John Wells said:
>
> Could one not modify the source of the Ruby interpreter to load a public
> key and then only accept code encrypted with the equivalent private
> version?  Would this provide adequate protection, or does it only mean
> that the  hacker would have to download the interpreter and make the same
> modifications, loading my public key into it, and programmatically to spit
> out the unencrypted code after it has passed through decryption?  Is there
> any way to make this sufficiently hard to do so to the point where any
> reasonably complex application is protected?  Similar to byte code
> obfuscation?

Things like this have been suggested before, but the basic problem is that
if the interpreter is dealing with plain text at some point to interpret
it, someone will be able to get to it if they really want. They could
either modify the interpreter to dump it as you say or even just dump
memory.

You would have to analyze how savvy your users are, and just how much they
would want the source code. If they are happy with how it works and don't
have intentions of replacing your product with something of their own, I'd
doubt they'd bother to try and figure out how to get readable source code.

I'm of the belief that any form of security can be broken by someone
determined enough (in both the real and digital world), so in my eyes it
is usually a matter of making things more difficult for normal people.

Another issue in regards to Ruby is that I believe the license makes it
difficult to make changes like this without having to release the source,
which of course makes it much easier to circumvent any encryption changes.
I recall reading Lothar Scholz talking about this before...care to chime
in Lothar?

Ryan