Creating Closed Source Apps
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller
-
- Posts: 50
- Joined: Sun Jun 30, 2013 1:43 am
- Location: Illinois
- Contact:
Creating Closed Source Apps
I have a commercial license so I presumably should be able to create "closed-source apps." I have some apps on the Android store but a buyer can download the app to their computer and view all my scripts using the Community version of LiveCode. What must I do to keep my source code closed and to prevent this from happening? I seem to be missing something really BIG.
Re: Creating Closed Source Apps
Hi physicsclassroom,
in the standalone builder settings "Stacks" select all your (sub-)stacks and check "Encrypt with password", see attachment.
Best
Klaus
in the standalone builder settings "Stacks" select all your (sub-)stacks and check "Encrypt with password", see attachment.
Best
Klaus
-
- Posts: 50
- Joined: Sun Jun 30, 2013 1:43 am
- Location: Illinois
- Contact:
Re: Creating Closed Source Apps
Hi Klaus,
That looks easy enough. However, there are two problems. First, when I open my main stack, it is greyed out in the stacks pane so that I am unable to select it and chose the Encrypt with password. Second, while I have several stacks included in the app bundle, all of them are included in the Copy Files tab. I think I remember there being a reason I did it this way but I'm not exactly sure I remember the reason as it was a decision I made about a year ago.
If I open the individual stacks included in the bundle, a few of them allow me to select Encrypt with Password in the Stand Alone App Settings. Others do not.
Any ideas as to why the option is greyed out? I just checked and I have a LiveCode Indy version good until 2017.
That looks easy enough. However, there are two problems. First, when I open my main stack, it is greyed out in the stacks pane so that I am unable to select it and chose the Encrypt with password. Second, while I have several stacks included in the app bundle, all of them are included in the Copy Files tab. I think I remember there being a reason I did it this way but I'm not exactly sure I remember the reason as it was a decision I made about a year ago.
If I open the individual stacks included in the bundle, a few of them allow me to select Encrypt with Password in the Stand Alone App Settings. Others do not.
Any ideas as to why the option is greyed out? I just checked and I have a LiveCode Indy version good until 2017.
-
- Posts: 746
- Joined: Sun Feb 04, 2007 11:01 pm
- Location: McKenna, WA
Re: Creating Closed Source Apps
Hi physicsclassroom,
If the standalone setting are set to either iOS or Android, Encrypt with password is greyed out.
If the standalone setting are set to either iOS or Android, Encrypt with password is greyed out.
Tom
MacBook Pro OS Mojave 10.14
MacBook Pro OS Mojave 10.14
-
- Posts: 50
- Joined: Sun Jun 30, 2013 1:43 am
- Location: Illinois
- Contact:
Re: Creating Closed Source Apps
Yep. That was it; once I change unchecked the iOS build button, I was able to password protect my main stack. Thank you.
Anyone know how to protect a stack that is included in the bundle but not part of the main stack?
Anyone know how to protect a stack that is included in the bundle but not part of the main stack?
-
- VIP Livecode Opensource Backer
- Posts: 9823
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: Creating Closed Source Apps
physicsclassroom wrote:Anyone know how to protect a stack that is included in the bundle but not part of the main stack?
Code: Select all
set the password of stack "stackname" to "password"
Code: Select all
set the passkey of stack "stackname" to "password"
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
- Posts: 50
- Joined: Sun Jun 30, 2013 1:43 am
- Location: Illinois
- Contact:
Re: Creating Closed Source Apps
Thanks Richard. Would these scripts go in an openStack handler?
-
- VIP Livecode Opensource Backer
- Posts: 9823
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: Creating Closed Source Apps
NEVER EMBED PASSWORDS FOR ANYTHING IN ANY SCRIPT IN ANY LANGUAGE ANYWHERE.physicsclassroom wrote:Thanks Richard. Would these scripts go in an openStack handler?
Pardon the all-caps, but now and then I see newcomers tempted to do that and it's a nasty security issue so easily avoided and so devastating when not. I've seen it in bash more than a few times, where the ill effects can be system-wide. Not sure how that becomes something people do, but hopefully we're all just a few more screaming all-caps messages on the Internet away from ending the practice forever.
I would just run those from the Message Box, or if you do it often perhaps from a plugin stack you can make for use in your own system. Setting the password only needs to be done once so it's probably not worth making a button to do that. As for passkey to edit scripts while I'm working, in some projects I have a substack that has utilities I use during development and in that I'll add a button with something like this so I can unlock everything in the stack file at once:
Code: Select all
on mouseUp
ask "Passkey for all stacks in this stack file:"
if it is empty then exit to top
put the mainstack of this stack into tMainStack
set the passkey of stack tMainStack to it
repeat for each line tSubstack in the substacks of stack tMainStack
set the passkey of stack tSubStack to it
end repeat
end mouseUp
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
- VIP Livecode Opensource Backer
- Posts: 3901
- Joined: Sat Mar 24, 2007 2:54 am
- Location: Palo Alto
Re: Creating Closed Source Apps
Scott Rossi showed me a cool way.
