[R] Protecting R code
marchywka at hotmail.com
Mon Jul 4 19:11:17 CEST 2011
Put it on rapache or otherwise server but this seems like a waste depending on what you are doing
Server side is only good way but making c++ may be interesting test
Sent from my Verizon Wireless BlackBerry
From: Vaishali Sadaphal <vaishali.sadaphal at tcs.com>
Date: Mon, 4 Jul 2011 16:48:13
To: <spencer.graves at prodsyse.com>
Cc: <r-help at r-project.org>; <b.rowlingson at lancaster.ac.uk>
Subject: Re: [R] Protecting R code
Thank you so much for quick replies.
Looks like translation to C/C++ is the only robust option. Do you think
there exists any ready-made R to C translator?
Vaishali Paithankar Sadaphal
Tata Consultancy Services
Mailto: vaishali.sadaphal at tcs.com
Experience certainty. IT Services
Spencer Graves <spencer.graves at prodsyse.com>
Barry Rowlingson <b.rowlingson at lancaster.ac.uk>
Vaishali Sadaphal <vaishali.sadaphal at tcs.com>, r-help at r-project.org
07/04/2011 08:42 PM
Re: [R] Protecting R code
On 7/4/2011 7:41 AM, Barry Rowlingson wrote:
> On Mon, Jul 4, 2011 at 8:47 AM, Vaishali Sadaphal
> <vaishali.sadaphal at tcs.com> wrote:
>> Hi All,
>> I need to give my R code to my client to use. I would like to protect
>> logic/algorithms that have been coded in R. This means that I would not
>> like anyone to be able to read the code.
> At some point the R code has to be run. Which means it has to be
> read by an interpreter that can handle R code. Which means, unless you
> rewrite the interpreter, the R code must exist as such.
> Even if you could compile R into C code into machine code and
> distribute a .exe file, its still possible in theory to
> reverse-engineer it and get something like the original back - the
> original logic if not the original names of the variables and
> You could rewrite the interpreter to only run encrypted, signed code
> that requires a decryption key, but you still have to give the user
> the decryption key at some point in order to get the plaintext code.
> Again, its an obfuscation problem of hiding the key somewhere, and
> hence is going to fail.
> It all depends on how much expense you want to go to in order to make
> the expense of circumventing your solution more than its worth. Tell
> me how much that is, and I will tell you the solution.
> For total security, you need to run the code on servers YOU
> control, and only give access via a network API. You can do this with
> RServe or any of the HTTP-based systems like Rapache.
An organization I know that encrypted R code started with making
it available only on their servers. This was maybe four years ago. I'm
not sure what they do now, but I think they have since lost their major
proponents of R internally and have probably translated all the code
they wanted to sell into a compiled language in a way that didn't
require R at all.
>  Except of course servers can be hacked or socially-engineered
> into. For total security, disconnect your machine from the network and
> from any power supply.
> R-help at r-project.org mailing list
> PLEASE do read the posting guide
> and provide commented, minimal, self-contained, reproducible code.
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
[[alternative HTML version deleted]]
R-help at r-project.org mailing list
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
More information about the R-help