From owner-freebsd-questions Fri Sep 19 08:12:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA17544 for questions-outgoing; Fri, 19 Sep 1997 08:12:23 -0700 (PDT) Received: from relay.acadiau.ca (root@relay.acadiau.ca [131.162.2.90]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA17537 for ; Fri, 19 Sep 1997 08:12:20 -0700 (PDT) Received: from dragon.acadiau.ca (dragon [131.162.1.79]) by relay.acadiau.ca (8.8.5/8.8.5) with SMTP id MAA17564; Fri, 19 Sep 1997 12:11:33 -0300 (ADT) Received: by dragon.acadiau.ca id MAA11986; Fri, 19 Sep 1997 12:11:28 -0300 From: 026809r@dragon.acadiau.ca (Michael Richards) Message-Id: <199709191511.MAA11986@dragon.acadiau.ca> Subject: Re: Secure code.. To: steve@visint.co.uk (Stephen Roome) Date: Fri, 19 Sep 1997 12:11:25 -0300 (ADT) Cc: freebsd-questions@freebsd.org In-Reply-To: from "Stephen Roome" at Sep 19, 97 11:13:20 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > computer, so that is safe. Some of it is written in perl, so if they get > in then they can have that and any of the private information stored on Use the perl to c compiler and see if you can make that run. Then you don't need to store any perl code on the box. > private information. However if someone takes the hard disc out and > decides to try and read it what precautions can be taken to stop them > getting at the data. I think that compiling your stuff would be best. > - put "warranty void if removed" stickers on the back of the box. > - put the box together with the weird three headed screws. If I were trying to get the sources, some little stickers or funny screws would only delay me by a minute or two. > - store all the data in my own weird encrypted filesystem (yeah sure). > - store all the data cunningly in a second "swap" partition. I think if anyone wants the code that bad, they will get it regardless, as you will have to decrypt the program somewhere to run. If they remove the hdd, then they can break root or whatever is necessary to decrypt the perl before it is passed to the prel interpreter. > { this is terrible idea, but has been suggested.. } > - give up and sell and NT solution Gee, that's even worse. Assuming that you could get your perl to run on it, you'd probably need a box twice as powerful to do the same thing :) Also, if I wanted a file off the hdd, I would do the following: boot from a floppy to dos, use the ntfs reading drivers for dos to read whichever file I wanted. NT stands for Nice Try. -Mike