7 Jan
2010
7 Jan
'10
5:47 p.m.
On Thursday 07 January 2010, Alex Balashov wrote:
Hi Alex,
one option to hide the configuration script would be to create a bundle of the
binary and the cfg, and then encrypt this with some key. During startup this
files are decrypted and then the server run with the cfg in memory.
I think similar packing methods are done from some viruses. But even in this
case an sufficient motivated attacker could just read the cfg from the RAM, if
its not removed after loading. And then of course there is always the option
to read the compiled form created from the lexer from RAM and decompile it
manually. And of course the key is also somehow present in the bundle, if you
don't store it in some sort of protected hardware entity..
Cheers,
Henning
Daniel,
isn't the configuration somehow compiled into internal format?
Would it be possible to do the "compilation" on another server and
provide only a binary file which represents the internal structure of
the configuration?
It just uses a lexer. I don't think the internal parse tree and/or
other data structures associated with that process can really be
serialised/deserialised in the manner of some sort of "bytecode."