Encrypt ROR code

Shuaib_Zahda · July 28, 2008, 3:33pm

Dear all

This is the scenario

I want to give my code to someone which he will then run it on his machine offline. But I do not want this guy to see the code. Is there anyway that I can encrypt the code and run it on his machine.

Regards

11175 · July 28, 2008, 4:22pm

Shuaib Zahda wrote:

I want to give my code to someone which he will then run it on his machine offline. But I do not want this guy to see the code. Is there anyway that I can encrypt the code and run it on his machine.

I don't know of any way to do this. I bet it would be much easier just to set up a server at your host and let him access it. Puts some simple password at the front if you need to. Then he can use it and never be able to look at the code.

Shuaib_Zahda · July 28, 2008, 4:35pm

Thanks for the suggestion

The problem is that my agent will need to go to areas that has no internet connection to make demos of the product. That's why I need him to run the app on his machine while he is offline. and I want to encrypt the source code

Srdjan_Pejic · July 28, 2008, 7:35pm

What are you trying to hide, exactly? Is this agent able to look at Rails code and immediately understand what's going on? If you don't trust him with the source code, how can you trust him to sell the product? There's a bigger issue at play here.

Jason_Roelofs · July 28, 2008, 7:59pm

There's a fundamental flaw in "encrypting" source code. To decrypt it and run it, you need the key. If he needs to run the code without internet access, then *he* needs the key.

You could use JRuby, and generate class files, but those are easily decompilable.

In short, no, it's not possible to encrypt / protect / etc that makes the code completely protected. If anything, the code must be un-whatevered into it's normal text form when run, so if it's in the computer's memory, it can be gotten access to.

Jason

Robert_Walker · July 28, 2008, 8:14pm

Ruby is an interpreted language, therefore the source code must be in the clear to be executed by the interpreter.

The only way I can think of to run encrypted Ruby code would be to write your own Ruby interpreter that first decrypts the code before execution. I'm guessing an interpreter capable of do that would be really slow. Plus that interpreter would also have to have all knowledge of how to decrypt the code, including the decryption keys so it would be trivial for anyone with basic knowledge of encryption to be able to decrypt the content anyway.

Your best bet would be to obfuscate the code, which is what some people do with JavaScript. That does not mean that the code cannot be read though, the interpreter still must be able to execute the obfuscated code. Obfuscated code, but still be legal code syntactically.

When it comes down to it, even compiled code can be reversed into source. Java, for example, requires only a simple decompiler and you get back some amazingly human readable source code.

Shuaib_Zahda · July 30, 2008, 3:59am

so I can conclude that there is no way to have ROR code compiled or encrypted in a straight forward way like using a plugin or a gem

thanks

votcka · July 30, 2008, 4:14am

so I can conclude that there is no way to have ROR code compiled or

encrypted in a straight forward way like using a plugin or a gem

thanks

Ruby is an interpreted language, therefore the source code must be in

the clear to be executed by the interpreter.

The only way I can think of to run encrypted Ruby code would be to write your own Ruby interpreter that first decrypts the code before execution. I’m guessing an interpreter capable of do that would be

really slow. Plus that interpreter would also have to have all knowledge of how to decrypt the code, including the decryption keys so it would be trivial for anyone with basic knowledge of encryption to

be able to decrypt the content anyway.

Your best bet would be to obfuscate the code, which is what some people do with JavaScript. That does not mean that the code cannot be read though, the interpreter still must be able to execute the

obfuscated code. Obfuscated code, but still be legal code syntactically.

When it comes down to it, even compiled code can be reversed into source. Java, for example, requires only a simple decompiler and you

get back some amazingly human readable source code.

What are you trying to hide, exactly? Is this agent able to look at

Rails code and immediately understand what’s going on? If you don’t trust him with the source code, how can you trust him to sell the product? There’s a bigger issue at play here.

Thanks for the suggestion

The problem is that my agent will need to go to areas that has no

internet connection to make demos of the product. That’s why I need him to run the app on his machine while he is offline. and I want to encrypt the source code

Shuaib Zahda wrote:

I want to give my code to someone which he will then run it on his machine offline. But I do not want this guy to see the code. Is there anyway that I can encrypt the code and run it on his machine.

I don’t know of any way to do this. I bet it would be much easier just to set up a server at your host and let him access it. Puts some simple password at the front if you need to. Then he can use it and never be

able to look at the code.

– Posted viahttp://www.ruby-forum.com/.

Bill_Walton · July 30, 2008, 2:28pm

Shuaib85 wrote:

so I can conclude that there is no way to have ROR code compiled or encrypted in a straight forward way like using a plugin or a gem

This topic has been discussed more than once here. The only 'solution' I remember ever coming up is the one at

Don't know if it'll do what you want, but you might want to take a look.

HTH, Bill

Peter_De_Berdt · July 30, 2008, 8:07pm

It doesn’t encrypt anything, just packages the app up in an exe. Currently there is no bytecode compiler for Ruby apps, but some are in the works.

RoR developers use other ways of distributing their apps (hosted subscription service, …). We personally believe a good contract with ur customers is far more effective than investing time into copy protecting and actually giving them the code (even of they don’t understand anything) is making them feel more secure about us (they still have the code if our company would for some reason stop existing).

Best regards

Peter De Berdt

Dejan_Dimic · July 30, 2008, 9:25pm

It seams like a fear that the sales person is not too trusty and that he / she could break the agreement once the code is in their possession. The second strange part, why try to sell a web application at places without the internet connection? Almost allover one can find the mobile network that has ability to connect to internet.

If you are not feel comfort to give the code then do not. There is other means of presentation like slide shows and presentation movies.