Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 373
  • Last Modified:

How can i crypt a hole perl/cgi script?

How can i crypt a hole perl/cgi script?
0
keepwalking
Asked:
keepwalking
  • 4
  • 3
  • 3
  • +2
4 Solutions
 
kanduraCommented:
How would your web server be able to execute it once it's encrypted?
And if you say: "it decrypts it on the fly", then consider that anyone else can decrypt it too, so it's useless.
0
 
keepwalkingAuthor Commented:
I mean something like Zend for php
0
 
ahoffmannCommented:
crypt your-script
gpg -e your-script
cat your-script |openssl ....

anything else see kandura's comment
0
Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

 
keepwalkingAuthor Commented:
what ?
0
 
ahoffmannCommented:
could you please be a bit more specific about what you want to achieve
0
 
keepwalkingAuthor Commented:
I don`t want somebody to see my code.
0
 
ahoffmannCommented:
if you don't want that your code can be inspected don't deliver ist
or use a language which needs to be compiled to a binary (makes decompilation harder)
If you deliver script to be executed, anyone with proper permissions on the machine where it executes can see the code. There is no other way. Dot. You just can use some obfuscation to make things harede, but you cannot restrict reding it.
0
 
TintinCommented:
If your webserver is configured correctly, the only people that will be able to view your Perl/CGI scripts are local users (possibly).

What people are you trying to hide your code from?
0
 
TintinCommented:
BTW, I'd you could always use Acme::Bleach to get a shining, clean script  ;-)

http://search.cpan.org/~dconway/Acme-Bleach-1.12/lib/Acme/Bleach.pm
0
 
TintinCommented:
I was looking at Zend Encoder (which I assume is the Zend product you were referring to).

http://www.zend.com/store/products/zend-encoder.php

A similar (but not the same) approach is to compile your Perl script to a binary.

Some choices are:

1.  PAR - http://par.perl.org
2.  perl2exe - http://www.indigostar.com/perl2exe.htm
0
 
ozoCommented:
Found in perlfaq3.pod
       How can I hide the source for my Perl program?

               Delete it. :-) Seriously, there are a number of (mostly unsat-
               isfactory) solutions with varying levels of ``security''.

               First of all, however, you can't take away read permission,
               because the source code has to be readable in order to be com-
               piled and interpreted.  (That doesn't mean that a CGI script's
               source is readable by people on the web, though--only by people
               with access to the filesystem.)  So you have to leave the per-
               missions at the socially friendly 0755 level.

               Some people regard this as a security problem.  If your program
               does insecure things and relies on people not knowing how to
               exploit those insecurities, it is not secure.  It is often pos-
               sible for someone to determine the insecure things and exploit
               them without viewing the source.  Security through obscurity,
               the name for hiding your bugs instead of fixing them, is little
               security indeed.

               You can try using encryption via source filters (Starting from
               Perl 5.8 the Filter::Simple and Filter::Util::Call modules are
               included in the standard distribution), but any decent program-
               mer will be able to decrypt it.  You can try using the byte
               code compiler and interpreter described below, but the curious
               might still be able to de-compile it.  You can try using the
               native-code compiler described below, but crackers might be
               able to disassemble it.  These pose varying degrees of diffi-
               culty to people wanting to get at your code, but none can
               definitively conceal it (true of every language, not just
               Perl).

               If you're concerned about people profiting from your code, then
               the bottom line is that nothing but a restrictive license will
               give you legal security.  License your software and pepper it
               with threatening statements like ``This is unpublished propri-
               etary software of XYZ Corp.  Your access to it does not give
               you permission to use it blah blah blah.''  We are not lawyers,
               of course, so you should see a lawyer if you want to be sure
               your license's wording will stand up in court.
0
 
ahoffmannCommented:
hmm, 2 more suggestions for a split: http:#13792134 and http:#13802041
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now