Script Only Stack Protection

hrcap · Post by **hrcap** » Sun Apr 05, 2020 2:25 pm

Hi All

Hopefully everyone is managing to enjoy the sunshine.

My App uses script only stacks, when I build the app as a standalone the script only stacks can be found with the package contents by:

- Right click on app
- Select show package contents
- click on contents
- click on resources folder
- click on _MacOS folder
- here are the script only stacks

The script only stacks (SOS) are then viewable and modifiable by the end user which is very undesirable as they can then adjust the SOS's to make the app behave in a malicious manne.

Is there a way to prevent this?

Many Thanks

richmond62 · Post by **richmond62** » Sun Apr 05, 2020 2:36 pm

Presumably, if you are NOT using the Community version you
can set passwords for each stack in the standalone settings stack.

If you are using the Community version it is time to rob the bank.

jacque · Post by **jacque** » Sun Apr 05, 2020 5:47 pm

Script only stacks are just text files so don't support passwords or any other properties.

Unless you need to use git or some other versioning system, there's little need for script only stacks. They can be normal stacks which do support passwords, or you can put the script into a hidden button and insert it into back as needed. That way there are no extra files anywhere and users will have no access.

richmond62 · Post by **richmond62** » Sun Apr 05, 2020 5:48 pm

Presumably you can also make LiveCode stacks that are 1 x 1pixel and password protected?

bogs · Post by **bogs** » Sun Apr 05, 2020 6:57 pm

There are actually a lot of ways to hide an open stack, off the top of my head for instance, setting it's visible to 'false' would certainly do it, alternately, putting a .png picture on it that is all invisible would do it, or setting its blendlevel to 99 or 100 would do it.

I suspect though, that even as small as a 1x1 pixel stack would be seen by some, unless it happened to match the color of whatever was behind it.

richmond62 · Post by **richmond62** » Sun Apr 05, 2020 7:06 pm

bogs wrote: ↑
Sun Apr 05, 2020 6:57 pm
I suspect though, that even as small as a 1x1 pixel stack would be seen by some, unless it happened to match the color of whatever was behind it.

The first thing I'm going to do after this, ultimately farcical, lockdown ends, if the Big-C doesn't get me,
is get an eye-test and some new spectacles: had these last ones for 4 years and it is either them or my eyes . . .

hrcap · Post by **hrcap** » Sun Apr 05, 2020 7:11 pm

Hi All

Thank you very much for the feedback so far. The Script Only Stacks are text files and don't actually open as a viewable stack. They instead sit in the resources file of the standalone and the app references to them.

My problem is that the user if so inclined could navigate to the resources file and edit these text files.

(Jacque: the app will end up at a stage where there is a team working on it and as such SOS's will likely be preferred as it will allow for version control)

Many Thanks

richmond62 · Post by **richmond62** » Sun Apr 05, 2020 7:27 pm

Even if you don't read all my "shit", (err, possibly remove the quotes), LOOK at the text in red.

About a million years ago I did a Master's degree at a knocking-shop "University" in Scotland, where the lectures were slightly
sub the level of what I learnt at school when I was 13-14 . . .

Notwithstanding this, I did my M.A. thesis using what was, at that time, called Runtime Revolution, and is now called 'LiveCode.'

At that point the licence for RunRev was mind-bogglingly expensive, but there was a way to use the thing for free, as long as one stuck to a 10 line maximum of code in each object.

Now my project was comparatively complex (for the time) and involved quite a bit of code, so, to get round this I had scripts in endless numbers
of fields that referenced each other is "do fld "123x" " sort of statements.

Since then I have learnt about the 'joys' of custom properties; these are marvellous things as you can use them rather like bottomless pits into which you can chuck anything and everything.

So, having an invisible object on a card that has a custom property that contains a mile-and-a-half of code is a very good way to hide stuff but stlll allow it to be "gettable-at" by people involved in what, to my mind is a big, big shibboleth, collaborative coding.

FourthWorld · Post by **FourthWorld** » Sun Apr 05, 2020 7:30 pm

I believe the latest Standalone Builder has an option to import SoS into the binary stack file, no?

richmond62 · Post by **richmond62** » Sun Apr 05, 2020 8:00 pm

-
Where?

hrcap · Post by **hrcap** » Sun Apr 05, 2020 8:20 pm

Hi Richmond

Thank you for your input so far. I have Livecode Indy already and assume you are referring the 'Encrypt' option within the standalone builder. This may work for stacks but does not work for the text file script only stacks.

Surely there must be a way to protect script only stacks or Livecode wouldn't have bothered allowing their use?

ForthWorld: I am now downloading the latest version to have a look for this option as I definitely can't see it on version 9.5.1.

Many Thanks

hrcap · Post by **hrcap** » Sun Apr 05, 2020 9:52 pm

As far as I can see Livecode Version 9.6.0 dp3 doesn't have an option to include SOS's in the binary, unless I am missing something?

LiveCode Forums.

Script Only Stack Protection

Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection

Re: Script Only Stack Protection