Yes two things I am concerned with, I have also looked at Java and .NET and they also have the same problems. > Hiding code is useless because if it can be executed > by a computer it can be cracked by a person. I would not say useless, if you offer open source then you are asking for trouble. If you take measures to obsfucate/encrypt the code the skill level to get/change it increases. There is no such thing as absolute security but... Leslie Viljoen wrote: > On 5/22/06, Kris Leech <krisleech / interkonect.com> wrote: >> Its an application that deals with highly sensitive data, I dont want >> insiders to be able to write a bit of ruby and dump the data to >> file/screen... > > You are talking about two different things: hiding code (algorithms) > and hiding data. Hiding code is useless because if it can be executed > by a computer it can be cracked by a person. The millions of patches > on the Internet prove that even little known programs are cracked as > soon > as they appear. If your data is hidden by your code being hard to > understand, it will be visible very soon - binaries or not. > > You can hide data by encrypting it though, and then giving the key to > only those who may see the data. Even so, the key can be found by > fast computers but hopefully it is long enough that the search will > take too long to be feasable. This means that all encrypted data > has an expiry date, as faster computers come around. > > So: must the sensitive data be given to only *some* of the insiders by > your > program? Or must only *some* of the data be revealed to the insiders? > If you are trying to give people encrypted data that is only readable > by your program, I think that's a lost cause. > > Les -- Posted via http://www.ruby-forum.com/.