contents
| 6.7 - Code privacy Starkits are particularly suited to Open Source projects - combining both source and executable into a single file that is easy to download and evaluate. Since Starkits are compressed the casual browser doesn't see the code, although it is relatively simple to unwrap them. But for commercial applications there are times when you want to hide code such as proprietary algorithms, or licensing schemes. Although there isn’t yet a standard mechanism yet to do the encryption or obsfucation, there are a number of approaches that people are using successfully to provide code privacy. One approach is to encrypt some of the Tcl scripts, and implement a command to decrypt them at run time. This would involve a small C extension that performs decryption and key management. This approach has been used in at least one commercial application with good success. But also note that you also have to be careful about other issues like the “send” command being used to introspect the application and view source. If you intend to implement such an extension it is worth looking at Critcl which allows you to embed C code in Tcl scripts and transparently compiles it for you. But perhaps the most practical solution is to distribute Tcl bytecodes - the intermediate “virtual instruction set” used by the Tcl interpreter. Mark Roseman (of CourseForum Technologies) and a few other people have been experimenting with this using the bytecode writing/loading facility from TclPro. The procomp command is used to generate bytecode files from Tcl source and this is stored in the Starkit VFS. At run time the tbcload command is used to load and run the bytecode files from within the VFS. Eventually there is likely to be a general solution based on this approach. | see also | ||||