More on Protecting Source Code

Lothar Scholz llothar at
Tue Sep 17 11:26:22 EDT 2002

On Tue, 17 Sep 2002 14:50:39 +1000, in comp.lang.python you wrote:

>"Security through obscurity is no security against a determined attacker"
>So, someone who is willing to hacka nd hack and hack away at your code, can
>get at it, and this is true for things coded in assembler, C, Python or
>Befunge. Most people aren't determined attackers, they're simply Joe Average
>who needs to get a  job done.

And some of them must count the time it takes to crack the program vs
the money they need to buy it.

>Do a very very simple risk analysis. Who is your target audience, what is
>the price of your software, will people bother going through your bytecode,
>or will they just post the registration key to a website? Will stolen
>software lead to a loss in revenue - or will those pirate users be people
>who would never have bought it in the first place? (yes, the pirate users
>are annoying, and you would feel ripped off, but OTOH you haven't lost
>money, and you've gained a bunch of users)

Your comment here is language independent.a

The main problem comes with stealling the intellectual properties (for
the few programs where you can say 'intellectual'). This is the
difference between python and compiled languages like Eiffel.
I agree that this problem is the main reason for so less commerical
python applications.

But it could be changed easily if the core python developer would see
this problem as relevant as commerical users. But at the moment they
don't see the point. Thats the problem.

Until this changed i would recommend using Armadillo and embedd your
python source code inside a C binary wrapper. Armadillo
encrypt/decrypt memory pages that are not in use so its a to hard for
95% of all attackers.

More information about the Python-list mailing list