| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200507011818.j61II4FP011501@turing-police.cc.vt.edu> Date: Fri Jul 1 19:18:19 2005 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: plz suggest security for DLL functions On Fri, 01 Jul 2005 15:26:06 +0530, Gaurav Kumar said: > if it would have been so simpler, i wouldnt have asked it here, > the application design doesnt allow us to use the conventioal > loadlibray method. we need to export functions also and at the same > time protect from misuse. Give them a DLL that just tosses an RPC call to a secured server that you manage. In general, if it's (even potentially) in their address space, they can misuse it. So the only real solution making sure that your Secret Sauce code is on some other system where they can't find out it's just Miracle Whip and a shot of jalepenos.... Another, even better, idea is to give them a click-through EULA that contains a line of the form "misusing or reverse-engineerng our usage of jalepenos will result in a $MOBY surcharge and/or other legal action...." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050701/97beb3a0/attachment.bin
Powered by blists - more mailing lists