[ale] source code
Mike Harrison
cluon at geeklabs.com
Sun Nov 14 19:05:31 EST 2010
On Sun, 14 Nov 2010, Terry Bailey wrote:
> If you are writing dynamic web pages using cgi and Perl, is there any
> way to set a flag so that the generated source code is not viewable?
If you mean so the generated HTML is not easily readable,
there are all kinds of schemes where encoded junk is delivered to a
browser and then a piece of JavaScript decodes it in the browser..
and you can usually use a web developer tool to see the plain text
HTML afterwards if plain "view source" doesn't work.
A lot of JavaScript is often "encoded" in one scheme or another,
and that is often a sign of hidden payloads or really bad things done in
code you don't want to see.
As for code on the server: You used to be able to "compile" perl,
but last time I tried it (a couple of years ago) that has been
depreciated. Besides, it did not work well in some cases.
I'm not sure what is currently available for Perl, but I am currently
using IonCube to encode/obfuscate some PHP. In my case it works better
than Zend's solution because it allows installing on a newer PHP version
then Zend's if you don't use the newer commands. It required a module
loaded on the server to decode it on the fly. Reportedly it's fairly
easy to "decode", but it allows me to deploy some code in a semi-hostile
environment where it keeps the young-turks from messing with it easily.
It's like keeping your door locked. Easy to bypass, but you can yell to
the authorities they broke in.
there are also bad things like:
http://liraz.org/obfus.html
and discussions like:
http://www.perlmonks.org/?node_id=832511
More information about the Ale
mailing list