tags:

views:

1474

answers:

8
+7  Q: 

Can you Distribute a Ruby on Rails Application without Source?

I'm wondering if it's possible to distribute a RoR app for production use without source code? I've seen this post on SO, but my situation is a little different. This would be an app administered by people with some clue, so I'm cool with still requiring an Apache/Mongrel/MySQL setup on the customer end. All I really want is for the source to be protected. Encoding seems a popular way to go for distributing PHP apps (eg: Helpspot).

I've found these potential solutions:

  • Zenobfuscate - not all types of Ruby code is supported however, so that counts that out
  • Ruby Encoder - may be the best option, as their PHP encoder looks alright (I haven't tried it however) but it's not available yet. I've used IONcube for PHP before and it worked well, but it doesn't seem that IONcube is interested yet.
  • Slingshot - it was mentioned in the other SO post, but it solves a different problem to mine and the source is still visible.
  • RubyScript2Exe - from the doco, it's not production ready, so that counts that out.

I've heard that potentially using JRuby and distributing bytecode might be a way to achieve this, but I've never used JRuby so I'm not sure what's involved.

Can anyone offer any ideas and/or known examples? Ideally I'd love to have some kind of automated build scenario as well.

+2  A: 

You can, but it wouldn't do anything to prevent somebody from reverse-engineering or modifying it. I remember there was an article about similar attempts to obfusticate Perl and how they could be effectively bypassed by a debugger and 5 minutes of effort.

John Millikin  2008-09-19 04:12:12
I don't think obfusticating perl is needed perl is obfusticated enough by itself...
Unkwntech  2008-09-19 04:15:40
Whatever solution it is, it's not as secure as not giving anyone the app. I'm just trying to figure out how to stick a hurdle as large as possible in front of anyone trying to get to the source. There is a small element of trust there as the customers have paid to use the software.
Dan Harper - Leopard CRM  2008-09-19 04:23:09
+2  A: 

If you can't wait for the delivery of RubyEncoder, then I think ZenObfuscate is the most promising. Though it may require some modifications to your source code, they do say this on their site:

ZenObfuscate costs $2500 for a site license or is individually negotiable for other licensing schemes. Yes, that is expensive. That was on purpose. But don't let that thwart you too much. If your product is really cool and we want to see it succeed, we'll make it work. "Really cool" is not freecell.

Of course, for $2500 (or more), you'd hope to get a few tweaks to the compiler that'd make your codebase fully supported. It might be worth engaging them in the conversation.

Pete  2008-09-19 04:35:42
I didn't notice that, thanks Pete, maybe it is worth talking to them about it.
Dan Harper - Leopard CRM  2008-09-19 04:40:38
+1  A: 

I'd spend less time and money on hiding/protecting your code & more time/money on getting customers.Customers beat code all day long.

 2008-09-19 05:43:40
-1 for not answering the question
George Jempty  2009-04-25 10:56:51
+1  A: 

Take a look at JumpBox.

I've had conversations with them on the topic, and they seem to have a solution that will work soon for Rails apps.

Subimage  2008-09-19 08:13:37
+5  A: 

If you release the source, obfuscated or otherwise, your app will be pirated. See, for example, Mint. It depends on what you're building, but you may find that you're better off releasing the app as a hybrid of sorts: A hosted app with a well-defined API, and a component that runs on the customer's server. As long as the true value of your product lives on the server side, you don't need to obfuscate your code, and you can just release the source code unmodified. Additionally, this may also give you the opportunity to reach clients running, say, PHP rather than Ruby. See, for example, Google Analytics, HopToad, Scout, etc, etc.

Bob Aman  2009-04-24 15:11:10
++ This is the new open/closed source world of the web application. It actually represents a really great scenario for developers - your application's value is in your service and execution, not necessarily in the code itself. You can enjoy both the freedom of open code and the benefits of limited supply.
guns  2009-04-25 10:03:01
-1 for not answering the question. This is not a question of architecture design, business models, or whether the app will be pirated or not.
Dan Harper - Leopard CRM  2009-04-26 08:13:48
I think that given there is no actual solution for this problem, and it is generally an inherently flawed approach, offering alternatives is quite reasonable.
Toby Hede  2009-04-27 04:34:08
A: 

You can also take a look at Mingle from ThoughtWorks studios as an example of using JRuby for this. It's a Ruby on Rails app, they run it using JRuby. They've customized jruby to load encrypted .rb files.

mfazekas  2009-04-25 09:46:46
+8  A: 

Your best option right now is to use JRuby. A little bit of background: My company (BitRock) works with many proprietary and commercial open source vendors. We help them package their server software, which is typically based on PHP, Java or Ruby together with a web server or application server (Apache, Tomcat), the language runtime and a database (typically Postgres, MySQL) into a self-contained, easy to use installer. We have a large number of PHP-based customers (including HelpSpot, which you mention) but also several Rails-based ones. In the case of the RoR customers the norm is to use JRuby together with Tomcat or Glassfish although in some cases we also bundle a native Ruby interpreter to run specific scripts that rely on libraries not yet ported to JRuby (usually not core to the application). JRuby has matured quickly and in many cases it actually runs their code faster than regular Ruby. You will need to also consider that although porting your code to JRuby is fairly straightforward, you will need to invest some time on that. You may want to check JRuby Stack which is a free installer of everything you need to get started. Good luck!

Daniel Lopez  2009-04-25 10:42:52
A: 

I'm wondering if you could just "compile" the ruby code into an executable using something like RubyScript2Exe ?

To be honest I haven't used it but it seems like it could be what you want, even if it just packages up the scripts with the interpreter into a single executable.

Daemin  2009-04-28 07:51:47

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?