[[Why it matters]]











[[Why Java, C, ... aren't really all that hot for security.]]










[[Distinguish [obfuscation] and full-blown encryption.]]





It '''is''' practical to deliver encrypted Tcl-coded applications.
[Steve Blinkhorn], for example, has written,
"Various of my [TclKit]-based projects are delivered using [blowfish]
encryption, with some extra attention given to the security of keys.
There's nothing especially difficult about doing this with single-file
[Starpack]s, and the actual encryption code is miniscule - I routinely
build [starkit]s with multiple versions of a mini-extension for various
platforms, with little impact on the overall size.   For instance, a
version of [tclhttpd] with some custom code (including encryption)
packaged up as a single-file executable with tclkit has 300Kbytes or
so to spare for a document tree and still fits on a 3.5" floppy, is in
live use now, doesn't crash and supports some quite complex
client-server transactions with a [MetaKit] database (the code for
which, of course, comes as part of the TclKit executable).

With a two-file (Starkit) solution, it is possible to update client
software on remote sites transparently, so far as the user is
concerned, and on a user-by-user basis, because the .kit file looks
to the executable like a [file system]."