Hey Mike,
Oooops, I forgot to reply to this one...
[snip] (created in another, more secure language) [snip],
There is no such thing as levels of secure between compiled languages.
They all have to abide by the same rules and produce a binary that is compatible with the operating system they'll run on.
What makes any programming secure or insecure is the element between the chair and the keyboard.
To be honest, if we're talking about "
security", Pascal is one of the most "
secure" languages on the market.
Why, you ask?
Well, let's see:
- It's a strong typed language, the opposite of many interpreted ones
- It has a managed string implementation, the opposite of C/C++ that produce most of the buffer overflows
- Since one if it's premises was to be close to a natural language(English) as possible, it's rather readable by nature
Rust is probably the most "
secure" one at the moment. It's a new language that's trying hard to not make the mistakes of the past. And it has good memory and string handling embedded.
But, the element between the chair and the keyboard can still make programs in these languages that are completely insecure.
Strong typing and good string handling is not a silver bullet!!
[snip] some kind of protected library. [snip]
I would like to know what you call a protected library.
Like I said about the binaries, also the dynamic libraries have to follow an established format so that any program can load them.
The only protection you get is the fact that a compiled anything does not decompile into the original code.
It does, nonetheless, disassemble into assembly, and with that you can recreate the original source with a bit of patience and know how.
So again, what is a protected library?
Since you can decompile a .dll fairly easily, we will be obsfucating and encrypting the compiled code and then
distributing it. So, yes, it is intended to be a locked library that clients can use without getting to the actual source code.
I would really like to know how you will be obfuscating and encrypting a dynamic library. If you do that, I'm afraid that you'll invalidate the established format that they have to be written on.
But let's say that you do obfuscate and/or encrypt said dynamic library, you then still have to provide, in each program that uses the dynamic library, the means(a key and the code to de-obfuscate/de-encrypt) to reverse that in order to be usable.
That means that you locked the door, but left the key on the lock. That pretty much invalidates the exercise, no?
The way you're looking at this security issue is rather naive. Just think, if all that techno-bable you said could be possible, don't you think that someone had done it before?
Ask around and find for yourself. There is no 100% guaranteed way of securing your code. Just less easy to do it.
Cheers,
Gus