Re: [Nolug] Any way to have a program verify that it's running a legitimate version?

From: Techmaster <techmaster_at_gmail.com>
Date: Fri, 25 May 2007 20:43:56 -0500
Message-ID: <945e1c690705251843s744bc9bbk15c10a5fad109ab7@mail.gmail.com>

Unfortunately, with open source software, it's virtually impossible. You
will have to have all of the connection code in a closed-source, precompiled
library. As long as another server has full source code available, you
cannot trust it again. With open network standards this isn't an issue,
because those open standards have security implementations already, and if
you don't think something has enough security, there are plenty of other
alternatives available. If you write something from scratch to have
distributed tasks, you can make any code look emulate something else.

On 5/25/07, Elliott Seyler <rainrunner87@mailshack.com> wrote:
>
> I'm planning a rather crazy project to make a distributed server, and
> one of the problems I've come across in my initial planning is
> preventing people from connecting modified versions of the server. I
> want to prevent anything but a legitimate version from being part of the
> server network, to prevent collusion with the intent to reveal secure
> information or communication sent or stored within the network.
>
> The trouble is that I can't think of any reliable way to do this. Any
> suggestions you may have would be welcome.
>
> -Elliott
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
>

___________________
Nolug mailing list
nolug@nolug.org
Received on 05/25/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST