i'm newbie in FTP connection programming in Cocoa. I found 2 library that i can choose for make my app, but i dont know what's the best between these libraries. The libraries are libcurl and chilkat . The problem is what benefit of each library? Did somebody compare it? or maybe can anyone tell me about your experience? Thank you
I don't have any experience with chilkat, but I can tell yout that libcurl is used in a lot of programming languages and is available on a lot of systems. In for example PHP or on a Mac curl is a great tool to use.
So I would advice libcurl if it's available on your platform. You will probably find more information about curl and it has proven itself on many other platforms.
Also interesting if you want to go with curl is curlhandle. It's a cocoa wrapper around the curl library. Probably very handy in your case, but I've no experience with it.
I can tell you that the difference between libcurl and chilkat is like this: (though you probably know by now)
Chilkat is like the chess game you buy at the store and libcurl is like the plastic in liquid form you buy that you can make any chess piece with.
Libcurl is a slightly abstracted sockets-connector and Chilkat handles everything you'd do, up to a certain amount, with that connection. You're either staring at bits or something "made those bits into an email". I'm about to buy Chilkat for some of the libs, I like the features, but at the same time I wish I had time to read the RFC's and play with the other stuff using libcurl. Anywho, hope that answer is worth something to someone.
Because this question is still ranking high on google i give you my experience.
I bought chilkat in 2015 and moved to libcurl later and my own implementation much later. Both are far from perfect. libcurl just shows it's age and some weak designs.
libCurl is an library that tries to implement all URL able protocols even if they are designed as stream protocol like FTP. Do yourself a favour and only use it with HTTP/HTTPS. It just does the transfer part. Which is not enough for handling. You would love to see at least mime and charset routines to use the downloaded files.
Chilkat is a toplevel library that tries to give you as much highlevel access as possible. It uses background threads in script languages where it is not easy to use. The problem is that the API is terrible, very little documented and total failure when you want to write a quality program. For example it returns requests as a string. There is no way for stream processing. Now imagine you download a large GB iso file, you wont be happy. It can return as a file but then you have to specify this at the begin of a request when you don't knwo the download size.
Also the code quality until proven otherwise is bad. There are a few chilkat source code snippets in the wild which you can find via google and they are pure madness. Ok we don't know how this old code has been refactored now. But it leaves a bad taste, remember this is closed source and there is not a single mention about corner cases, which protocol is implemented, which feature of protocols are implemented and so on. You are using a total black box.
Also it does not allow high performance and high value code. I used it to write a web crawler and it was much much slower then libcurl.
I later used the HTTP and SSH compoenents to automate some server/client management scripts and there it shines. You know both sides and can just test if they work together and don't get any surprises. Then it is indeed easy and better then using the broken python or ruby SSH.
But if you ever contact with another unknown server, Chilkat is not your library.
Related
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
iPhone/iPad App Code Obfuscation - Is it Possible? Worth it?
I have spent a lot of time on this and I couldn't able to find a perfect answer. That's why I decided to put my question here. I have an iPhone application and want to encrypt the code to prevent from class-dump or otool utilities. (Tools used to dump out the headers from executable). I would like to know is there any way to encrypt the source code or obfuscate the source code?
It's a lot more complicated than it might seem initially. Any tool that mangles method names has the potential to fudge up:
KVC compliance
The use of dynamically generated selectors
Nib file compatibility
Protocol conformance
Method inheritance
Obfuscation is just another layer to deal with; often obfuscation is easily reversed. It is not really possible to “encrypt” your classes because the Objective-C runtime and Cocoa framework won't know how to decrypt it. Anyone determined enough will eventually figure out how your program works.
Actually you can provide some obfuscation and tamper protection with specialist 3rd party tools. There are 2 companies, I know of, that provide tools or services to do this : Arxan and irDato.
Neither are cheap or accessible to small developers but if you are developing for a large corporation then you should consider them.
Obfuscation is done by mangling code paths and adding redundant instructions so as to confuse anybody trying to reverse engineer the code. Tamper protection is done by adding checksums to the code and embedding checksum checks within functions. You can create a network of interdependent checksums that makes it extremely difficult to bypass them. There are a few other things that can be done but you really need to talk to specialists in this area.
Further to the earlier answer, Apple does not encrypt the binaries but just signs them. It is fairly easy to reverse engineer and modify app binaries on a jailbroken device.
Apparently, according to this answer Apple encrypts iPhone binaries as a matter of course for all iPhone apps.
I'd stop worrying about it.
Where can I find the code for creating an online rebol console like the one here ?
http://tryrebol.esperconsultancy.nl/
Update: for the sandbox system on the server, can't Rebol manage it itself with some security wrapper and its security options ?
As for console itself, I don't know Ruby so I don't want to use TryRuby and why would I need it ? Can't I mimic Rebol console itself by "remoting" it somehow ? Why RT or Esper Consultancy can't make an opensource version ? There's no value in keeping it closed source. Rebol needs to prove it's more open than in the past.
In my opinion, you should aim higher with something like the already open-sourced Try Ruby. You'd type in expressions and it would guide you. Their showcase site is at tryruby.org and is fairly slick.
I modified TryRuby to work with Rebol and it wound up looking like this:
But I'm not going to run it on my server because I didn't want to belabor the necessary sandboxing/etc. or protections against someone running an infinite loop. I can give you what I've got so far if you want it.
I started a tutorial script here that no one seemed interested in helping me with, so I wandered off to other tasks:
http://www.rebol.net/wiki/Interactive_tutorial_script
I'm not sure what exactly you want. You mention you want a remote REBOL shell instead of a tutoring setup, but that's what the Try REBOL site is. There are several reasons it's not open source:
It's in heavy development. I'm currently changing the code regularly.
So it's not in a release state. Preparing it for release, documenting and publishing it would take a lot of extra work, as with most projects.
It's written in my CMS that's also in heavy development. Even if the Try REBOL site were open source, it wouldn't run. The CMS is not planned to be open sourced soon.
It's not meant as a generic REBOL remoting tool, but as a one-off demo site. If that site is running, what's the use of more of them?
As others have answered, there are many generic solutions for remoting that you could use. Also, most parts of the Try REBOL site are readily available as open source:
Syllable Server, produced and published by us.
The Cheyenne web server.
The HTML source of the web client can be viewed, including my simple JavaScript command service bus.
Syllable Server is an essential part of the site, as the sandboxing is not done with REBOL facilities (except some extra limits in the R3 backend), but with standard Linux facilities.
A truly air tight (do I mean silica tight?) sandbox is close to impossible with R2.
R3 (still in alpha) is looking a lot more promising. The deep technical discussions in flight right now (see Cure code and AltME/REBOL3 Proposals regarding unwinds and protect and even occasionally mentioning sandboxes should lead to an excellent sandbox capability.
Right now, the big advance R3 has that makes Kaj's tryREBOL possible is R3's secure policy settings which make it possible (with some careful wrapper code) to construct an alpha/demo sandbox.
To answer your precise question("where can I find code...", you could try asking Kaj for his :)
I'm new to StackOverflow. I'm not sure if this is going to end up as a reply to your comment, or as a new answer.
The somewhat common idea that any project can be open sourced and contributed to by others is a naive view. In the case of my Try REBOL site, it makes no sense. It's not just in heavy development; it's written in a CMS that's also in heavy development. Basically noone could contribute to it at this point, because I'm the only one who knows my CMS. Or in any case its newest features, which I develop by developing Try REBOL, and other example sites. So developing Try REBOL means developing the CMS at the same time, and by definition, I'm the only one who can do that.
More generally, my projects are bleeding edge, innovative technology with a strong vision. The vision is mine, and to teach it to others, I have to build it to show how I intended it to work. So there's a catch 22: to enable others to contribute, I have to finish my projects first, because people typically don't understand them until I show them how they work.
There certainly are other projects where mass contribution makes more sense. Still, only the top projects get the contributors. We found that out the hard way. We created Syllable Desktop and Syllable Server with surrounding infrastructure for contributions. These are fairly classic, well understood operating systems that many people could work on in parallel. However, despite years of begging, we get very few contributions.
So, if you feel a burning need to contribute to our projects, please pick one of the many tasks in Syllable to execute. :-)
This question is maybe somehow inspired with Anyone using Python for embedded projects?; so anyone using some Scheme version or Common Lisp (like ECL) for free/oss/commercial projects?
Personally, I used (and still using) TinyScheme for personal projects where some embedded language is needed, mostly due extremely easy embedding (sorry Python lovers, been there and that is quite painful, especially after I learned from TinyScheme how things can be simple).
The most prominent project I remember hearing about is (Gambit) Scheme on the iPhone. It was shut down by the user agreement for a while but I suppose with the new one, this kind of development is allowed again.
I don't see it on the page any more, but I remember a related blog post about interactive development on the iPhone using Scheme. Very exciting.
