I am writing an app installer with appleccript. The installer has sensitive information contained in it.
Can a read only applescript be opened and hacked?
Hello.
I admit to never having tried to open and read the AS bytecodes from a run only script, but I do encourage you to do so.
If I were you, I’d hash the sensitive information, (a la the rot13) algorithm, and let the user enter his product code, that unhashes the sensitive information, (makes it readable).
That way, nothing is stored that can be extracted, without the users code, and you can use that code as a seed for sha or some other utility residing on your and the users machine. (ssl).
Thanks McUsrII
The usre does not interact with the installer. the installer stores sensitive info. Can the read only applescript be opened and thus read. I have looked in the package contents and the main.scpt is gobblydeegook. I have have tried pasting that back in another empty app without read only checked only to find that the app runs as normal but becomes read only.
Hello.
Take a look in your inbox
McUsrII Respect!
Forget the respect.
It is just that there may be people who has trusted run only scripts for storing information that they’d rather not disclose. I should have taken it offline a while before, but just message me about the subject if there is anything more you wonder about.
I feel obliged to tell anybody who is in the belief that you strings of clear text that are compiled into a run-only script, that you can believe in church.
If you are using a run-only script to protect information, then it must be entered with a strong encryption into the script, and the user in the other end must use something that are classifed as a strong password, to enter as a seed, to make ssl decrypt it with the sha-1 algorithm. Something looking like 8 characters, or a user name, just won’t do it, as there are no pause after 3 trials here, which means that some malevolent person, can permute over a large set of characters in zip time, to break your users seed.
So take precautions if your data are sensitive.