[portland] Protecting Intellectual Property In Python Applications

Lennon Day-Reynolds rcoder at gmail.com
Thu Jan 21 19:36:18 CET 2010

On Thu, Jan 21, 2010 at 9:15 AM, Rich Shepard <rshepard at appl-ecosys.com> wrote:
> [...] You want to sell this application
> to building owners and managers but you don't want actual or potential
> competitors to appropriate your intellectual property that figuring out the
> energy savings represents. It's your business, your ideas, and your
> potential source of financial independence. How would you protect the
> underlying source code from being mis-used by a potential competitor when
> you sold your application to clients?
>  My situation is analogous and I don't want to start over by re-writing
> everything in C. Your suggestions and recommendations are wanted.

There are a few options. If you're willing to limit distribution to
only Windows systems, you can use py2exe to create a standalone
"binary" that at least conceals the Python source code. As others have
suggested, a bytecode-only archive will also frustrate casual attempts
at copying your code.

Unfortunately, no copy protection or obfuscation scheme is going to do
more than keep the honest folks honest -- in a DRM arms race, you can
pretty much guarantee that the would-be reverse engineers will
eventually win. Given time and motivation, someone will figure out how
to disassemble your obfuscated code, or simply attach a debugger to
the running program and trace the Python VM calls it uses.

As an alternative, have you considered simply attaching some language
to your licensing agreement that forbids reverse engineering and
redistribution? If you're offering a useful product that honestly
saves people money (and offering support and services along with it)
why should they balk at paying you a fair price for a license, or risk
legal consequences by giving it away to others? From your example, it
doesn't sound like you're going to be dealing with the typical
software pirates (college kids cracking their Photoshop torrents,

Furthermore, if you really need it to protect yourself from
competitors, patent some useful, novel piece of your implementation.
Then you don't have protection *only* for the Python source code --
you can actually go after folks who rip off your core algorithms and

In short, DRM is no substitute for a reasonable business model. Just
ask the recording industry. Provide something people want, and stay
ahead of pirates by keeping your customers happy.

Lennon Day-Reynolds <rcoder at gmail.com>

More information about the Portland mailing list