Re: [CAD_CAM_EDM_DRO] Languages
Posted by
Bryan-TheBS-Smith
on 2001-08-20 12:38:30 UTC
Larry Edington wrote:
functions. It is the only way to be sure. OpenSSL is not licensed GPL
either, but BSD-like, so you can link against it freely (i.e. usable
with commercial software). And by simply linking against it, you are
not violating any US export laws either.
Of course that means users must download and install OpenSSL on Windows
platforms. But that is only required when they try to unlock those
functions with their registration key.
And you don't have to use OpenSSL, there are a _lot_ of other programs
out there. I just mention OpenSSL because it is OSS and has a crapload
of ciphers/options to choose from.
But even if I wrote commercial software, I believe the great majority of
people (at least in the US) are principled (and even the "piracy crying
wolf" SBA has the statistics to back me up). Maybe my view of the world
is skewed by me being a Libertarian. And even if they are not, there
are always lawyers to take care of them.
security," er, NO, have to disagree there.
-- TheBS
--
Bryan "TheBS" Smith mailto:b.j.smith@... chat:thebs413
Engineer AbsoluteValue Systems, Inc. http://www.linux-wlan.org
President SmithConcepts, Inc. http://www.SmithConcepts.com
> However, there is a SERIOUS problem with Delphi and C++ BuilderThat's why you should link against a crypto library and crypt those
> everyone needs to be aware of. While it is a true compiler where
> Visual Basic is not a true compiler, Delphi / C++ Builder leaves
> a LOT of tokens in the executable that can easily be used by a
> hacker to understand the internals of your program.
> So let's say you wrote a program that you wanted to release as
> shareware that had a password or serial number function to unlock
> it to the full version. It is EXTREMELY easy to open your executable,
> find all of the proceedures, drop directly into the Assembly code
> for that password function and hack it.
functions. It is the only way to be sure. OpenSSL is not licensed GPL
either, but BSD-like, so you can link against it freely (i.e. usable
with commercial software). And by simply linking against it, you are
not violating any US export laws either.
Of course that means users must download and install OpenSSL on Windows
platforms. But that is only required when they try to unlock those
functions with their registration key.
And you don't have to use OpenSSL, there are a _lot_ of other programs
out there. I just mention OpenSSL because it is OSS and has a crapload
of ciphers/options to choose from.
> This fatal limitation is the reason I caution anyone developingOf course much of the software I write is OSS (open source software).
> commercial programs to NOT use one of these compilers to develop
> it. Unless you don't mind having your pants down in public.
But even if I wrote commercial software, I believe the great majority of
people (at least in the US) are principled (and even the "piracy crying
wolf" SBA has the statistics to back me up). Maybe my view of the world
is skewed by me being a Libertarian. And even if they are not, there
are always lawyers to take care of them.
> If you have any secrets in your design, they won't be secretsI don't know about you, but I don't see an "army of hackers"
> anymore. If you insist on using one of these compilers, at
> least name your functions ( procedures in Pascal lingo )
> with some totally unrelated name to keep the hackers confused.
> Don't call check_password, call setup_variables or some otherOr just crypt the freak'er with a nice two-key system.
> unrelated name and don't do your verification check in that
> code! Do the verification check in some other unrelated
> function.
> To further investigate this on your own. Search the net forNever used it.
> a program called Dede.
> My advise for a commercial release is to bite the bullet andIf you mean "security through obscurity," yes. If you mean "real
> use MS VC++. I don't like it but it's more secure than the
> competition.
security," er, NO, have to disagree there.
> I just wish Microsoft would build the ease of use intoAnd then you should be using a real crypto solution.
> VC++ that Delphi has. All this isn't an issue for most
> hobbiest programmers. It is a serious issue for programmers
> that make money from their work.
-- TheBS
--
Bryan "TheBS" Smith mailto:b.j.smith@... chat:thebs413
Engineer AbsoluteValue Systems, Inc. http://www.linux-wlan.org
President SmithConcepts, Inc. http://www.SmithConcepts.com
Discussion Thread
Carol & Jerry Jankura
2001-08-20 09:03:51 UTC
Languages
Bryan-TheBS-Smith
2001-08-20 09:32:04 UTC
Re: [CAD_CAM_EDM_DRO] Languages
Larry Edington
2001-08-20 11:40:18 UTC
Re: [CAD_CAM_EDM_DRO] Languages
Bryan-TheBS-Smith
2001-08-20 12:38:30 UTC
Re: [CAD_CAM_EDM_DRO] Languages
Larry Edington
2001-08-20 13:15:12 UTC
Re: [CAD_CAM_EDM_DRO] Languages
Bryan-TheBS-Smith
2001-08-20 13:30:49 UTC
Re: [CAD_CAM_EDM_DRO] Languages
Kevin P. Martin
2001-08-20 13:38:39 UTC
RE: [CAD_CAM_EDM_DRO] Languages and reverse-engineerability
Tim
2001-08-20 13:43:59 UTC
RE: [CAD_CAM_EDM_DRO] Languages
Bryan-TheBS-Smith
2001-08-20 13:54:32 UTC
Re: [CAD_CAM_EDM_DRO] Languages