Cart
|
[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: XLS files scrambling
 And make sure that you support that parser on all platforms, make it popular, make binaries available from a high bandwidth server, and keep up to date with the state of the art parsers so that there is incentive to use your parser. -----Original Message----- From: Paul Tchistopolskii [mailto:paul@xxxxxxx] Sent: Friday, June 23, 2000 3:27 PM To: xsl-list@xxxxxxxxxxxxxxxx Subject: Re: XLS files scrambling Hi, George. Long time ago I was used to work for one paranoid, who was thinking that if he encrypt the source code of some perl scripts - he benefit on a long run. He got that scrambling in 2-3 days. I think that the pattern of scrambling XSL, perl or whatever other interpreter is common and straightforward: 1. Write propriatary 'crypt' utility ( use DES-based encryption, it is strong and there are open sources hanging around ). 2. crypt script.xsl > script.xsl The produced ( scrambled ) script.xsl will have a magic signature in the first few bytes, or e t.c. 3. Find the place in perl ( XSL, whatever ) code which is loading the stylesheet. If the stylesheet starts with magic signature - decrypt it first. In case of XSL re-capturing SAX Eception could work - I mean - "if it is not XML - it is encrypted" 4. To run hacked stylesheets - ship hacked interpreter. 5. There are some interesting twists here. For example, with perl if was not straightforward, because there was more than one place that has to be 'closed'. Hacked interpreter written in java could also be decompiled e t.c. e t.c. Pafranaoya has no limits Conclusion. If you want to hack XT, for example, to read encrypted stylesheets - just write your own ( decrypting ) SAXParser ( similar to UxSpecialParser ) and that's all you need. No code changes to XT. The same could be done for any other 'reasonable' XSLT Engine, which has no particular parser hardcoded, but allows usage of other SAXParsers. For detailes on UxSpecialParser - you can download Ux source code from http://www.pault.com/Ux Rgds.Paul. ----- Original Message ----- From: George Prezerakos > Cmon you guys, > > I don't mean to start a new thread here but... > > We gotta separate between personal and corporate views. Of course I like open source source projects and freeware distribution (and I have actually developed free or low-cost s/w a lot of times). > > However, when working for a company and writing software for the company's clients you might (just might) be asked to encrypt some stuff. I haven't come across this situation yet but I posted my original question just in case. > > Think about it before starting to flame me once more :) > > Regards, > > George Prezerakos > XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
