|
Boost : |
Subject: Re: [boost] [encrypted strings]
From: Edouard A. (edouard_at_[hidden])
Date: 2009-04-28 05:02:06
On Tue, 28 Apr 2009 09:54:29 +0100, "Phil Endecott"
<spam_from_boost_dev_at_[hidden]> wrote:
> You wrote in another message that "anyone unable to bypass the methods
> suggested would be unable to bypass a plain text target". I do not
> agree. An app that implements any trivial form of defense against this
> one cracking app will be safe from 99% of the crackers. Obfuscating
> the string test in the trivial defense will make it safe from the 99%
> of the rest and from the "next version" of the cracking app. The
> decision as to whether to expend the effort (or spend the money) to try
> to defend against the determined 0.001% who are left is up to the
> developer.
In the security business we say "you're secure if breaking the protection
is more expensive than the protected".
I don't know about the iPhone application but I would agree that a simple
security defence that protects against automated hacks is worth
implementing if its distributed cost (ie cost of the security measure per
application) is negligible.
However you need to realize that if your application is popular it will be
warezed, whatever you do. Spending too much money on protection is a waste.
You'll have more fun and make more money in spending that time on features.
-- EA
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk