FAQ 3.21 How can I hide the source for my Perl program?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

This message is one of several periodic postings to comp.lang.perl.misc
intended to make it easier for perl programmers to find answers to
common questions. The core of this message represents an excerpt
from the documentation provided with Perl.


3.21: How can I hide the source for my Perl program?

    Delete it. :-) Seriously, there are a number of (mostly unsatisfactory)
    solutions with varying levels of ``security''.

    First of all, however, you *can't* take away read permission, because
    the source code has to be readable in order to be compiled and
    interpreted. (That doesn't mean that a CGI script's source is readable
    by people on the web, though--only by people with access to the
    filesystem.) So you have to leave the permissions at the socially
    friendly 0755 level.

    Some people regard this as a security problem. If your program does
    insecure things and relies on people not knowing how to exploit those
    insecurities, it is not secure. It is often possible for someone to
    determine the insecure things and exploit them without viewing the
    source. Security through obscurity, the name for hiding your bugs
    instead of fixing them, is little security indeed.

    You can try using encryption via source filters (Starting from Perl 5.8
    the Filter::Simple and Filter::Util::Call modules are included in the
    standard distribution), but any decent programmer will be able to
    decrypt it. You can try using the byte code compiler and interpreter
    described below, but the curious might still be able to de-compile it.
    You can try using the native-code compiler described below, but crackers
    might be able to disassemble it. These pose varying degrees of
    difficulty to people wanting to get at your code, but none can
    definitively conceal it (true of every language, not just Perl).

    It is very easy to recover the source of Perl programs. You simply feed
    the program to the perl interpreter and use the modules in the B::
    hierarchy. The B::Deparse module should be able to defeat most attempts
    to hide source. Again, this is not unique to Perl.

    If you're concerned about people profiting from your code, then the
    bottom line is that nothing but a restrictive license will give you
    legal security. License your software and pepper it with threatening
    statements like ``This is unpublished proprietary software of XYZ Corp.
    Your access to it does not give you permission to use it blah blah
    blah.'' We are not lawyers, of course, so you should see a lawyer if you
    want to be sure your license's wording will stand up in court.


Documents such as this have been called "Answers to Frequently
Asked Questions" or FAQ for short.  They represent an important
part of the Usenet tradition.  They serve to reduce the volume of
redundant traffic on a news group by providing quality answers to
questions that keep coming up.

If you are some how irritated by seeing these postings you are free
to ignore them or add the sender to your killfile.  If you find
errors or other problems with these postings please send corrections
or comments to the posting email address or to the maintainers as
directed in the perlfaq manual page.

Note that the FAQ text posted by this server may have been modified
from that distributed in the stable Perl release.  It may have been
edited to reflect the additions, changes and corrections provided
by respondents, reviewers, and critics to previous postings of
these FAQ. Complete text of these FAQ are available on request.

The perlfaq manual page contains the following copyright notice.


    Copyright (c) 1997-2002 Tom Christiansen and Nathan
    Torkington, and other contributors as noted. All rights

This posting is provided in the hope that it will be useful but
does not represent a commitment or contract of any kind on the part
of the contributers, authors or their agents.

Site Timeline