Source code
Terje Johan Abrahamsen
spoermeg at voldelig.com
Tue Sep 17 19:36:08 EDT 2002
"Paul Rubin" <phr-n2002b at NOSPAMnightsong.com> wrote in message
news:7xk7lml7px.fsf at ruckus.brouhaha.com...
> Alex Martelli <aleax at aleax.it> writes:
> > > You'll have to give your customers a sealed computer and no permission
> > > to install additional software, or communicate with the internet, if
> > > you want to reliably prevent them from analysing your program.
> >
> > Incidentally, the latter option can be feasible in certain situations:
some
> > key parts of your program's functionality might reside on a computer you
> > control, accessible to the rest of the application (installed more
> > traditionally on users-controlled computers) only as a black box via the
> > net. XML-RPC, SOAP, and other distributed-computing approaches
> > such as Corba, make implementing this particularly easy these days.
>
> It doesn't have to be via the net: you can literally deliver a sealed
> computer to the customer, with the sealing enforced by contracts and
> inspections (this is quite normal, e.g. some financial applications
> are delivered as a rack-mount box that you install in your machine
> room) or by tamper resistant hardware (for higher security
> applications). For VERY high security, of course you can't let
> hostile parties touch the hardware. Nonetheless, the pay TV industry
> deploys millions of sealed computers (smart cards) every year to
> customers, every single one of which is considered an attacker. While
> that industry had spectacular early security failures, these days it's
> a fairly solved problem and they limit losses to acceptable levels.
>
> It doesn't sound like the OP was asking for this type of solution though.
Nope.... Then I assume I had been able to pay for a security consultant to
do that part of the work. Not plundering to do it myself with variable
success...
More information about the Python-list
mailing list