This post originated from an RSS feed registered with Agile Buzz
by James Robertson.
Original Post: Code Obfuscation - just Wrong
Feed Title: Cincom Smalltalk Blog - Smalltalk with Rants
Feed URL: http://www.cincomsmalltalk.com/rssBlog/rssBlogView.xml
Feed Description: James Robertson comments on Cincom Smalltalk, the Smalltalk development community, and IT trends and issues in general.
Julia Lerman talks about code obfuscation tools for .NET, and makes a point I have to disagree violently with:
I *know* that obfuscation is%A0 another level of security that we can all leverage. I *know* Microsoft has made it really easy by putting this 1Clite 1D (Community Edition) version into Visual Studio.NET. So, raising my hand, yet again as a typical developer - writing custom corporate applications that are not being put out in the market place - why have I never touched%A0 it, used it, thought about it?
yeah, security via obscurity has worked so well in the software industry. Access to sources helps - both in security terms, and in transparency terms (to developers). Obfuscating code just tells future developers that you don't care and want their job to be hard. Here's the point - no code is ever going to cover all possible use cases. Allowing other developers to extend and understand is a good thing. Final classes - bad. Final methods - bad. Code obfuscators - obnoxious.
This is one item that ought to bubble down to the bottom, and fast....