Script compiling / encrypting? - Protocols

This is a discussion on Script compiling / encrypting? - Protocols ; Good afternoon, Is there any way that I can compile, encrypt, or hide Kermit scripting so that the end user does not see the code? Thanks, Matthiew...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Script compiling / encrypting?

  1. Script compiling / encrypting?

    Good afternoon,

    Is there any way that I can compile, encrypt, or hide Kermit scripting
    so that the end user does not see the code?

    Thanks,

    Matthiew


  2. Re: Script compiling / encrypting?

    On 2006-05-11, quertyq wrote:
    : Is there any way that I can compile, encrypt, or hide Kermit scripting
    : so that the end user does not see the code?
    :
    There is no Kermit script compiler. Encryption, of course, is a possibility
    but you would have to decrypt the script before use, which would require
    entry or storage of a key in the clear, which would defeat the purpose.

    In Unix, you might think you could give the script a "kerbang line" and
    execute-but-not-read permission, but this doesn't work because then Kermit
    itself can't read the script, just like what happens with shell scripts.

    Anyway, before Kermit can execute commands, it has to receive them in clear
    text. Even if the script itself were hidden from the user, it would still
    be possible to SET TAKE ECHO ON, SET MACRO ECHO ON, and/or LOG DEBUG to
    see the commands that are being executed.

    Offhand, the only solution I can think of would be to write the script as
    a macro and then build it into the Kermit binary itself (you can see some
    examples of predefined macros in ckuus5.c), then set the binary execute-only.
    And remove the SET MACRO ECHO ON and LOG DEBUG commands!

    Maybe if you explain why you don't want the user to see the code, another
    approach can be suggested.

    - Frank

  3. Re: Script compiling / encrypting?

    Hi Frank,

    I am writing a program for our company to do
    file transferrs on the user's computers, and an
    FTP server which is used by a controlling
    program on the user's computers. We would
    not want to use a shared file system because
    we do not want the users to have direct access
    to these files ... only controlled access through
    a program where they point & click. We can
    also control permissions at the server level.

    The program may have to be updated from time
    ( on the user's computers ) to time to change
    logins, passwords, source & target directories,
    etc. The only forseeable problem is how to
    conceal the code so that ambitious end users
    cannot open the source with an editor and "play".

    Since they use winxp, I'm at a loss on how to
    do this ( if it is even possible ).

    - Matt


  4. Re: Script compiling / encrypting?

    quertyq wrote:
    > Hi Frank,
    >
    > I am writing a program for our company to do
    > file transferrs on the user's computers, and an
    > FTP server which is used by a controlling
    > program on the user's computers. We would
    > not want to use a shared file system because
    > we do not want the users to have direct access
    > to these files ... only controlled access through
    > a program where they point & click. We can
    > also control permissions at the server level.
    >
    > The program may have to be updated from time
    > ( on the user's computers ) to time to change
    > logins, passwords, source & target directories,
    > etc. The only forseeable problem is how to
    > conceal the code so that ambitious end users
    > cannot open the source with an editor and "play".
    >
    > Since they use winxp, I'm at a loss on how to
    > do this ( if it is even possible ).
    >
    > - Matt


    If the program runs in the user's account, then the
    most you can do is obfuscate the information. If the
    program runs on the machine in a different account,
    such as that belonging to a service, then you can
    prevent the user's from being able to access the
    details such as login info, locations, etc.

    If you set things up properly, then you can even
    control the contents of the registry information for
    the service by using Active Directory Group Policy
    to push out changes to the machines.

    Personally, I would simply use a secure distributed
    file system and grant the user's access to the appropriate
    files on an as needed basis. If you need to change the
    locations, change the ACLs.

    Jeffrey Altman


  5. Re: Script compiling / encrypting?


    Jeffrey Altman wrote:
    > quertyq wrote:
    > > Hi Frank,
    > >
    > > I am writing a program for our company to do
    > > file transferrs on the user's computers, and an
    > > FTP server which is used by a controlling
    > > program on the user's computers. We would
    > > not want to use a shared file system because
    > > we do not want the users to have direct access
    > > to these files ... only controlled access through
    > > a program where they point & click. We can
    > > also control permissions at the server level.
    > >
    > > The program may have to be updated from time
    > > ( on the user's computers ) to time to change
    > > logins, passwords, source & target directories,
    > > etc. The only forseeable problem is how to
    > > conceal the code so that ambitious end users
    > > cannot open the source with an editor and "play".
    > >
    > > Since they use winxp, I'm at a loss on how to
    > > do this ( if it is even possible ).
    > >
    > > - Matt

    >
    > If the program runs in the user's account, then the
    > most you can do is obfuscate the information. If the
    > program runs on the machine in a different account,
    > such as that belonging to a service, then you can
    > prevent the user's from being able to access the
    > details such as login info, locations, etc.
    >
    > If you set things up properly, then you can even
    > control the contents of the registry information for
    > the service by using Active Directory Group Policy
    > to push out changes to the machines.
    >
    > Personally, I would simply use a secure distributed
    > file system and grant the user's access to the appropriate
    > files on an as needed basis. If you need to change the
    > locations, change the ACLs.
    >
    > Jeffrey Altman


    An alternate approach is to use a wrapper program which contains the
    Kermit script in binary form, or encripted if you must.
    Execute the kermit script by launching the wrapper which writes the
    script to a temporary file then uses it to run the kermit transfer then
    deletes the temporary file,
    always deletes the temporary file.
    Not a perfectly secure solution, but reasonably so.
    If updates are required, simply replace the wrapper.
    Regards...Dan.


+ Reply to Thread