2009/8/1 Brian Brian.Mingus@colorado.edu:
On Sat, Aug 1, 2009 at 1:07 PM, David Gerard dgerard@gmail.com wrote:
2009/8/1 Brian Brian.Mingus@colorado.edu:
And of course, you can just ship them the binaries!
Trusted clients are impossible. Particularly for prrotecting against lulz-seekers.
Impossible? That's hyperbole.
No, it's mathematically accurate. There is NO SUCH THING as a trusted client. It's the same problem as DRM and security by obscurity.
http://en.wikipedia.org/wiki/Trusted_client http://en.wikipedia.org/wiki/Security_by_obscurity
Never trust the client. Ever, ever, ever. If you have a working model that relies on a trusted client you're fucked already.
Basically, if you want to distribute binaries to reduce hackability ... it won't work and you might as well be distributing source. Security by obscurity just isn't.
- d.