????? Business Solutions ??????????????????????? Outsourcing ____________________________________________ From: Spencer Graves <spencer.graves at prodsyse.com> To: Barry Rowlingson <b.rowlingson at lancaster.ac.uk> Cc: Vaishali Sadaphal <vaishali.sadaphal at tcs.com>, r-help at r-project.org Date: 07/04/2011 08:42 PM Subject: Re: [R] Protecting R code Hello: On 7/4/2011 7:41 AM, Barry Rowlingson wrote:> On Mon, Jul 4, 2011 at 8:47 AM, Vaishali Sadaphal > <vaishali.sadaphal at tcs.com>? wrote: >> Hi All, >> >> I need to give my R code to my client to use. I would like to protectthe>> logic/algorithms that have been coded in R. This means that I would not >> like anyone to be able to read the code. >??? At some point the R code has to be run. Which means it has to be > read by an interpreter that can handle R code. Which means, unless you > rewrite the interpreter, the R code must exist as such. > >?? Even if you could compile R into C code into machine code and > distribute a .exe file, its still possible in theory to > reverse-engineer it and get something like the original back - the > original logic if not the original names of the variables and > functions. > >?? You could rewrite the interpreter to only run encrypted, signed code > that requires a decryption key, but you still have to give the user > the decryption key at some point in order to get the plaintext code. > Again, its an obfuscation problem of hiding the key somewhere, and > hence is going to fail. > >?? It all depends on how much expense you want to go to in order to make > the expense of circumventing your solution more than its worth. Tell > me how much that is, and I will tell you the solution. > >?? For total security[1], you need to run the code on servers YOU > control, and only give access via a network API. You can do this with > RServe or any of the HTTP-based systems like Rapache.?????? An organization I know that encrypted R code started with making it available only on their servers.? This was maybe four years ago.? I'm not sure what they do now, but I think they have since lost their major proponents of R internally and have probably translated all the code they wanted to sell into a compiled language in a way that didn't require R at all. ?????? Spencer> > Barry > > [1] Except of course servers can be hacked or socially-engineered > into. For total security, disconnect your machine from the network and > from any power supply. > > ______________________________________________ > R-help at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guidehttp://www.R-project.org/posting-guide.html> and provide commented, minimal, self-contained, reproducible code. >=====-----=====-----====Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you ??????? [[alternative HTML version deleted]] ______________________________________________ R-help at r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
On 11-07-04 3:47 AM, Vaishali Sadaphal wrote:> Hi All, > > I need to give my R code to my client to use. I would like to protect the > logic/algorithms that have been coded in R. This means that I would not > like anyone to be able to read the code.R is an open source project, so providing ways for you to do this is not one of our goals. If I were your client I would have asked for the source code for whatever you're doing; if your client isn't savvy enough to do that, you should provide it and explain why it is useful, and what your client is and isn't allowed to do with it. If you think your client will steal from you, then you should find another client. Duncan Murdoch> > I am searching for ways to protect R code. I would like to create a .exe > kind of file which could be executed without using R or requiring to > install R. I would not like the R code to be loaded in R. This is so > because, after R loads a function, if you type the function name on the > command prompt, you can see the complete code. I would not like to give > this type of access to the R code. > > I explored the option of creating .bat file (using command: R CMD BAT) and > byte code (using command: compile). These are not useful since they open > R, load these functions and then the R code is visible. > > Is there any other way to protect the R code which would help me package > all my files/source files and give me an executable file which would be > run without opening R? Another problem is that R is freely downloadable. > Is it somehow possible to protect the code from being loaded in R and > being seen. > > Thanks > -- > Vaishali > =====-----=====-----====> Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > > [[alternative HTML version deleted]] > > ______________________________________________ > R-help at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code.