2

I am creating a package and I would like it to be secure, i.e. it loads and runs using Needs but the code stays secret. So I set up the protection using:

SetAttributes[MyFunction,{Protected,ReadProtected,Locked}]

and the whole package is encoded using the Encode command so it is not human readable.

On first sight this approach works. However, I noticed almost all System` commands are not Locked so they can be unprotected and removed. This applies to SetAttributes as well.

Basically, Remove@Unprotect@SetAttributes and then loading my package can reveal full code since SetAttributes fails as it is not defined.

Is there a workaround this to make my code secure from system commands tampering?

Schepy
  • 21
  • 3
  • Possible duplicate: https://mathematica.stackexchange.com/q/1571 Do try the DumpSave solution, keeping in mind that it can only save definitions (i.e. it can't save code that will do stuff upon loading the package). – Szabolcs Jan 05 '20 at 10:44
  • I see encoding does not help much since everything can be DumpSaved once the definition is loaded. However, I have a problem with DumpSave too. It is still human readable to some degree. In particular, every string and every used command is at least once stated in .mx in human readable form. I would like to hide at least specific strings (they are short, like 1 word). How can I do that?

    DumpSave does solve the problem with SetAttributes, but other system commands can still be changed in attempt to hack the package to work when it shouldn't. I don't see there can be anything done for this.

     – Schepy Jan 05 '20 at 13:48
  • @Szabolcs Is it possible to put dump file on Wolfram Cloud? I needs to be readable using WM v10.2 and newer. Do I have to generate dump file using v10.2 so it can be read using all versions from 10.2 to 12.0 and future releases? – Schepy Jan 05 '20 at 18:39
  • Re your second comment, 1st Q: I expect yes, but you should try it. 2nd Q: I believe so. Anyway, if you want 10.2-compatibility, you really should test with 10.2 (instead of just hoping that it works), so you do need access to 10.2. – Szabolcs Jan 05 '20 at 22:51
  • I have found the solution (kind-of). I have put all "secret" strings in separate API (execute only rights) in the cloud and the rest of the code is dump-saved (read only rights). This is generally high enough protection for me. Also, I confirm dump-save can be put into the cloud. – Schepy Jan 23 '20 at 20:30

0 Answers0