Yes two things I am concerned with, I have also looked at Java and .NET 
and they also have the same problems.

> Hiding code is useless because if it can be executed
> by a computer it can be cracked by a person.

I would not say useless, if you offer open source then you are asking 
for trouble. If you take measures to obsfucate/encrypt the code the 
skill level to get/change it increases. There is no such thing as 
absolute security but...




Leslie Viljoen wrote:
> On 5/22/06, Kris Leech <krisleech / interkonect.com> wrote:
>> Its an application that deals with highly sensitive data, I dont want
>> insiders to be able to write a bit of ruby and dump the data to
>> file/screen...
> 
> You are talking about two different things: hiding code (algorithms)
> and hiding data. Hiding code is useless because if it can be executed
> by a computer it can be cracked by a person. The millions of patches
> on the Internet prove that even little known programs are cracked as 
> soon
> as they appear. If your data is hidden by your code being hard to
> understand, it will be visible very soon - binaries or not.
> 
> You can hide data by encrypting it though, and then giving the key to
> only those who may see the data. Even so, the key can be found by
> fast computers but hopefully it is long enough that the search will
> take too long to be feasable. This means that all encrypted data
> has an expiry date, as faster computers come around.
> 
> So: must the sensitive data be given to only *some* of the insiders by 
> your
> program? Or must only *some* of the data be revealed to the insiders?
> If you are trying to give people encrypted data that is only readable
> by your program, I think that's a lost cause.
> 
> Les


-- 
Posted via http://www.ruby-forum.com/.