Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

How to protect a mod_perl script

by avo (Pilgrim)
on May 25, 2006 at 08:31 UTC ( #551543=perlquestion: print w/replies, xml ) Need Help??
avo has asked for the wisdom of the Perl Monks concerning the following question:

Good day fellow monks, I've been working on a commercial mod_perl software, that is supposed to be installed on the client's Intranet (LAN) server under Windows XP. My problem is that I don't want to give them the source code / or if I do so, it must be scrambled or obfuscated properly so it is difficult for them to understand it. I went looking on the net for proper perl obfuscation software but I couldn't find any that works.

Then I decided to write myself a small filter that removes my source code perl comments "#" and then the new line \n from each line... which is good as a start. Then I noticed that some times I have the # used in places like normal messages, and in some regular expressions... and the code that I am talking about is quite large... to manualy remove the comments. So I have been thinking and thinking and decided to ask you guys what must I do to make the code sort of protected from people's eyes. I understand that I can not realy protect it from a person that knows Perl... what I mean is to make it less readable so there is no easy way for somebody to alter / study it.

I am using Filter::Decrypt for all other source code that is not mod_perl... but unfortunately mod_perl doesn't support source code filters or may be it does... through Apache ... which I couldn't find either.

Is there a good perl source code comments remover... or mod_perl source filter
or other way to keep my source protected (even through hiding the folder in Windows with third party software).

Please help me.

Replies are listed 'Best First'.
Re: How to protect a mod_perl script
by cog (Parson) on May 25, 2006 at 08:36 UTC
    avo, I will help you by explaining the following:

    it must be scrambled or obfuscated properly

    There is no such thing as "proper obfuscation". It's not irreversible (and, actually, it's easier than you might think) and it will only waste your time and bring you problems you weren't expecting.

    I went looking on the net for proper perl obfuscation software but I couldn't find any that works.

    Once again, that's because there is no such thing as "proper obfuscation".

    You have to realize that obfuscation is a nice way to waste^W invest your time, it's fun and educative, and a lot of other cool stuff, but it is NOT, I repeat, IS IS *NOT* code safety.


Re: How to protect a mod_perl script
by davorg (Chancellor) on May 25, 2006 at 08:47 UTC
Re: How to protect a mod_perl script
by Herkum (Parson) on May 25, 2006 at 12:41 UTC

    If you want simple, you can always use Acme::Clean or if you have a sense of humor you can use Acme::Buffy.

    I am working on my own commercial program written in perl and I was intending to modify Acme::Clean so that it displayed no code, just the license which the code is released under. While it does not keep someone from reversing what I had done, they cannot say, "I did not know that I was not supposed to do it".

      That's hilarious! My daughter is a big buffy fan(atic).
      There is no such thing on CPAN. Where can I get it ?
Re: How to protect a mod_perl script
by dsheroh (Prior) on May 25, 2006 at 15:04 UTC
    If you're concerned about them modifying or redistributing the code without your permission (I assume that's why you want to retain/obfuscate the source), then the most effective way to achieve that is also fairly simple: Hire a lawyer to write a license which specifies your desired restrictions.

    Any obfuscation you may do to the source can be undone, usually fairly easily. If you can compile it to native code, that would raise the bar by requiring disassembly, but that's still doable - and, if you don't have that license in place, they're probably within their legal rights to do it. (Or maybe not... I'm not entirely sure how DMCA would affect the situation in the absence of a license agreement. But, then, why take that chance if it's a concern?)

    They need to be able to access the code, in some form, to be able to run it and if they have access, they have access. The only way around that is to run it on your own server (possibly located at their site, so it can be part of their intranet) which they can only access via your code's web interface.

Re: How to protect a mod_perl script
by tcf03 (Deacon) on May 25, 2006 at 10:12 UTC
    you could use active states Perl dev kit.

    "That which we persist in doing becomes easier, not that the task itself has become easier, but that our ability to perform it has improved."
      --Ralph Waldo Emerson
Re: How to protect a mod_perl script
by ioannis (Monsignor) on May 25, 2006 at 14:43 UTC
    You can also use Damian's Acme::Bleach -- he says it cleans really good.

    Then you asked how to load it with mod_perl and Apache. Instead of a dirname, push an object into @INC that implements the INC method and returns a filehandle to the unbleached code.

Re: How to protect a mod_perl script
by leocharre (Priest) on May 25, 2006 at 16:27 UTC
    What you need to do is one of a few things.. Look into the various forms of licensing, What kind of app is this? Could you, would you want to, devote an entire computer to it- Could you have a unix box to serve the running software to the LAN? We do something like this also. Make software for offices. I am not worried at all about protecting the code. I want people to use it, steal it. The more free I am with it, the more chances that:
    • others will keep my name, company references, in the code- Since they don't have to do anything secretive about using it.
    • More people will use the code, which spreads the word.

    Think of something like apache. Or It is widely used, free- Think of Linus Torvalds, Linux is free- and I don't think Torvalds is going hungry. Linux is widely used, and it has dude's name on it. If you need help with linux, if you could choose, you might choose Torvalds to help you out. So.. There is much more power in letting people have it, and use you as a reference.

    You mentioned this is for a client. I imagine what you are doing for them, could be done for other clients, right? Well.. How many clients can you possibly get with some obscure software only crazy computer geeks understand, and only you really know of? If your software was freely available, I may use it for one of *my* clients. And guess what.. If I run into any problems, I could probably ask you for help. If I really really needed some help, I might even hire your company to do it for/with me. .. None of this will happen with your hidden proprietary code.

    I suggest it's just not bad,.. but.. sketchy- karma. Since p3R1 is.. sort of.. inherently open source.. right? The whole thing got so good out of being vulnerable. Think.. think love. Love is open source. Unless you let it be seen by your partner.. it won't fly. So.. Don't be scared.. show your love.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://551543]
Approved by GrandFather
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2018-02-20 02:47 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (267 votes). Check out past polls.