Page 5 of 5 FirstFirst 12345
Results 81 to 84 of 84
  1. #81  
    Quote Originally Posted by hparsons View Post
    An added aspect to all of this is the fact that the Pre is a client and a server. There are already server side applications (Java and PHP) being run on the Pre.
    The only thing that makes the server side aspect more secure is that the code is stored AND RUN on a remote server and the client has no access to it. Once the code is available (even in a compiled form) on the client's machine it becomes open season. However, running all your business logic on a remote server requires your app requires an internet connection at all times which is not always ideal on the phone.

    The reason C++ and the likes cannot be decompiled with ease is because there is no one set way to compile a C++ application into machine code, every compiler (and version of each compiler) does it slightly differently and thus you have to know exactly how it was built to decompile it.

    However, code for .net is compiled into byte code based on a specific specification, and thus is why any .net application is pretty trivial to decompile back into source code. That is why professional developers end up using obsuficators (sp?) for C# applications even when they end up compiled. This is the same case for Java.

    That is why implementing a byte code language to compile the javascript into (which isn't exactly easy) is pointless (in regards to security), because once the byte code format is found out (which it will), people will generate tools to decompile it, and now your code is no longer secure.

    It's not rocket science here. Javascript is secure on the web browser only because it does not handle actual business logic and instead sends queries to the server to perform that logic (and thus it is totally hidden from the client). On a phone without internet access, for your code to work it must be 100% on the client, and thus is viewable no matter what form it is in.
  2. #82  
    Quote Originally Posted by KallDrexx View Post
    The only thing that makes the server side aspect more secure is that the code is stored AND RUN on a remote server and the client has no access to it. Once the code is available (even in a compiled form) on the client's machine it becomes open season. However, running all your business logic on a remote server requires your app requires an internet connection at all times which is not always ideal on the phone.
    ...
    If running the app remotely is the model chosen, the data can be stored in temporary databases on the the Pre for continued access; however, that is not what I am discussing.

    I understand completely the objections that are being given. What I don't think some of you are understanding is my point. All of these types of objections existed in the past, and were overcome to one degree or another. There are those that will say this platform is is not now, nor ever will be, able to have developers write for it. There are others that will (and already are) writing for it. In the meantime, the tools and capabilities will improve.

    All the FUD and naysaying in the world (I suspect) will not stop it. Guess the next few months will show it one way or another.
  3. #83  
    Sorry, I didn't mean to point the finger at you. I actually agree that it is being put out of proportion and the pre will still have many commercial developers for it, if only for the reason that the app market isn't saturated and is easier to get noticed in. Users will find a way around it.

    I was merely trying to refute everyone's idea that it's trivial for Palm to develop a mechanism to secure code as it is a complex problem that no one has solved (thus why pirates get around DRM in software all the time without batting an eye). Hell, most of the jailbroken iphone apps that use libraries and code that aren't allowed by apple were found out by looking at the current applications.
  4. #84  
    Here's the thing - there's always going to be people trying to get software for free, no matter how good your protection method is.

    Now I realize that having the source viewable makes it a little easier to do that... but the fact of the matter is most users won't bother with getting to the terminal to be able to do that. I mean, it's simple to do as it is, and people have no interest in doing so even for the simplest hacks, instead wanting them to be supported by webOS Quick Install.

    For a lot of people needing to 'root' the Pre is enough of a deterrent that it's not going to happen. Sure, there will be some people who will still pirate the software and download it for free, but no matter what you do, that's going to happen.

    As for other developers stealing code in chunks, it'll be pretty obvious to anyone who does compare the source code, and Palm will have this killswitch as already mentioned.

    I have to say though that having everything be viewable is a great thing for a new developer trying to learn how to do things. While I don't plan on really doing much more development on the future, it was a huge help to be able to look at others' code and see why their function to do the same thing was working and mine was not. I learned quite a bit more just by reading other applications source than I did from reading the webOS book- and that's without stealing code, or doing anything else with it.
Page 5 of 5 FirstFirst 12345

Posting Permissions