Securing a database

[kt83313 at gmail.com]

On Jan 23, 4:41 pm, Bryan Olson <fakeaddr... at nowhere.org> wrote:
> kt83... at gmail.com wrote:
> > Anyways, if we can make it real hard for them to analyze also, I think
> > we are in the good - esp since the clients are not extremely rich
> > enough to go for professional analyzers --
>
> Sounds like you have the "digital rights management" (DRM) problem. As
> Diez pointed out, there is no robust software solution. Nevertheless,
> many clever people have worked each side, so there's now something of a
> body of practice and experience.
>
> > What is the skype method? The code is not huge - less than 20K LOC so,
> > code encryption looks somewhat OK - would you be able to direct me to
> > any hints on this?
>
> I don't think Skype has much to offer here. They're not focused on
> selling DRM technology; they sell communication services. Third parties
> can write applications on top of those services, which can be protected
> by Skype's DRM. (If I'm wrong on that, someone please correct me.)
>
> Diez's noted Skype's use of a layered approach, but there's nothing
> special about the notion of layered code encryption in DRM software.
> It's been used multiple times, broken multiple times, and patented
> multiple times.
>
> > One another option that I was thinking was to automatically generate
> > the password for the database - re-encrypt every 1 hr - and store the
> > password inside the code itself. Is that possible in Python? i.e.
> > changing the code itself.
>
> Possible it is. Effective it is almost certainly not, at least not
> without a whopping bunch of other techniques going vastly beyond that
> description.
>
> Look up DRM technology companies, such as CloakWare, Macrovision, and
> Cryptography Research.
>
> If you have a modest number of customers, hardware solutions and/or
> strict contractual commitments might offer practical solutions.
>
> --
> --Bryan

Thank you very much Bryan.
It does look like this is out of my league.

KT
--