[Python-ideas] I have an encrypted python module format: .pye
Steven D'Aprano
steve at pearwood.info
Sun May 13 11:36:52 CEST 2012
Mike Meyer wrote:
> On Sat, 12 May 2012 13:13:59 -0400
> Brett Cannon <brett at python.org> wrote:
>
>> On Fri, May 11, 2012 at 6:27 PM, li wang <charlesw123456 at gmail.com> wrote:
>>> I want to use python in my product because I like and familiar with
>>> python for many years, but I won't let the customer to read and modify
>>> my code. So the best way is to encrypt my module .py to .pye.
>> Actually it's better to simply ship the .pyc/.pyo files and/or to minify
>> the code to make it unreadable. As everyone pointed out, the encryption you
>> are proposing won't stop anyone from reading your source, it will just make
>> it a little harder.
>
> I think it's worth explaining why just shipping the .pyc/.pyo files is
> "better".
>
> If it's not clear by now, a fancy encryption scheme won't protect your
> sources from someone who really wants to read them. On the other hand,
> shipping just the .pyc/.pyo files will stop casual browsing. The only
> real difference here is how much effort it takes to get the source. To
> carry Guido's analogy further, both lock your front door, one just
> uses a better lock. Neither will stop a determined burglar.
I think Guido's analogy is bogus and wrongly suggests that encrypting
applications just might work if you try hard enough. If we can lock the door
and keep strangers from peeking inside, why can't we encrypt apps and stop
people from peeking at the code? But the analogy doesn't follow. In the front
door example, untrusted people don't have a key and are forced to pick or
break the lock to get it. In the encryption example, untrusted people are
given the key (as an environment variable), then trusted not to use it to read
the source code!
(Possibly on the assumption that they don't realise they have the key, or that
using it manually is too difficult for them.)
Ultimately, on a computer the user controls, with a key they have access to,
they can bypass any encryption or security you install. That's why e.g. so
many forms of copy protection and digital restrictions software try to take
control away from the user, to some greater or lesser degree of success.
--
Steven
More information about the Python-ideas
mailing list