Reputation: 2415
Can lua source files be obfuscated/encrypted while using it with Nginx HttpLuaModule? If yes then how?
I am using Lua to create a custom authentication layer for my backend services. Nginx is compiled with Lua module and LuaJIT. It works fine. I would like to do some encryption of tokens that I am serving back in those lua files and want that no one read the plain text source files. Can these lua source files be compiled into a binary or obfuscated/encrypted in such a way that Nginx's access_by_lua_file directive is still able to load these compiled files? I know this is not a full proof method but better then plain text.
Upvotes: 0
Views: 733
Answers (1)
Reputation: 4371
Lua strings are all present in the bytecode even in the absence of debugging info. Viewing a string stored in the code requires no motivation whatsoever.
$ luajit -be 'print("hello world")' hello.out
$ luajit hello.out
hello world
$ xxd hello.out
0000000: 1b4c 4a01 0229 0200 0200 0200 0434 0000 .LJ..).......4..
0000010: 0025 0101 003e 0002 0147 0001 0010 6865 .%...>...G....he
0000020: 6c6c 6f20 776f 726c 640a 7072 696e 7400 llo world.print.
$ luajit -bl hello.out
-- BYTECODE -- hello.out:0-0
0001 GGET 0 0 ; "print"
0002 KSTR 1 1 ; "hello world"
0003 CALL 0 1 2
0004 RET0 0 1
If your plan was to hide the encryption tokens within the bytecode, I would suggest first devising a reversible method to use an obfuscated version of them stored within the plain text of the source code (e.g. shuffle the characters, perform arithmetic on them, etc...)
Upvotes: 1
Related Questions
- How can I obfuscate a Lua program?
- Adding LUA module to nginx
- Running Lua in Nginx config?
- Using luac file on Nginx
- How can I compile nginx with lua?
- Can I modify inbuilt Nginx variable with Lua?
- Nginx + LUA, how to output file?
- Running Lua under nginx (writing a website with Lua)
- How to convert an hex string into ascii string in Lua
- Compile Lua scripts used on OpenResty