[ic] Encrypting IC pages on server?

Jeff Dafoe interchange-users@icdevgroup.org
Wed Oct 2 00:33:00 2002


> Actually this project was braught about just because of that, and it will
be
> impossible to circumvent the encryption code.

    It is certainly impossible to make it impossible to circumvent the
encryption code.  You can make it impossible to break the encryption, but
thats irrelevant when you can just modify IC to write out the templates
after they are decrypted internally.  Since the templates will have to be
decrypted at some point inside of IC, and IC is written in perl, I think
it's safe to assume that modifying IC in this manner would not be all that
difficult and this would result in circumvention of the encryption.  I
suspect you have mangled versions of some of the IC modules to try to combat
this.  This is not too difficult to circumvent either, in light of the fact
that you only have to understand what is going on enough to find out where
the files are being parsed and at what point decryption is occurring.  Once
you get the decrypted templates out, just download a normal version of IC,
and then plug in the templates and go.
    This is assuming that the templates represent a significant enough
development effort that the functionality couldn't be easily
reverse-engineered just by visiting the site that uses the templates.  If
your templates represented that great of an asset, I suspect clients would
retain you just based on your familiarity with them and the IC system, much
like the role the IC core developers fill for the rest of us.

Jeff