Hi, I would like to secure my Rails app source code because we have a complex application and we install it on our customer sites. It is in our company''s best interest to keep the source code secure since we have invested a great amount of time and research in developing the logic/algorithm behind the application. We evaluated several options (like Rubyscript2exe, etc) and came to a conclusion that we should enrypt the Rails application source code and which can be decrypted on the fly to serve application. This will not allow anyone to look at the code even if the application is running or if someone get hold of a copy of our source code. I looked around but couldn''t find anything that can do something like this, ie encryption and decryption of source code something what ZendGuard does for PHP. I would appreciate if you have any suggestions or ideas on this. Thanks in advance. www.sphred.com http://nasir.wordpress.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 04 Dec 2007, at 13:17, nas wrote:> I would like to secure my Rails app source code because we have a > complex application and we install it on our customer sites. > > It is in our company''s best interest to keep the source code secure > since we have invested a great amount of time and research in > developing the logic/algorithm behind the application. > > We evaluated several options (like Rubyscript2exe, etc) and came to a > conclusion that we should enrypt the Rails application source code and > which can be decrypted on the fly to serve application. This will not > allow anyone to look at the code even if the application is running or > if someone get hold of a copy of our source code. > > I looked around but couldn''t find anything that can do something like > this, ie encryption and decryption of source code something what > ZendGuard does for PHP. > > I would appreciate if you have any suggestions or ideas on this.Good luck waiting for a bytecompiler for ruby, might take a long while though. A good contract or a preconfigured and inaccessible servers are your best option. Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Dec 4, 2007 6:17 AM, nas <nasir35-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote:> I looked around but couldn''t find anything that can do something like > this, ie encryption and decryption of source code something what > ZendGuard does for PHP.First, it''s not encryption. It''s byte-code compilation (much like what you get when using a caching mechanism such as APC). Second, it can be reversed very easily: http://www.qinvent.com/cyrj/dezender/index-en.php Looks like this one app supports reversing all current PHP "protection" rackets.> I would appreciate if you have any suggestions or ideas on this.If you want 100% secure code.. put the code on your server, then unplug the server from the wall. -- Greg Donald http://destiney.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Dec 4, 4:17 am, nas <nasi...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote:> Hi, > > I would like to secure my Rails app source code because we have a > complex application and we install it on our customer sites. > > It is in our company''s best interest to keep the source code secure > since we have invested a great amount of time and research in > developing the logic/algorithm behind the application. > > We evaluated several options (like Rubyscript2exe, etc) and came to a > conclusion that we should enrypt the Rails application source code and > which can be decrypted on the fly to serve application. This will not > allow anyone to look at the code even if the application is running or > if someone get hold of a copy of our source code. > > I looked around but couldn''t find anything that can do something like > this, ie encryption and decryption of source code something what > ZendGuard does for PHP. > > I would appreciate if you have any suggestions or ideas on this. > > Thanks in advance. > > www.sphred.comhttp://nasir.wordpress.comyou can look at zenobfuscate . You can also read the dozens of threads people have discussed this exact issue in. also, how mingle does it: http://kiyo.wordpress.com/2007/08/21/mingle-on-jruby-how-its-deployed/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks for the reply Peter. We thought about the contract and inaccessible servers but unfortunately that is not a viable solution for us. Regards Nasir On Dec 4, 6:26 pm, Peter De Berdt <peter.de.be...-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org> wrote:> On 04 Dec 2007, at 13:17, nas wrote: > > > > > I would like to secure my Rails app source code because we have a > > complex application and we install it on our customer sites. > > > It is in our company''s best interest to keep the source code secure > > since we have invested a great amount of time and research in > > developing the logic/algorithm behind the application. > > > We evaluated several options (like Rubyscript2exe, etc) and came to a > > conclusion that we should enrypt the Rails application source code and > > which can be decrypted on the fly to serve application. This will not > > allow anyone to look at the code even if the application is running or > > if someone get hold of a copy of our source code. > > > I looked around but couldn''t find anything that can do something like > > this, ie encryption and decryption of source code something what > > ZendGuard does for PHP. > > > I would appreciate if you have any suggestions or ideas on this. > > Good luck waiting for a bytecompiler for ruby, might take a long > while though. A good contract or a preconfigured and inaccessible > servers are your best option. > > Best regards > > Peter De Berdt--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks for correcting me Greg about byte-code compilation. I will put forward a very simple analogy here for your second point. We all know that anyone can break into our house but we still lock it before leaving our doorstep. Infact some of us take more than one measure to make sure that the stuff in our house is secure and also to feel secure. So I imagine that my company''s first step to do something like above is not that bad a choice. However, I never mentioned 100% secure code but I guess that was a great suggestion. I am sure you must have tried that in the past, did that work? ;o) I think we all would like to know how did you get that working ;o) Anyway thanks for replying. Regards Nasir On Dec 4, 10:46 pm, "Greg Donald" <gdon...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Dec 4, 2007 6:17 AM, nas <nasi...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote: > > > I looked around but couldn''t find anything that can do something like > > this, ie encryption and decryption of source code something what > > ZendGuard does for PHP. > > First, it''s not encryption. It''s byte-code compilation (much like > what you get when using a caching mechanism such as APC). > > Second, it can be reversed very easily: > > http://www.qinvent.com/cyrj/dezender/index-en.php > > Looks like this one app supports reversing all current PHP "protection" rackets. > > > I would appreciate if you have any suggestions or ideas on this. > > If you want 100% secure code.. put the code on your server, then > unplug the server from the wall. > > -- > Greg Donaldhttp://destiney.com/--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks for the link gene. I will look at zenobfuscate and the mingle link. Regards Nasir On Dec 5, 4:42 am, gene tani <gene.t...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Dec 4, 4:17 am, nas <nasi...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote: > > > > > Hi, > > > I would like to secure my Rails app source code because we have a > > complex application and we install it on our customer sites. > > > It is in our company''s best interest to keep the source code secure > > since we have invested a great amount of time and research in > > developing the logic/algorithm behind the application. > > > We evaluated several options (like Rubyscript2exe, etc) and came to a > > conclusion that we should enrypt the Rails application source code and > > which can be decrypted on the fly to serve application. This will not > > allow anyone to look at the code even if the application is running or > > if someone get hold of a copy of our source code. > > > I looked around but couldn''t find anything that can do something like > > this, ie encryption and decryption of source code something what > > ZendGuard does for PHP. > > > I would appreciate if you have any suggestions or ideas on this. > > > Thanks in advance. > > >www.sphred.comhttp://nasir.wordpress.com > > you can look at zenobfuscate . You can also read the dozens of threads > people have discussed this exact issue in. > > also, how mingle does it: > > http://kiyo.wordpress.com/2007/08/21/mingle-on-jruby-how-its-deployed/--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---