[portland] Protecting Intellectual Property In Python Applications
mccredie at gmail.com
Thu Jan 21 19:47:47 CET 2010
On Thu, Jan 21, 2010 at 9:15 AM, Rich Shepard <rshepard at appl-ecosys.com> wrote:
> Python is an interpreted scripting language with outstanding mathematical
> libraries and a great UI development tool in wxPython. Unlike complied
> languages such as C the underlying code is visible to everyone who looks at
> it. This is a problem when the application is unique and proprietary.
> Consider the context. Suppose you wrote an application that analyzed -- in
> real time -- a commercial building's energy use and made adjustments that
> saved 50% of the energy formerly consumed. You want to sell this application
> to building owners and managers but you don't want actual or potential
> competitors to appropriate your intellectual property that figuring out the
> energy savings represents. It's your business, your ideas, and your
> potential source of financial independence. How would you protect the
> underlying source code from being mis-used by a potential competitor when
> you sold your application to clients?
> My situation is analogous and I don't want to start over by re-writing
> everything in C. Your suggestions and recommendations are wanted.
You don't have to rewrite _everything_ in C. You could just rewrite
the core algorithm as a .pyd that can be loaded by your python code.
You can also write a plain dll/so that you can could call using
ctypes. You coud even create a COM object if you are using Windows
(load with comtypes or pywin32).
That being said, I work on a similar project and we use a tool
(developed in house) that is similar to py2exe for packaging up our
product into an executable. That only gets you part of the way since
the executable still contains the byte code. We also protect ourselves
via licensing. Additionally have an obfuscation step. We don't try to
obfuscate the algorithm, but we do scramble the names of some of the
variables. We have a very specific reason for obfuscating the names of
these variables, and it probably doesn't make sense in most cases.
More information about the Portland