Is there a way to obfuscate channel code? I have written a channel and would like to encrypt the code before I share it with other for testing. As the code has some confidential information.
Is this possible with in the plex channel development ?
Please advise.
thanks
Ramesh
Hi Ramesh --
You can very likely obfuscate your code prior to releasing it, however there is no way to ensure it can't be... unobfuscated. Encryption posits a trust between two parties where the third would never have to see the unencrypted code. In this case, since the plugin would have to run on an untrusted machine, it would be fairly hard to ensure complete protection.
Not the answer you wanted, but does it help?
Hi Ramesh --
You can very likely obfuscate your code prior to releasing it, however there is no way to ensure it can't be... unobfuscated. Encryption posits a trust between two parties where the third would never have to see the unencrypted code. In this case, since the plugin would have to run on an untrusted machine, it would be fairly hard to ensure complete protection.
Not the answer you wanted, but does it help?
The code I am going to share are non-technical. They do not know any programming. But they know where to get the plugins from their machines. So I am not worried about unobfuscated. With in the channel I am doing some verification to work the plugin only on perticualr machines. This validation is done on web using XML. I do not want this to be visible to them.
So any thing that hides the code and loads the channel should be fine for me. I tried base64 encode, it did not help me.
thanks
Ramesh
What it really comes down to is that any control you have over the plugin has to come externally. That is, if the plugin will only "run" on certain machines, the only way to ensure that given the structure here is to withhold data crucial to the execution of your script remotely on a server you control.
You can then use some sort of system-unique code (one-time pseudo-random generation, hash of system-specific information, or whatever) for verification of identity to your external source, which then provides access to data on an as-needed basis.
This typically only works well when you have a resource that is constantly updated which is in great demand.
Note I'm attempting to avoid any philosophical discussion here. Whether or not this violates the spirit of the community is up to the reader.
What I can tell you is this -- any plugin that reaches out to an external source to download and run downloaded code must be protected against any sort of tampering, both in transit and while on the server. A plugin from an unknown source which performed this sort of action would be suspect, and is not likely something I would consider running (free or otherwise).
Hope this helps!
What it really comes down to is that any control you have over the plugin has to come externally. That is, if the plugin will only "run" on certain machines, the only way to ensure that given the structure here is to withhold data crucial to the execution of your script remotely on a server you control.
You can then use some sort of system-unique code (one-time pseudo-random generation, hash of system-specific information, or whatever) for verification of identity to your external source, which then provides access to data on an as-needed basis.
This typically only works well when you have a resource that is constantly updated which is in great demand.
Note I'm attempting to avoid any philosophical discussion here. Whether or not this violates the spirit of the community is up to the reader.
What I can tell you is this -- any plugin that reaches out to an external source to download and run downloaded code must be protected against any sort of tampering, both in transit and while on the server. A plugin from an unknown source which performed this sort of action would be suspect, and is not likely something I would consider running (free or otherwise).
Hope this helps!
I am not putting the source on external server. With in plugin code I am doing the verification using external source and it is working as expected. Now I would like to do now is hash the source and work it. So that when other view the code they do not find the url I am using for verification.
Can we do base64_encode of my code and load the plugin using base64_decode by passing the encoded string in Plex. If so any example available ?
thanks
Ramesh
Now I would like to do now is hash the source and work it. So that when other view the code they do not find the url I am using for verification.
Can we do base64_encode of my code and load the plugin using base64_decode by passing the encoded string in Plex. If so any example available ?
This is of no use :mellow:. Maybe we cannot directly see the source URL, but base64 encoding can easily be reversed. We can also easily watch the HTTP traffic and find the source URL there.
Some interesting reading on this subject: http://stackoverflow.com/questions/261638/how-do-i-protect-python-code
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
