12

I would like to know what types of protection they are using with the Github Enterprise (http://enterprise.github.com) solution. As I don't own a company that could potentially be buying it, I don't feel confortable to lie, just to get a copy and try to see it by myself.

But I'm really interested to know what kind of strategies they used to protect the code they deliver, as it potentially can be used by any other rails application.

This question is not "How to protect my Ruby Code", but how they protected and entire appliance with not just Ruby code but a lot more dependent services, running on an ubuntu linux server.

I have some theories that could help:

  • They could be using Ruby Encoder to protect the ruby code
  • They could be using TrueCrypt to create a special partition to install all the code and needed application and have created a special loader to somehow execute that code without giving read/write permission to any other user on the system.
Gabriel Mazetto
  • 1,090
  • 1
  • 12
  • 23
  • 1
    Here's a nice article that might shed some light over the topic: http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html – s3v3n Jan 08 '17 at 10:26

2 Answers2

7

They are currently using a modified RubyEncoder.

Source: I asked

Justin Case
  • 1,503
  • 11
  • 20
1

I don't know Ruby but they say:

Does the license include access to the source code?

No. Licenses cover the use of the software only. Modification and redistribution are not permitted.

It doesn't necessarily have to be protected using any technology, which can eventually be broken. You are singing a contract, if you do not follow the regulations in it, you may end up in court. I guess it's a matter of mutual trust.

Community
  • 1
  • 1
Tomasz Nurkiewicz
  • 334,321
  • 69
  • 703
  • 674
  • 1
    I partially agree with you where you say that a good contract could be enough, but it's not always a case of trusting each other, you could endup being hacked or anything that's out of your client's control and have your code leaked. As historically they delivered jruby code as a way to protect the source, and now they claim to deliver ruby mri compatible code, i guess they placed some sort of protection that is compatible with ruby mri. And that's what I want to know as it's more flexible way to deliver code in the same model they do. You also need to have a license file to be able to run. – Gabriel Mazetto Nov 04 '12 at 01:49