Prevent Modification of Script?

Thomas Bellman bellman at lysator.liu.se
Thu Apr 5 11:45:41 CEST 2007


"ts-dev" <time.swift at gmail.com> wrote:

> Please correct any wrong assumptions that I might be making..

> In a compiled application its not impossible to by pass the code.. but
> its not so easy.

The huge amount of existing viruses targeting binaries seems to
indicate that binary-only distribution does not deter attackers
very well.  Your assumption that the availability of source code
makes your program a more vulnerable is likely wrong.

> The script could easily be
> modified to by-pass authentication and encryption could be disabled.

Relying on authentication done at the client end is doomed to
fail.  Doing so is similar to asking people to put the lock in
the door before opening it.  It doesn't matter how good a lock
is or how obscure the inside of the lock is if the lock isn't
an integral part of the door; a burglar will simply bring his
own lock, to which he of course has the key, and use that.

> Perhaps this is just a side-effect of being a
> scripted language - not a flaw, just me trying to use it for something 
> its not well suited for.

No.  To be blunt, it is an effect of you not knowing enough about
security.  (Don't feel too bad about it.  I have made similar
mistakes myself, but after many years working with computer
security I have managed to learn not to do *that* particular
error again; I hope...)


-- 
Thomas Bellman,   Lysator Computer Club,   Linköping University,  Sweden
"Life IS pain, highness.  Anyone who tells   !  bellman @ lysator.liu.se
 differently is selling something."          !  Make Love -- Nicht Wahr!



More information about the Python-list mailing list