From users-return-207328-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org Fri Jan 22 15:18:07 2010 Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 34344 invoked from network); 22 Jan 2010 15:18:07 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 22 Jan 2010 15:18:07 -0000 Received: (qmail 43813 invoked by uid 500); 22 Jan 2010 15:18:03 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 43735 invoked by uid 500); 22 Jan 2010 15:18:03 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 43724 invoked by uid 99); 22 Jan 2010 15:18:03 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jan 2010 15:18:03 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [134.68.171.23] (HELO mhw.ulib.iupui.edu) (134.68.171.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jan 2010 15:17:56 +0000 Received: from mwood by mhw.ulib.iupui.edu with local (Exim 4.69) (envelope-from ) id 1NYLGR-0000MD-5o for users@tomcat.apache.org; Fri, 22 Jan 2010 10:17:35 -0500 Date: Fri, 22 Jan 2010 10:17:35 -0500 From: "Mark H. Wood" To: users@tomcat.apache.org Subject: Re: [OT] Re: Securing Tomcat Applications from Reverse Engineering Message-ID: <20100122151735.GA21578@IUPUI.Edu> References: <4478b4ac1001210304r7633bfe8t9fa4b9db6d0ee68b@mail.gmail.com> <1C6F1A87DD804C479CF4C0B0CAE88D54031031D1@be19.exg4.exghost.com> <4B585E5D.9020006@verizon.net> <20100121144916.GB578@IUPUI.Edu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="sm4nu43k4a2Rpi4c" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) --sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 21, 2010 at 03:02:41PM +0000, Peter Crowther wrote: > 2010/1/21 Mark H. Wood >=20 > > Reverse engineering is not a technical problem; it is a legal > > problem. You need a lawyer, not a program. > > > > Mmm, yes and no. Burglary is also a legal problem, but I have locks (o= n / > around the things I want to keep, of a cost and quality appropriate to my > expected loss) as well as being able to engage a lawyer if required. The analogy is imprecise. If you lease a house to someone, you have no feasible technical means to control who enters your house -- the lessee possesses a key and can let in anyone he pleases. But you could write a lease which constrains the set of people lessee is permitted to allow in. (Dunno why, but you could.) The house would be useless to lessee without a key. Similarly a program, distributed to a user, would be useless unless an intelligible version can be loaded or derived by the user's equipment. But if the user's equipment can load or derive an intelligible version of the program, the program can be reverse-engineered. That's why software licenses almost always contain specific language about reverse engineering. In both cases the owner has *necessarily* given up technical control of the property, and can only exert control through legal means. You can't stop people abusing property that you hand over to them, but you may be able to punish them if they do. --=20 Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu Friends don't let friends publish revisable-form documents. --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEAREDAAYFAktZwY8ACgkQs/NR4JuTKG+R3ACgq4hE7uXFKEnGtbpc+vCNzv6H FucAn2rHyiyHHKR9E48nnpJakiJpmq75 =X/ov -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c--