Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uunet!munnari.oz.au!bruce!monu1!com217v
From: com217v@monu1.cc.monash.oz (Mr. S Dart)
Newsgroups: comp.dcom.lans
Subject: Re: Read without Copy
Summary: File protection mechanisms
Message-ID: <1900@monu1.cc.monash.oz>
Date: 11 Jan 90 19:31:24 GMT
References: <852@gator.usl.edu>
Organization: Monash Uni. Computer Centre, Australia
Lines: 34

In article <852@gator.usl.edu>, pcb@gator.usl.edu (Peter C. Bahrs) writes:
>    IS there a way to allow a user to execute a program without being
>    able to copy it?
> We have  software binaries (C compiler, windows sdk, dbase4 ...) for
> educational use but do not want the students to be able to copy the binaries.

The use of the NOVELL specific file attribute EXECUTE ONLY is just one tool
available to you to protect software from unlicenced distribution. 

Others are :-
	1. Captive login scripts.
	2. Licence specific usercodes (without passwords or mail write privs)
	3. Re assignment of COMSPEC environment variable
	4. File flags in combination with directories without user mod privs.

There are probably quite a few more. It seems that every time someone asks
me to install some new piece of software, I find that there is yet another
commercial developer who believes that LANS are not important. (eg:- They
require arround 550k just to load, and want to write onto the directory
that they were loaded from).

Some traps are :-
	1. .EXE files that contain overlays. To load the overlay you must
	be able to read the file. EXECUTE ONLY will cause it to die at the
	first overlay load time. (Actually COMMAND.COM fits this group)
	2. Software that check for the presence of particular files by
	opening them. Some even open them read/write, or at least try to.
	(Don't trust any software that does this, you will be vunerable to
	trojan horses).

Just remember, DOS isn't perfect and there is more than one way to 
"skin a cat". Good luck.

Stephen Dart, Monash University Computer Centre, Clayton, AUSTRALIA.