7

After hours of work trying to understand how much protection I can get when creating stand-alone CDF applications I have come to the decision that the best protection to my work is provided by creating packages which should be encrypted using Encode with a password, and protecting the functions in the package with the Protected, Locked, and ReadProtected attributes. This video clearly explains how to create such packages. If I'm right, then the best protection is provided to applications that are not full stand-alone as these packages need to be installed for the application to run (note that Needs is part of the code in the screen cast referenced above).

If I'm right, it is possible to create full stand-alone applications (not dependent on Needs) by removing the attributes previously mentioned but then the functions would easily be visible to users with enough knowledge and interest in my work.

In summary, I'm using Enterprise Mathematica trying to create a single-file stand-alone CDF and apparently that is not possible. Thus, my question is whether I'm right or not. Or, is it possible to create full stand-alone applications which protect functions with the Locked, Protected, ReadProtected attributes?

If the answer is no, then I think that we should vote here to call Wolfram's attention to help us use this excellent technology to build easy to install applications that don't put our work, our businesses, and our clients security on risk.

Ariel Sepulveda
  • 1,687
  • 10
  • 20
  • How would you like to provide the pass the password by the user? – Kuba May 29 '15 at 15:03
  • You should be able to DumpSave your code with encryption. I can imagine that you could then store the resulting code inside your CDF as strings, and convert it to .mx files dynamically to then use Get on them, and then possibly delete them. That assumes that enterprise CDF allows you to write to some writable directory. I haven't done this, so don't know if such procedure works or not. The advantage of .mx files is that when they are loaded, this process does not go through the top-level evaluator, so there is no way that one could intercept the loading using Block etc. – Leonid Shifrin May 29 '15 at 15:19
  • I don't think I'm following you. In case you are asking about password protecting my work, I could do that by a dynamic expression that checks the MachineID or LicenseID and asks the user to type a valid license key when the application is run on a new machine. The password used in the Encode would only work as a way of locking the code but the user shouldn't even know that the CDF depends on encrypted functions. Maybe I'm missing a key point. Could you rephrase or provide additional details? – Ariel Sepulveda May 29 '15 at 15:23
  • @LeonidShifrin: I don't think that DumpSave is platform-independent. – Ariel Sepulveda May 29 '15 at 15:24
  • @ArielSepulveda It is, since V10 (but still depends on bitness - 64 or 32 bits. But 32 bits can probably be ignored at this point). But even if you use older versions, I don't see a big problem here - you would just need to prepare several versions of the code for different platforms. – Leonid Shifrin May 29 '15 at 15:26
  • @ArielSepulveda Was your first reply to me or to Kuba? – Leonid Shifrin May 29 '15 at 15:28
  • @LeonidShifrin: You may be right but don't you think that it should be easier than that? If it is technologically possible, then I think that it should be included as part of the stand-alone creation process. – Ariel Sepulveda May 29 '15 at 15:31
  • My first comment was a reply to Kuba. – Ariel Sepulveda May 29 '15 at 15:33
  • @LeonidShifrin With a utility function to check if an encoded function is run from within a CDF you do not really need .mx files. So inspection of code in full Mathematica is impossible and I don't one can use LinkSnooper in CDF. – Rolf Mertig May 29 '15 at 16:34
  • @ArielSepulveda While I have generated standalone (even free) CDF files with encoded packages as strings embedded in a DynamicModule I like an encoded package setup on the file sytem more (easier to maintain and develop). What I have not tried yet is how to use the new Encrypt fearures for that. – Rolf Mertig May 29 '15 at 16:42
  • @RolfMertig Makes sense. I don't yet have much experience with this. You certainly know much more about this than me. – Leonid Shifrin May 29 '15 at 16:49
  • @LeonidShifrin I just played around a bit, never used anything in real life at a a customer yet. .mx files of course have the great advantage of loading fast Of course Ariel is right that all this should be automatic, or at least well documented. – Rolf Mertig May 29 '15 at 16:53
  • @RolfMertig & Leonid, there is also the fact that package will be evaluated and one could trick it with fancy Block usage. That's why I think .mx are better. – Kuba May 29 '15 at 16:54
  • @Kuba But how are you going to circumvent my utility function to Quit the kernel immediately if not evaluated from within WolframPlayer? – Rolf Mertig May 29 '15 at 17:11
  • @Kuba True, but now that Locked is Locked, it's harder to use the tricks :). But yes, I agree. I actually mentioned it in my comment. And now that mx format is cross - platform, things are even better in this regard. – Leonid Shifrin May 29 '15 at 22:39
  • Hi @LeonidShifrin, how do you do know that mx is cross-platform now? You've tried it and it works? Or is there something somewhere in the docs? The help details on DumpSave still says: "Files written by DumpSave can only be read on the same type of computer system on which they were written." and the help on .MX says: "MX files cannot be exchanged between different operating systems or versions of the Wolfram System." – Philip Maymin May 30 '15 at 02:46
  • @LeonidShifrin The problem is that you can probably prevent Locked from beeing set. – Kuba May 30 '15 at 06:25
  • @Kuba Indeed, that's possible. This needs a robust built-in solution, I agree. – Leonid Shifrin May 30 '15 at 12:22
  • @PhilipMaymin I didn't check personally, but I've been told about this by a few people I think I can trust. – Leonid Shifrin May 30 '15 at 12:24

0 Answers0