HTML::Embperl - Building dynamic Websites with Perl
---------------------------------------------------
Copyright (c) 1997-2001 Gerald Richter / ecos gmbh
You may distribute under the terms of either the GNU General Public
License or the Artistic License, as specified in the Perl README file.
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
$Id$
Sourcecode encryption
=====================
Embperl has the possibility to use encrypted sourcefiles. This allows
to hide your code from curious people or make sure nobody can modify
your code.
To enable encrypted sourcefile, go to the crypto directory and edit
the epcrypto_config.h file. Here you can enable/disable encryption,
choose which algorithmus to use, the encryption key and whenever
Embperl should still work with unencrypted files. Make sure to use a
unique encryption key. Addtionaly OpenSSL must be already installed
on your system. Now install Embperl as usual, by running
perl Makefile.PL
make
make test
make install
To encrypt your source files go to the crypto directory and start the
epcrypto program. It takes a source and a destination filename. If you
are using Embperl 2.x, you have to specify the syntax the sourcefile
uses as third parameter, if it is any other then "Embperl".
IMPORTANT: Make sure to not distribute any files from the crypto
directory, because it contains the key. Anybody who
has access to the crypto directory, can decrypt your
sourcefiles.
The encrytion key is compiled into the binary, because
Embperl needs it to do the decryption, so anybody who
has access to the binary _and_ is able to disassemble
the binary code, will be able to retrieve the key.
So sourcecode encrytion can hide your source code
from most people, because it's hard to disasemble the binary
and get the key, but if anybody really wants your code
he will get it! To prevent this the key shouldn't be
compiled into the binary, but instead a C function
should be given, that could retrieve the key from a
save place, e.g. a smart card, even better would
be to do the decrytion directly on the smart card.