tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark H. Wood" <mw...@IUPUI.Edu>
Subject Re: [OT] Re: Securing Tomcat Applications from Reverse Engineering
Date Fri, 22 Jan 2010 15:17:35 GMT
On Thu, Jan 21, 2010 at 03:02:41PM +0000, Peter Crowther wrote:
> 2010/1/21 Mark H. Wood <mwood@iupui.edu>
> 
> > Reverse engineering is not a technical problem; it is a legal
> > problem.  You need a lawyer, not a program.
> >
> > Mmm, yes and no.  Burglary is also a legal problem, but I have locks (on /
> around the things I want to keep, of a cost and quality appropriate to my
> expected loss) as well as being able to engage a lawyer if required.

The analogy is imprecise.  If you lease a house to someone, you have
no feasible technical means to control who enters your house -- the
lessee possesses a key and can let in anyone he pleases.  But you could
write a lease which constrains the set of people lessee is permitted
to allow in.  (Dunno why, but you could.)

The house would be useless to lessee without a key.  Similarly a
program, distributed to a user, would be useless unless an
intelligible version can be loaded or derived by the user's equipment.
But if the user's equipment can load or derive an intelligible version
of the program, the program can be reverse-engineered.  That's why
software licenses almost always contain specific language about
reverse engineering.

In both cases the owner has *necessarily* given up technical control
of the property, and can only exert control through legal means.  You
can't stop people abusing property that you hand over to them, but you
may be able to punish them if they do.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Friends don't let friends publish revisable-form documents.

Mime
View raw message