More on Protecting Source Code

David LeBlanc whisper at oz.net
Tue Sep 17 03:31:49 EDT 2002 

> > Python may be easy to use, but if it's also easy to steal
> software written
> > in it, that's an impediment to it's being widely used in commercial
> > products, especially shrink-wrapped products. Perhaps that's a
> reason why
> > there seems to be so few commercial products in Python, beyond
> those that
> > are fairly closely licensed and/or have substantial parts of the app
> written
> > in C/C++.
>
> but if you're worried about protecting your IP, then wouldn't your package
> be under a closed license?
>
> > I suppose one solution is to modify the Python interpreter with
> different
> > op-codes and that ought to make it somewhat painful for the average
> hacker.
> > A better solution is to make a .pyc file approximately as hard
> as a binary
> > .exe file to decompile - however that could be done.
>
> From what I've read of that thread, the gist of it was
>
> "once its released, a determined person can, to some extent get your code"
>
> and
>
> "Security through obscurity is no security against a determined attacker"
>
> So, someone who is willing to hacka nd hack and hack away at your
> code, can
> get at it, and this is true for things coded in assembler, C, Python or
> Befunge. Most people aren't determined attackers, they're simply
> Joe Average
> who needs to get a  job done.
>
> An operating system is a complex beast, compiled into machine
> code its even
> more complex, how many people out there are using an unlicensed copy of
> Windows or Office? they didn't decompile, that would take skill, they just
> copied it bit for bit and posted the registration key.
>
> Do a very very simple risk analysis. Who is your target audience, what is
> the price of your software, will people bother going through your
> bytecode,
> or will they just post the registration key to a website? Will stolen
> software lead to a loss in revenue - or will those pirate users be people
> who would never have bought it in the first place? (yes, the pirate users
> are annoying, and you would feel ripped off, but OTOH you haven't lost
> money, and you've gained a bunch of users)
>
> Steven

Well, I think of it this way: machine coded binaries are more like a 128 bit
key and Python is more like a 40 bit key. I agree that nothing is safe from
reverse engineering; it's a matter of how much pain and money it takes to
unscrut the inscrutable. Python could do better - how I'm not totally sure.

Dave LeBlanc
Seattle, WA USA

More information about the Python-list mailing list