I have written a program in vb.net 2008 (using .net 3.5). It's a decent size program. One part of this program is to access an online database and encrypt/decrypt files. To access db I use a hardcoded password. To encrypt/decrypt files I used a hardcoded key. No matter what I do I would need to hardcode one of the two things at least. For example: even if I store database password in an encrypted file I would need to hardcode key to decrypt it. Or vice versa.
So after doing some thinking I figured that I need to obfuscate my code so that at least these hardcoded elements/values wont be visible easily. Infact to test, I used a program to disassemble my program. And to my amazement, it showed me every line of code in my program. I felt as if my entire code is pasted in my exe.
Thus I need to obfuscate my code. See I do not need too advanced settings. My program is not among the top shareware programs or super popular that I need very high security. But I need enough security so that my basic code, variables and sensitive information (password etc) is not visible.
Please help me choose a good obfuscator which will do the job. It should not be too tedious to use and should be sufficient for me. Plus it should be trusted and secure. I mean I don't want my application to crash or be unstable after I obfuscate it.
I have downloaded trial of .net reactor from Ezriz and it seems to be fine. What do you guys suggest? I cannot affort something over $200. So is this product worth going for. You guys know better.
Thank you for your support.
Cheers,
Saurabh
Obfuscation cannot solve this problem. An attacker can change his hosts file to redirect the domain name to a database he controls. When you login he will get the username/password.
Another attack would be to use a debugger like ollydbg to obtain the username/password in memory. The username/password must be in clear text prior to use, and an attacker will be able to find it.
Security Through Obscurity will never work. You will never be able to control the client.
A better approach is to setup a a SOAP (WCF) server to abstract your database operations. The logic for building the queries must be server side. Assume that an attacker has full access to any functions you expose via SOAP.
I use Eziriz .NET Reactor for a while now and it works great for me. I used Eazfuscator before but it wasn't really powerful.
.Net Reactor has awesome features such as Anti ILDASM and Native Exe file generation. Also it'll fit your budget. You can use Trial before purchasing it and test if it works with your scenario.
You should strongly consider Babel .net obfuscator. In my opinion even though it is a console application it is by far the best for price, licensing (not locked to a single computer) and features.
I use Eazfuscator:http://www.foss.kharkov.ua/g1/projects/eazfuscator/dotnet/Default.aspx
It powerful and it's free. Wonderful tool extremely simple to use.
I've just finished a library in Objective-C that I compiled as a Static Library for distribution.
I'd wanted to know what chances to get this decompiled are out there.
Do you know any software that can do this?
If so, how could I protect me better?
EDIT: My static lib is made for iPhone / ARM
I created an algorithm that depending on the some parameters of the app, it can run as demo or as full code. You init the object with X variables and unlock the full version. I was wondering if they'll be able to see this algorithm so they can create a key generator.
If it executes, it can be decompiled. Objective-C is particularly easy to decompile into readable code thanks to its dynamic features. If you want to make things a little bit harder, you could write most of your code in plain C and strip the executable — which of course has the tradeoff of making your application design harder to manage. But be honest with yourself: If somebody wants to crack your code, you are not going to be able to stop them. Crackers have practically unlimited amounts of time and enthusiasm and will actually be excited by any novel efforts you put in to stop them. Nobody has yet made uncrackable software, and the biggest corporations in the world have tried. You're not going to do better than them, especially if you need to ask about it on Stack Overflow.
Take the time that you would have put into thwarting decompilation and use it to make your product better — that will have a much better ROI.
It's not clear what you are trying to protect yourself from. Yes, it can be reverse engineered. The simplest tool is otool, part of the standard developer distribution:
otool -tV <library>
From that they run up to things like IDA Pro, which has iPhone support and is very nice for this kind of work. In between, I'm really surprised that I haven't seen a rework of otx for iPhone/ARM yet. I wouldn't be surprised to see one show up eventually. And of course there's gdb if you're trying to work out how things flow and what the data is at various points.
If you have more details about what you're trying to protect yourself from, there may be some targeted answers. Beyond that, read Chuck's comments.
ChanceGetsDecompiled = ExpectedGainFromBeingDecompiled / PopularityOfLibrary
Well if you REALLY want to know I would try decompiling it your self. You don't say if this is for PPC, Intel, or ARM which makes a difference. Here is a decompiler for Intel
i386 Decompiler
I don't know what you could do (I don't think there is much) to limit this. Code can always be reverse engineered. Be happy that your not using java or .net. Their decompilation is so nice.