Have a totally separate stack somewhere on your drive with the passkey in a custom property.
Then in your openStack
I guess you could even just use a text file. Just keep your product stack far away from your passkey stack.
Simon
Have a totally separate stack somewhere on your drive with the passkey in a custom property.
Then in your openStack
Code: Select all
if there is a file "c:/user/blah/blah/myPasskey.livecode" then
set the passkey of this stack to the cPass of stack "c:/user/blah/blah/myPasskey.livecode"
Simon
I used to be a newbie but then I learned how to spell teh correctly and now I'm a noob!
-
- VIP Livecode Opensource Backer
- Posts: 2262
- Joined: Thu Feb 28, 2013 11:52 pm
- Location: Göttingen, DE
Re: Creating Closed Source Apps
To be complete, enlarge to: "either iOS or Android or HTML5"quailcreek wrote:If the standalone setting are set to either iOS or Android, Encrypt with password is greyed out.
shiftLock happens
-
- Posts: 50
- Joined: Sun Jun 30, 2013 1:43 am
- Location: Illinois
- Contact:
Re: Creating Closed Source Apps
.I would just run those from the Message Box, or if you do it often perhaps from a plugin stack you can make for use in your own system. Setting the password only needs to be done once so it's probably not worth making a button to do that
OK. So if I understand you correctly, the idea is to save the password to the stack during development and then the scripts of that stack becomes password protected forever or until the password is set to Empty. When the stack is saved with the stand-alone bundle, any Android user who extracts the stack from the bundle will not be able to look at any scripts of that stack without knowledge of the password. Is that the idea?
-
- VIP Livecode Opensource Backer
- Posts: 9823
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: Creating Closed Source Apps
Yep.physicsclassroom wrote: So if I understand you correctly, the idea is to save the password to the stack during development and then the scripts of that stack becomes password protected forever or until the password is set to Empty. When the stack is saved with the stand-alone bundle, any Android user who extracts the stack from the bundle will not be able to look at any scripts of that stack without knowledge of the password. Is that the idea?
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
- Posts: 50
- Joined: Sun Jun 30, 2013 1:43 am
- Location: Illinois
- Contact:
Re: Creating Closed Source Apps
Thanks to all. I'm feel confident I can improve the security of my apps.
Re: Creating Closed Source Apps
Hi
Thanks in advance
Kim
Many months ago I set a password for my (Indy License) iOS & Android standalones using LC7. I've now subsequently installed LC8. As noted above - the Standalone App Settings > Stacks tabs with the password is now greyed out. Are my iOS & Android standalones password protected or not?quailcreek wrote:Hi physicsclassroom,
If the standalone setting are set to either iOS or Android, Encrypt with password is greyed out.
Thanks in advance
Kim
Re: Creating Closed Source Apps
I think there is still a problem that frustrates the passkey method:
- You create a Standalone that opens a password protected stack.
- On opening the stack, your script "set the passkey of stack xx to "password" (because of how it works, copying things etc, your stack scripts needs to be unlocked in order to function).
In order to steal your password protected script, I can:
- open your stack in LC (may be after setting the lock messages to false)
- add a group with the following script:
On OpenControl
put the script of this stack into tPath
end OpenControl
- save the stack
The next time I run the Standalone, the "protected" script will be saved to tPath !
So, as Andy Piddock cleverly wrote in this other post (Encryption for file vs Standalone App) the only solution is to keep password protection during most of the operation, then momentarily remove the password for operations that don't work with the password protection.
I wish there was a way to block the opening of a stack from the IDE: in this way nobody could add malicious scripts to a stack.
Trevix
- You create a Standalone that opens a password protected stack.
- On opening the stack, your script "set the passkey of stack xx to "password" (because of how it works, copying things etc, your stack scripts needs to be unlocked in order to function).
In order to steal your password protected script, I can:
- open your stack in LC (may be after setting the lock messages to false)
- add a group with the following script:
On OpenControl
put the script of this stack into tPath
end OpenControl
- save the stack
The next time I run the Standalone, the "protected" script will be saved to tPath !
So, as Andy Piddock cleverly wrote in this other post (Encryption for file vs Standalone App) the only solution is to keep password protection during most of the operation, then momentarily remove the password for operations that don't work with the password protection.
I wish there was a way to block the opening of a stack from the IDE: in this way nobody could add malicious scripts to a stack.
Trevix
Trevix
OSX 14.3.1 xCode 15 LC 10 DP7 iOS 15> Android 7>
OSX 14.3.1 xCode 15 LC 10 DP7 iOS 15> Android 7>