[erlang-questions] Stand Alone Erlang or Equivalent

Vlad Dumitrescu vladdu55@REDACTED
Thu Sep 6 09:16:28 CEST 2007


On 9/6/07, Benjamin Tolputt <bjt@REDACTED> wrote:
> Vlad Dumitrescu wrote:
> > Why would beam files more securely protected if packed in a zip
> > archive as compared to unpacked in a directory?
> It is not so much "securing" the beam files from people as to stop them
> "replacing" the beam files easily. In an encrypted zip (or better yet,
> appended to a protected executable) the "core" beam files used at the
> "low level" of Erlang can be protected from "easy" replacement by casual
> users.
> > There is already a mechanism to encrypt the debug_info data that might
> > be included in the beam files. I suppose it would be relatively easy
> > to do the same with the actual beam code and decrypt at load time.
> This is talking about something completely different. I am not
> particularly worried about the byte-code being readable. It is more
> about making it hard for them to be changed (which I realize is somewhat
> the opposite of an Erlang advantage we all like).

Erm, if the byte-code is encrypted, how would you replace a beam file with a
different one without breaking the encryption?

If the encryption is broken, then it feels about just as easy to replace a
file in the file system or in a zip archive.

One could also use separate schemes to ensure it's difficult to tamper with
data, like for example storing the MD5 signature of files somewhere.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20070906/40815b18/attachment.htm>

More information about the erlang-questions mailing list